OAuth and PostMessage
Tl;DR; An OAuth misconfiguration was discovered in the redirect_uri parameter at the target’s OAuth IDP at https://app.target.com/oauth/authorize, which allowed attackers to control the path of…
Category: Mix
What Is the New NIST Control for Public Disclosure Programs?
Let’s first define what we’re talking about when we refer to these NIST controls. NIST 800-53 is a popular framework for security programs globally and…
Customize ZAP HUD 🎮
Today, I write a post about how to use ZAP HUD in an engaging manner. While ZAP HUD may not have incredibly useful features at…
90-Day Certificate Validity
오늘은 구글에서 추친하는 90일의 인증서 유효기간에 대한 이야기를 하려고 합니다. 구글이 올해 3월(2023)에 Chromium Security 를 통해 공지(방향성에 대한 공지)한 이후에 아직 별다른 액션이 없긴…
API3:2023 Broken Object Property Level Authorization
Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
What to Know About the New SEC Cybersecurity Rule [3 Requirements]
SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure Rule The SEC’s final rule is aimed at helping investors make informed investment decisions by providing…
[tl;dr sec] #194 – CNAPPGoat, KubeFuzz, tl;dr sec swag
I hope you’ve been doing well! Hacker Summer Camp This is the first time I’m attending the Vegas conferences since the pandemic, and I’ve been…
Spot risks with our new IP view
Our new IP view offers another point of view on the expanding attack surface Customers often tell us of instances where someone in their team…
New techniques and tools for web race conditions | Blog
Emma Stocks | 10 August 2023 at 06:56 UTC For too long, web race-condition attacks have focused on a tiny handful of scenarios. Testing for…
Metabase Pre-Auth RCE (CVE-2023-38646) – Assetnote
Summary An unauthenticated attacker can obtain the setup token for an instance and use it to achieve remote code execution via an endpoint that allows…
Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) – Assetnote
Metabase is an open source business intelligence tool that lets you create charts and dashboards using data from a variety of databases and data sources.…
Enhancing API Security with FAST
Welcome to another inside story straight from the Wallarm labs. Today we’re taking you behind the scenes of our self-testing journey, showcasing how we “drink…