Offensive Threat Models Against the Supply Chain
In this talk, Tony discusses the economic and geopolitical impacts of supply chain attacks, a walkthrough of supply chain threat...
Read more →Category: Mix
Game On! Adding Privacy to Threat Modeling
Elevation of Privilege: Background Adam originally created Elevation of Privilege at Microsoft as a fun and low barrier to entry...
Read more →
Find GraphQL API vulnerabilities, with Burp Suite Professional | Blog
Gareth Heyes | 04 July 2023 at 13:00 UTC As a penetration tester, you need your tools to find the...
Read more →
Usable Security Tooling – Creating Accessible Security Testing with ZAP
In this talk, David gives an overview and demo of ZAP’s new heads-up display (HUD), an intuitive and awesome way...
Read more →
Open-source OWASP tools to aid in penetration testing coverage
These tools leverage the advantage that white hat penetration testers have over external attackers: they have access to server binaries/bytecode...
Read more →
A static analysis tool to find web endpoints
Existing tools were either dead, regex-based, or didn’t support the analysis capabilities he wanted, so he built and open sourced...
Read more →
BoMs Away – Why Everyone Should Have a BoM
In this talk, Steve describes the various use cases of a software bill-of-materials (BOM), including facilitating accurate vulnerability and other...
Read more →
What I Learned Watching All 44 AppSec Cali 2019 Talks
What I Learned Watching All 44 AppSec Cali 2019 Talks OWASP AppSec California is one of my favorite security conferences:...
Read more →![[tl;dr sec] #186 - Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs](https://cybernoz.com/wp-content/uploads/2023/07/tldr-sec-186-Enterprise-Purple-Teaming-Cloud-CTFs-Code.jpg "[tl;dr sec] #186 - Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs 25")
[tl;dr sec] #186 – Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs
I hope you’ve been doing well! New Platform, Who Dis? 👋 Hello and welcome to the first edition of tl;dr...
Read more →![[tl;dr sec] #187 - AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools](https://cybernoz.com/wp-content/uploads/2023/07/tldr-sec-187-AWS-Pentest-Methodology-Destroyed-by-Breach.jpg "[tl;dr sec] #187 - AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools 30")
[tl;dr sec] #187 – AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools
I hope you’ve been doing well! 💪 Bro-ing Out This week I’m visiting by brother, who has kindly offered to...
Read more →![[tl;dr sec] #188 - Security Interview Questions, Secret Scanning Tools, PentestGPT](https://cybernoz.com/wp-content/uploads/2023/07/tldr-sec-188-Security-Interview-Questions-Secret-Scanning-Tools.jpg "[tl;dr sec] #188 - Security Interview Questions, Secret Scanning Tools, PentestGPT 32")
[tl;dr sec] #188 – Security Interview Questions, Secret Scanning Tools, PentestGPT
I hope you’ve been doing well! The “Full Utah” Experience Last weekend I got to hang out with my friend...
Read more →
Cache Me If You Can: Messing with Web Caching
In this talk, Louis covers 3 web cache related attacks: cache deception, edge side includes, and cache poisoning. Note: this...
Read more →