SDLC security Archives - Krishna Gupta

2024 CWE Top 25 Most Dangerous Software Weaknesses: Use of Hard-coded Credentials (CWE-798)

27 March 2025 by Krishna

Hard-coded credentials refer to embedding authentication information such as usernames, passwords, API keys, or cryptographic keys directly into the source code. Developers might do this for convenience, testing, or quick deployment. However, these credentials often remain in production, creating vulnerabilities.

Understanding CWE-79: Cross-Site Scripting (XSS) in 2024 – A Strategic Guide for Software Architects and C-Suite Executives

6 March 2025 by Krishna

At its core, XSS exploits the trust a user places in a web application. By manipulating input fields, URLs, or other interactive elements, attackers can introduce scripts that execute commands, steal sensitive information, or alter website functionality.