Update README.md

Author: sahildari

Path Manipulation/README.md

@@ -1,5 +1,7 @@
 # Path Manipulation 
 
+I have written a detailed blog for Path Manipulation, you can check it [here](https://sahildari.medium.com/sast-series-part-1-a7cf18df0022)
+
 ## Definition as per OWASP
 **Path Manipulation** attack also known as **Path Traversal** attack, aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files. It should be noted that access to files is limited by system operational access control (such as in the case of locked or in-use files on the Microsoft Windows operating system).
 

Privacy Violation - Heap Inspection/README.md

@@ -1,5 +1,7 @@
 # Privacy Violation: Heap Inspection
 
+I have written a detailed blog for Privacy Violation: Heap Inspection, you can check it [here](https://sahildari.medium.com/sast-series-part-2-ecbaca2b9c97)
+
 __Privacy Violation: Heap Inspection__ is a source code security issue that occurs mostly in C#, Java, and Swift applications. Strings are immutable in these languages, meaning that if they are used to store sensitive information such as passwords, credit card numbers, secrets, or tokens, these values will remain in memory until the JVM garbage collector (in Java) or ARC (Automatic Reference Counting) (in Swift) removes them.
 
 There is no guarantee as to when garbage collection will take place. In the event of an application crash, a memory dump might reveal sensitive data, making it accessible to anyone inspecting the heap before garbage collection occurs.
@@ -20,12 +22,11 @@ StringBuffer password = new StringBuffer("SecurePassword");
 
 ## Mitigation
 
-To mitigate the Privacy Violation: Heap Inspection issue in Java, C#, and Swift applications:
-
-:white_check_mark: Use character arrays (char[]) instead of strings to store sensitive information. 
-
-:white_check_mark: Manually clear arrays after use (e.g., overwriting with '\0').
-
-:white_check_mark: Ensure cleanup happens in a finally block to guarantee execution.
-
-By following these best practices, you reduce the risk of exposing sensitive data in memory dumps.
+🔒 Best Practices for Secure Coding
+1️⃣ Never store sensitive information in immutable strings 🚫
+2️⃣ Understand how Garbage Collection (GC) works in your programming language 🧐
+3️⃣ Use Secret Managers or Vaults to store sensitive information 🔐
+4️⃣ Use prebuilt Secure Strings to handle sensitive information
+Java: Use GuardedString (from Java's security libraries)
+C#: Use SecureString to handle sensitive data securely 
+5️⃣ When no prebuilt library exists, store passwords in char[] and overwrite the array after usage to ensure it doesn't linger in memory.

Privacy Violation - Heap Inspection/java/HeapInspectionGuardedStringExample.java

@@ -54,7 +54,12 @@ private static void overwriteString(String str) {
         }
     }
 
-    public static void usePasswordSecurely(GuardedString guardedPassword) {
+    private static void clearSensitiveData(StringBuffer sb){
+        sb.delete(0, sb.length());
+        sb = null;
+    }
+
+    public static GuardedString usePasswordSecurely(GuardedString guardedPassword) {
         // Securely access the password value
         guardedPassword.access(chars -> {
             // Construct the connection string securely
@@ -63,9 +68,12 @@ public static void usePasswordSecurely(GuardedString guardedPassword) {
                     .append(";columnEncryptionSetting=Enabled;");
 
             System.out.println("Connection String: " + connectionString);
-    
-            // Overwrite the password in memory after use
-            overwriteCharArray(chars);
+            // Perform operations with the connection string here
+
+            // After performing operations, clear the sensitive data
+
+            overwriteByteArray(chars); // Overwrite the password in memory
+            clearSensitiveData(connectionString); // Clear the connection string from memory
         });
     }