Gaining access to Uber’s user data through AMPScript evaluation
Modern development and infrastructure management practices are fast paced and constantly evolving. In the race to innovate and expand, new...
Read more →Category: Mix
European Council Adopts Cyber Resilience Act
The CRA will be a game-changing regulation for software and connected product security. The CRA imposes cybersecurity requirements for manufacturers...
Read more →
Discovering a zero day and getting code execution on Mozilla’s AWS Network
When Assetnote Continuous Security (CS) monitors your attack surface, one of the things it looks for are instances of WebPageTest....
Read more →
How To Use HackerOne’s Global Vulnerability Policy Map
To help organizations keep up with the shifting landscape of VDP mandates and recommendations, HackerOne has developed the Global Vulnerability...
Read more →
Finding Hidden Files and Folders on IIS using BigQuery
Motivations I recently made a video on how to find hidden files and folders on IIS through the use of...
Read more →
Vulnerability Deep Dive: Gaining RCE Through ImageMagick With Frans Rosen
The file upload vulnerability type is as broad in scope as the number of different file types. These vulnerabilities are...
Read more →
OWASP Top 10: The Risk of Cryptographic Failures
What Is Cryptography? Cryptography is the practice and study of techniques for securing communication and information by transforming it into...
Read more →
AWS Security Configuration Review and Best Practices
In fact, the Cloud Security Alliance’s Top Threats to Cloud Computing 2024 Report ranks the following concerns as the top three:...
Read more →
Measure, Compare, and Enhance Security Programs with HackerOne Benchmarks
Without clear comparisons and long-term visibility, it’s challenging to identify areas for improvement and make informed, data-driven decisions. That’s why...
Read more →
Securing Our Elections Through Vulnerability Testing and Disclosure
Security researchers and election technology manufacturers at the Election Security Research Forum (ESRF). The Event In preparation for the election...
Read more →
Who Should Own AI Risk at Your Organization?
In this blog, we’ll explore who is and should be accountable for AI risk within organizations and how to empower...
Read more →
What Is a Business Logic Vulnerability? [Example]
It sounds straightforward enough, but business logic vulnerabilities can result in an array of serious security issues, such as unauthorized...
Read more →