Company Update | HackerOne
HackerOne CEO, Marten Mickos, emailed the following note to employees on August 2, 2023. H1 Team, I have made the painful and necessary decision to undertake…
Category: Mix
[tl;dr sec] #193 – ATT&CK for AI and SaaS, GitHub Actions Goat, Finding Bugs in Web App Routes
I hope you’ve been doing well! Hack Week This week we had people fly in from all over the world to meet and hack together.…
Hello Noir 👋🏼
Hi all! I am excited to announce the release of my toy project called ‘Noir’ 🎉🚀 Noir is a source code analysis tool that identifies…
Beware of BOLA (IDOR) Vulnerabilities in Web Apps and APIs
Introduction In a recent advisory, the Cybersecurity and Infrastructure Security Agency (CISA) warned vendors, designers, developers, and end-user organizations of web applications about the dangers…
Ranged bounties: a flexible and granular bounty mechanism
At Intigriti, we are continually enhancing our platform to better serve our community. Today, we’re introducing a significant update: ranged bounties. This addition provides program…
Can LLMs create new things? · rez0
Is Generative AI Output Novel Creation or Simple Imitation? I’ve heard many people say that LLMs (and generative AI overall) don’t create new things. They…
Unsupervised Learning NO. 392
Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original…
Optimizing ZAP and Burp with JVM
누군가가 저에게 Application Security, Pentest 등에서 가장 활발하게 사용되는 도구를 선택하라고 하면 당연히 Burpsuite와 ZAP 같은 Proxy 도구를 선택할 것 같습니다. 최근 Caido가 많이 올라오는…
Do Burnout and Addition Have the Same Root Cause?
I heard a great thing on a podcast recently. It was a guy saying alcohol addiction is confused because people think it’s about alcohol and…
A New Take on an Old Saying · rez0
The saying “You are the sum of the five people you spend the most time with,” is still true, but has been redefined by the…
API1:2023 Broken Object Level Authorization
Welcome to the 2nd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners.…
How to become eligible for Hybrid Pentesting?
Guaranteed income, fresh scope, and no researcher competition sounds like paradise to you? Stop dreaming right now and have a look at Intigriti’s new Hybrid…