Ben-Hur Santos OttforGuia de AppSec :: Blogblog.guiadeappsec.com.br·15 hours agoAppSec Newsletter 0037E chegamos a mais uma edição da nossa newsletter! Vídeo Novo no canal Guia de AppSec https://www.youtube.com/watch?v=-lLgMupOqIw Links 🎖️ Google | If It’s Not Secure, It Should Not Compile: Preventing DOM-Based XSS in Large-Scale Web Development ...Discuss·33 readsappsec
b1d0wsb1d0ws.hashnode.dev·Oct 23, 2024AppSec Project - Chapter 1, Manually fixing vulnerabilitiesIntroduction Hello, welcome to the b1d0ws appsec project! The idea here is to introduce you, with a few articles, to a process of building, fixing vulnerabilities and integrating a python website with application security. I'm a beginner in this proc...Discuss·103 readsPostsappsec
Chama JennaneforfreeCodeCampfreecodecamp.org·Oct 9, 2024How to Strengthen Your Code: Essential Secure Design Principles for DevelopersSecure design principles have long been the foundation for building secure systems. And they remain a crucial aspect of modern cybersecurity. Introduced in 1975 by Saltzer and Schroeder in their landmark paper The Protection of Information in Compute...Discusssecure coding
The Firewallblogs.thefirewall.org·Oct 1, 2024Shift Left with The Firewall Appsec Platform: The Future of Accessible CybersecurityThe Current State of Security In today's rapidly evolving digital landscape, cybersecurity is more critical than ever. However, the reality is stark: the frequency and severity of security breaches are on the rise. Businesses, both large and small, a...Discuss·1 like·110 readscybersecurity
Arshan Dabirsiaghinahsra.hashnode.dev·Sep 25, 2024A note from the AI front linesAI rightfully refuses to relinquish its place in our cultural conversation, and so I thought I'd share a few interesting things we've noticed at Pixee making an AI product security engineer. I hope that others might find validation, understanding, or...Discuss·99 readsAI
Varkey Thomasskinnyidiot.hashnode.dev·Sep 12, 2024Server Side Request ForgeryIntro: This vulnerability allows an attacker to force the server side of a web application to make requests to normally unauthorized locations. Brief: This attack occurs when an attacker modifies the URL sent from a web application, which can lead to...Discuss#cybersecurity
Ben-Hur Santos OttforGuia de AppSec :: Blogblog.guiadeappsec.com.br·Sep 10, 2024AppSec Newsletter 0036Links URL validation bypass cheat sheet | PortSwigger Learn AWS Pentesting | Tyler Ramsbey Burp Suite - Deep Dive | Cristi Vlad Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information SaaS attack techniques CAPEC-STRIDE...Discuss·97 readsappsec
Arshan Dabirsiaghinahsra.hashnode.dev·Sep 4, 2024Wait, you don't send fixes to the IDE?Wait, you don't send the fixes into the IDE? When I first tell people at Pixee that we send Pull Requests (or Merge Requests, for your GitLabers) to fix vulnerable code, they always look at us quizzically for a second -- whether they be partners, pr...Discuss·2 likes·247 readsSecurity
Lohith Gowda Mblog.lohigowda.in·Aug 12, 2024Git Exposure: How a Simple Oversight Led to a Critical Security FlawIn my recent exploration of web applications, I came across a significant security issue that I believe deserves attention. This discovery involved a popular application responsible for managing various user services. While I can't divulge the applic...Discuss·1 like·407 readsappsec
Ben-Hur Santos OttforGuia de AppSec :: Blogblog.guiadeappsec.com.br·Aug 9, 2024AppSec Newsletter 0035Vídeo novo no canal! https://www.youtube.com/watch?v=iQ-TcXrf8BE Links Splitting the email atom: exploiting parsers to bypass access controls Using AI for Offensive Security Bypassing API rate limiting using IP rotation in Burp Suite TruffleHog...Discuss·89 readsappsec