Securing Third Party Applications at Scale
If you don’t get the process right, the technical stuff goes to waste. Background The Salesforce AppExchange was launched in 2005 as a way for…
Category: Mix
Offensive Threat Models Against the Supply Chain
In this talk, Tony discusses the economic and geopolitical impacts of supply chain attacks, a walkthrough of supply chain threat modeling from a manufacturer’s perspective,…
Game On! Adding Privacy to Threat Modeling
Elevation of Privilege: Background Adam originally created Elevation of Privilege at Microsoft as a fun and low barrier to entry way to teach threat modeling…
Find GraphQL API vulnerabilities, with Burp Suite Professional | Blog
Gareth Heyes | 04 July 2023 at 13:00 UTC As a penetration tester, you need your tools to find the latest vulnerabilities. GraphQL APIs are…
Usable Security Tooling – Creating Accessible Security Testing with ZAP
In this talk, David gives an overview and demo of ZAP’s new heads-up display (HUD), an intuitive and awesome way to view OWASP ZAP info…
Open-source OWASP tools to aid in penetration testing coverage
These tools leverage the advantage that white hat penetration testers have over external attackers: they have access to server binaries/bytecode and the server-side source code.…
A static analysis tool to find web endpoints
Existing tools were either dead, regex-based, or didn’t support the analysis capabilities he wanted, so he built and open sourced endpointfinder, which parses JavaScript code…
BoMs Away – Why Everyone Should Have a BoM
In this talk, Steve describes the various use cases of a software bill-of-materials (BOM), including facilitating accurate vulnerability and other supply-chain risk analysis, and gives…
What I Learned Watching All 44 AppSec Cali 2019 Talks
What I Learned Watching All 44 AppSec Cali 2019 Talks OWASP AppSec California is one of my favorite security conferences: the talks are great, attendees…
[tl;dr sec] #186 – Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs
I hope you’ve been doing well! New Platform, Who Dis? 👋 Hello and welcome to the first edition of tl;dr sec on Beehiiv! If you…
[tl;dr sec] #187 – AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools
I hope you’ve been doing well! 💪 Bro-ing Out This week I’m visiting by brother, who has kindly offered to host me in his 1…
[tl;dr sec] #188 – Security Interview Questions, Secret Scanning Tools, PentestGPT
I hope you’ve been doing well! The “Full Utah” Experience Last weekend I got to hang out with my friend Scott Piper, and he gave…