appsec

381 readers
1 users here now

A community for all things related to application security.

founded 2 years ago
MODERATORS
laszlok@infosec.pub
listing: all - local
26
1
Stir Trek 2024: Call for Speakers (sessionize.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
27
1
We Must Consider Software Developers a Key Part of the Cybersecurity Workforce (www.cisa.gov)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
28
1
OWASP Foundation - 2024 Global AppSec Lisbon Call for Trainers (owasp.submittable.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
29
1
[tl;dr sec] #213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat (tldrsec.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
30
1
Reasonable 🔐AppSec #33 - Signing Off '23 with a Bang: Five Security Articles, AppSec New Year's Resolutions, and Podcast Corner (appsec.beehiiv.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
31
1
Trustwave Transfers ModSecurity Custodianship to OWASP | OWASP Foundation (owasp.org)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
32
1
npm search RCE? - Escape Sequence Injection (blog.solidsnail.com)
submitted 2 years ago by solidsnail@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
33
1
It’s not a Feature, It’s a Vulnerability (blog.solidsnail.com)
submitted 2 years ago by solidsnail@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
 
 

cross-posted from: https://infosec.pub/post/5707149

I talk about a report I've made to MSRC in the beginning of the year regarding vscode.

It's a bit different. There's no in depth technical stuff, because I basically just reported the feature, not a bug.

34
1
GitHub Copilot, Amazon Code Whisperer emit people's API keys (www.theregister.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
35
1
Community review - OWASP Mobile Application Security risk assessment formula (mas.owasp.org)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
36
1
From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)
submitted 2 years ago by solidsnail@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
 
 

This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.

37
1
New OWASP Cheet Sheet on Mobile Securty (cheatsheetseries.owasp.org)
submitted 2 years ago by mwguy@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
 
 

Mobile Application Security Cheat Sheet

Mobile application development presents certain security challenges that are unique compared to web applications and other forms of software. This cheat sheet provides guidance on security considerations for mobile app development. It is not a comprehensive guide by any means, but rather a starting point for developers to consider security in their mobile app development.

Architecture & Design

1. Secure by Design

...

38
1
OWASP Top 10 for LLMs (v1.0) (owasp.org)
submitted 2 years ago by netr0m@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
39
1
Google Cloud Build bug lets hackers launch supply chain attacks (www.bleepingcomputer.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
40
1
Exploiting XSS in hidden inputs and meta tags (portswigger.net)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
41
1
Why Authorization is Hard (www.osohq.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
42
1
ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks (www.darkreading.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
43
1
Feedback open until 31 of August for CVSS 4.0 (www.first.org)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
44
1
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites (www.reversinglabs.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
45
1
OWASP Top 10 for LLMs - 0.5 (owasp.org)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
46
1
Testing GraphQL APIs | Web Security Academy (portswigger.net)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
47
1
XML Security in Java (semgrep.dev)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
48
1
Cache Me If You Can: Messing with Web Caching (tldrsec.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
49
1
AppSec podcasts? (infosec.pub)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
 
 

There is a nice list of Infosec podcasts here: https://infosec.pub/post/152754

What are your more specialized appsec recommendations?

50
1
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite (sec-consult.com)
submitted 2 years ago by N7x@infosec.pub to c/appsec@infosec.pub
0 comments fedilink
 
 

A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.

view more: ‹ prev next ›