How pentesting mirrors the evolution of quality assurance
Quality assurance in software development is a process of ensuring that software, once it’s deployed to production, will be free of “bugs” – unintended defects…
Category: Mix
Tracking AI Agent Activity, 400 SF Cameras, AI Sleeper Agents…
Unsupervised Learning is a Security, AI, and Meaning-focused newsletter and podcast that looks at how best to thrive as humans. It combines original ideas and…
Find Mistakes Earlier & Save Money
As a result, it’s only natural that code gets shipped with security flaws. Thankfully, many organizations have solutions in place to catch security vulnerabilities after…
Exploring Bühler’s strategic collaboration with Intigriti
Before collaborating with Intigriti, Bühler faced a common yet complex challenge: enhancing the effectiveness of their Vulnerability Disclosure Program (VDP). Having already been established for…
Webinar: Join us for the latest in API Threats on January 24, 2024
In today’s complex digital landscape, the security of APIs has become paramount. As we move into 2024, it’s essential to stay ahead of the evolving…
[tl;dr sec] #214 – Poisoning GitHub’s Runner Images, Fuzzing AWS WAF, LLM-powered Honeypot
I hope you’ve been doing well! 🤢 A Devastating Slip Recently I was rushing down the BART escalator after my musical improv class because I…
The Impacts of Cross-site Scripting (XSS) [With Real Examples]
According to HackerOne’s 7th Annual Hacker Powered Security Report, XSS is the number one most common vulnerability for bug bounty and number two for pentesting.…
The major bug bounty debate: Which department should pay for rewards?
When launching a new bug bounty program, there’s usually a discussion around which department should ‘foot the bill’ for the costs of the rewards. It’s…
Reversing and Tooling a Signed Request Hash in Obfuscated JavaScript
I was hacking on a bug bounty program recently and discovered that the website is signing every request, preventing you from modifying the URL, including…
Crystal-Lang is ❤️
저는 최근에 Crystal-lang을 즐기고 있습니다. 간단한 토이 프로젝트부터 Noir란 사이즈가 점점 커지고 있는 프로젝트까지 Crystal을 통해 구현하고 있습니다. 오늘은 제가 Crystal을 좋아하게된 이유에 대해 이야기하려고…
Expert Code Review Meets Powerful Automation
Shipping clean, secure code should be easier. HackerOne originally acquired PullRequest in 2022 to power developer-first security solutions that enable modern development. Semgrep and HackerOne…
[tl;dr sec] #213 – AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat
I hope you’ve been doing well! ✈️ In Plane Sight I’ve gotta get something off my chest. Normally on planes I read or get work…