Ming Yi Ang
Ming is a security researcher who is passionate about building security automation tools to aid the discovery of various security issues. Through the discovery from the tools, he has since made contributions to various open-source projects by responsibly disclosing the vulnerability findings he encounters from his research.
Stay up to date on Application Security
- September 4, 2019 | By Ming Yi Ang
Sightings of malicious packages on popular open source repositories (such as npm and RubyGems) have become increasingly common: just this year, there have been several reported incidents. This method of attack is frighteningly effective given the widespread reach of popular packages, so we've…Read Article
- October 17, 2017 | By Ming Yi Ang
We have long had a thesis that when free open-source software projects are forked into commercial versions, then the free open-source version no longer gets the same subsequent level of security updates as the commercial version. Phrased into a question, are the free versions of open-source core…Read Article
- May 24, 2017 | By Ming Yi Ang
For the last few weeks, we all got our ears torn out by story after story of WannaCry this, WannaCry that. Yet, not long ago, there was a similar exploit - Cisco 0-Day, CVE-2017-3881 - whose impact could have caused a similar outcry had it been more successful. We highlight the initial similarities…Read Article
- March 20, 2017 | By Ming Yi Ang
Four weeks ago, we blogged about the issue with Rails' built-in anti-CSRF mechanism, protect_from_forgery, where we calculated that over 50,000 Ruby developers were impacted by Cross-site Request Forgery (CSRF) attacks. Recap The default configuration for Rails' ActionController::Base does not…Read Article
- February 22, 2017 | By Ming Yi Ang
There's been some buzz recently about protect_from_forgery, Rails' built-in anti-CSRF mechanism, and how it's not secure by default. Having found, evaluated, disclosed, and tried to fix issues with it in the past, we decided to perform a thorough evaluation of how severe the problem was. A slice of…Read Article
- January 16, 2017 | By Ming Yi Ang
According to a blog post made on 18f, it is a standard to ensure all federal websites and web services to serve only via secured connections (HTTPS). Yet in its recent study, about 6.1% of the domains do not have HTTPS enabled. Package managers have, in the past, deprecate certain commands/features…Read Article
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.