Jacob Kaplan-Moss

Series: Articles for r2c

Articles I’ve written for r2c, a security startup I consult for. They’re building semgrep, a code search tool that understands Python syntax (and many other languages).

R2C pays me to write these articles for their blog, and gives me permission to cross-post them here.

Articles for r2c: Bringing Security along on the CI/CD journey January 11th, 2021

Practical ways to bridge the gap between AppSec and Engineering.

Articles for r2c: Not all attacks are equal: understanding and preventing DoS in web applications September 11th, 2020

Denial-of-Service (DoS) vulnerabilities are common, but teams frequently disagree on how to treat them. The risk can be difficult to analyze: I’ve seen development teams argue for weeks over how to handle a DoS vector. This article tries to cut through those arguments. It provides a framework for engineering and application security teams to think about denial-of-service risk, breaks down DoS vulnerabilities into high-, medium-, and low-risk classes, and has recommendations for mitigations at each layer.

Articles for r2c: Preventing SQL Injection in Django May 15th, 2020

SQL Injection (SQLi) is one of the most dangerous classes of web vulnerabilities. Thankfully, it’s becoming increasingly rare — thanks mostly to increasing use of database abstraction layers like Django’s ORM — but where it occurs it can be devastating. This article will help you understand and prevent SQLi vulnerabilities in your Django apps.