Securing your Workspaces from a Bot Uprising
Real TalkOne thing I appreciated about this talk is that Kelly and Nikki kept it real. Most blog posts, talks,...
Read more →Category: Mix
Preventing Mobile App and API Abuse
An overview of the mobile and API security cat and mouse game (securely storing secrets, TLS, cert pinning, bypassing protections...
Read more →
Node.js and NPM Ecosystem: What are the Security Stakes?
Vladimir de Turckheim, Software Engineer, Sqreen twitter, linkedinabstract slides video For vulnerabilities, a SQL injection example is given as well as regular...
Read more →
the Clear Site Data Header
The new Clear-Site-Data HTTP header allows a website to tell a user’s browser to clear various browsing data (cookies, storage,...
Read more →
Building Cloud-Native Security for Apps and APIs with NGINX
Stepan Ilyin, Co-founder, Wallarm twitter, linkedinabstract slides video How NGINX modules and other tools can be combined to give you a nice...
Read more →
Securing Third Party Applications at Scale
If you don’t get the process right, the technical stuff goes to waste. Background The Salesforce AppExchange was launched in...
Read more →
Offensive Threat Models Against the Supply Chain
In this talk, Tony discusses the economic and geopolitical impacts of supply chain attacks, a walkthrough of supply chain threat...
Read more →
Game On! Adding Privacy to Threat Modeling
Elevation of Privilege: Background Adam originally created Elevation of Privilege at Microsoft as a fun and low barrier to entry...
Read more →
Find GraphQL API vulnerabilities, with Burp Suite Professional | Blog
Gareth Heyes | 04 July 2023 at 13:00 UTC As a penetration tester, you need your tools to find the...
Read more →
Usable Security Tooling – Creating Accessible Security Testing with ZAP
In this talk, David gives an overview and demo of ZAP’s new heads-up display (HUD), an intuitive and awesome way...
Read more →
Open-source OWASP tools to aid in penetration testing coverage
These tools leverage the advantage that white hat penetration testers have over external attackers: they have access to server binaries/bytecode...
Read more →
A static analysis tool to find web endpoints
Existing tools were either dead, regex-based, or didn’t support the analysis capabilities he wanted, so he built and open sourced...
Read more →