DNS is the center of the modern attack surface – are you protecting all levels?
If you are a mature organization, you might manage an external IP block of 65,000 IP addresses (equivalent to a /16 network). In contrast, very…
Category: Mix
Coding is Thinking | Daniel Miessler
We can’t stop learning fundamentals just because tech can do them February 28, 2025 Not learning to code just because there are AI coding agents…
Access control vulnerability in the retail industry. Cross-Site Scripting (XSS) use case.
Large-scale operations and the extensive attack surface of the retail industry render it particularly susceptible to cybercrime, on a global scale. Websites, mobile apps, and…
Burp Everywhere, All Around the World: Bringing AppSec Enthusiasts Together in 2025 | Blog
Amelia Coen | 13 March 2025 at 08:49 UTC Security is a team sport. Whether you’re a pentester, bug bounty hunter, student, or just love…
Behind the Scenes of Burp AI: How we built it, and what’s next | Blog
Katie Warren | 12 March 2025 at 13:30 UTC Why now? Artificial intelligence is rapidly transforming industries, and security testing is no exception. At PortSwigger,…
A complete guide to exploiting advanced XXE vulnerabilities
XML External Entity (XXE) vulnerabilities are one of the most overlooked yet impactful vulnerabilities in modern web applications. Although they’ve become seemingly harder to detect…
Introducing Alfred for fully autonomous AI-built vulnerability assessments
We are excited to announce Detectify Alfred, a revolutionary system that uses AI to completely autonomously collect and prioritize threat intelligence and generate high-fidelity security…
API Specifications: Why, When, and How to Enforce Them
APIs facilitate communication between different software applications and power a wide range of everyday digital experiences, from weather apps to streaming services and everything in…
Noir Enhances AI Integration for Advanced Analysis
Mar 01, 2025 Expanding AI Capabilities in Noir v0.20.0 Noir v0.20.0 has arrived, supercharging its AI-powered security analysis capabilities. This release broadens AI collaboration beyond…
API Armor: How Bybit’s Real-Time Blacklisting Is Thwarting a $1.5B Crypto Heist
APIs present a security risk—that much is a given. Attacks on APIs have caused some of the most significant security incidents of the past decades.…
Top vulnerabilities in 2024 and what to watch for in 2025
The financial services industry continues to be hit hard by malicious actors, with the average cost of a data breach in the sector increasing to…
The Cost Savings of Fixing Security Flaws in Development
When security incidents from software defects happen, retrospectives often tell the story of heroic remediation in the form of a few hundred lines of code (or…