Tag: security

A Proposed Evaluation Framework for MCP Server Security

How do you securely integrate a new MCP Server into Cursor or other agentic workflows? what security practices do you consider to evaluate the risks?
Oct 7, 2025 ~ 4 min read
ai
mcp
security
Evaluation Framework for MCP Security Threats and Risks

How to evaluate and categorize security threats and risks associated with Model Code Protocol (MCP) in light of recent security incidents.
Oct 5, 2025 ~ 6 min read
ai
MCP
security
The Cursor Agentic Jira MCP Attack Explained with Toxic Flow Analysis

A breakdown of the Cursor + Jira MCP 0-Click attack, how it was exploited, and why developers are at the center of it all. Understanding MCPs, Toxic Flows, and the implications for AI-assisted coding environments.
Oct 3, 2025 ~ 4 min read
ai
MCP
security
Secure Your MCP Servers with Environment Variable Risk Assessment

Learn how to enhance the security of your MCP server configurations by using the latest `ls-mcp` tool to detect and categorize credential risks in environment variables.
Sep 9, 2025 ~ 3 min read
mcp
security
environment variables
A Proposed MCP Server Security Evaluation Framework

With great MCP power comes great MCP responsibility and you should be prepared to evaluate the security of your MCP server implementation and MCP adoption in your AI agents.
Sep 1, 2025 ~ 4 min read
mcp
security
ai
model context protocol
Plan, Don't Execute: Agentic Workflows in Zero Trust Environments

How zero-trust environments can leverage AI agents and agentic workflows without compromising security and trust.
Aug 19, 2025 ~ 3 min read
ai
security
Poor Express Authentication Patterns in Node.js and How to Avoid Them

Tired of seeing poor authentication patterns in Node.js applications and Express code examples? Here's a guide on how to avoid them and what to do instead
May 3, 2024 ~ 5 min read
nodejs
express
authentication
security
Disclosing a local file inclusion vulnerability in xmlhttprequest library

I found a Local File Inclusion (LFI) security vulnerability in xmlhttprequest library but it's still unfixed.
Apr 27, 2023 ~ 2 min read
security
vulnerability
advisory
cve
xmlhttprequest
local-file-inclusion
lfi
Disclosing uncontrolled resource consumption in xmlhttprequest library

proof-of-concept showing a denial of service vulnerability in a Node.js web server if it uses the xmlhttprequest library to make outgoing HTTP requests
Apr 16, 2023 ~ 3 min read
security
vulnerability
advisory
cve
xmlhttprequest
denial of service
dos
uncontrolled resource consumption
Prevent clickjacking on Drupal and other Apache web applications

Updating Apache server configuration to use mod_headers to prevent clickjacking security issues
Mar 12, 2015 ~ 1 min read
security
http
clickjacking
Apache Obfuscation by disabling trace and server tokens

Preventative measures to mitigate leaking the server software running
Mar 9, 2015 ~ 1 min read
security
Reviewing book – Learning Pentesting for Android Devices

Getting started with penetration testing for Android devices
May 8, 2014 ~ 2 min read
pentesting
security
android
writing
Advanced Poll 6.x versions – XSS Vulnerability

Disclosing a Cross-site Scripting vulnerability in the Advanced Poll module for Drupal.
Oct 28, 2013 ~ 1 min read
drupal
security
xss
bugbounty
daloRADIUS operators handling change

RBAC, ACLs, operators, groups, and other access control related changes in daloRADIUS
May 9, 2010 ~ 1 min read
daloradius
security
auth
nessus3 install issue on ubuntu

how to fix Nessus3 and its missing dependency
Jul 14, 2006 ~ 1 min read
nessus
security
pentesting
linux
ubuntu
MythEmail Plugin

MythEmail plugin for the glorious MythTV all-around streamer and home media entertainment system
Jul 10, 2006 ~ 1 min read
nessus
security
pentesting
linux
ubuntu