DNS rebinding attack without CORS against local network web applications. Explore the topic further and see how it can be used to exploit vulnerabilities in the real-world.

Learn how to effectively prioritize alerts using severity (CVSS), exploitation likelihood (EPSS), and repository properties, so you can focus on the most critical vulnerabilities first.

Security should be native to your workflow, not a painful separate process.

Starting today, security campaigns are generally available for all GitHub Advanced Security and GitHub Code Security customers—helping organizations take control of their security debt and manage risk by unlocking collaboration between developers and security teams.

What is CORS and how can a CORS misconfiguration lead to security issues? In this blog post, we’ll describe some common CORS issues as well as how you can find and fix them.

Every minute, GitHub blocks several secrets with push protection—but secret leaks still remain one of the most common causes of security incidents. Learn how GitHub is making it easier to protect yourself from exposed secrets, including today’s launches of standalone Secret Protection, org-wide scanning, and better access for teams of all sizes.

In the last few months, we secured 75+ GitHub Actions workflows in open source projects, disclosing 90+ different vulnerabilities. Out of this research we produced new support for workflows in CodeQL, empowering you to secure yours.

In practice, shifting left has been more about shifting the burden rather than the ability. But AI is bringing its promise closer to reality. Here’s how.

The GitHub Security Lab teamed up with Ekoparty once again to create some challenges for its yearly Capture the Flag competition!

Learn about how we run a scalable vulnerability management program built on top of GitHub.

Improve your GitHub Action’s security posture by securing your source repository, protecting your maintainers, and making it easy to report security incidents.

Learn how teams can leverage the power of GitHub Advanced Security’s code scanning and GitHub Actions to integrate the right security testing tools at the right time.

GitHub now tells you whether GitHub tokens found by secret scanning are active so you can prioritize and escalate remediation efforts.

GitHub now allows you to track any leaked secrets in your public repository, for free. With secret scanning alerts, you can track and action on leaked secrets directly within GitHub.

AppSec expert Niroshan Rajadurai says putting developers at the center of everything will enable you to meet your security goals.