Semgrep is an incredible static analysis engine that can be used for finding bugs, detecting vulnerabilities and even for enforcing code standards. Semgrep is a Swiss army knife for static code analysis.

Log Injection is an attack that has been known to everyone for years. Despite the fact that any application can record logs from user input, for too long many of us had forgotten about the dangers. But the recently discovered vulnerabilities concerning log4j2 have reminded us of the importance of preventing log injection attacks. This article describes one concrete way - albeit not the only way - to prevent log injection attacks in a Spring Boot application using Logback.

When you develop an Angular application, you will come to a point where you need to serve it on localhost over HTTPS. This is often the case if you need to interact with an identity provider such as Facebook, Auth0, … And by the way, testing locally with HTTPS could be useful to detect mixed content issues that can break a production HTTPS website.

Improving load time is crucial for the success of your application. One way to reduce this load time is to optimize the CSS loading but it is quite tricky, because CSS files are render-blocking. This means that the browser must download and parse these files before starting to render the web page.