Keep it simple, Scanner | Blog
Tom Shelton-Lefley | 20 June 2023 at 14:02 UTC There’s a running joke on the scanner development team; for the longest time I had net…
Category: Mix
GCP ESPv2 Hit with Critical API Authorization Bypass CVE-2023-30845
This post delves into a very impactful JWT Authentication Bypass vulnerability (CVE-2023-30845) found in ESP-v2, an open-source service proxy that provides API management capabilities using…
What You Need To Know About The MOVEit
The MOVEit Vulnerabilities and Latest Exploits. Impact On Governmental Agencies And Large Organizations Governmental agencies and large organizations around the world are being hit by…
Grammarly CISO Suha Can Discusses the Impact of Preemptive Security with HackerOne
The allure of generative AI and the importance of the basics. While the advent of generative AI poses new challenges, it’s important not to neglect…
OWASP APIsec Top-10 2023 Is Here | API Security Newsletter
Welcome to our May API newsletter, recapping some of the events of last month. As the old proverb goes, April showers bring May flowers –…
CVSS 4.0 Preview 살펴보기
CVSS(Common Vulnerability Scoring System)는 시스템, 소프트웨어의 취약성을 평가하기 위해 사용되는 취약성에 대한 스코어링 시스템입니다. Offensive Security 관련하여 현업에 있다면 익숙하지만 반대로 문제점도 많다고 느껴지는 그런…
Bug Bytes #203 – CVSS 4.0, MOVEIt and How CI/CD Pipelines Go Wrong
Bug Bytes is a weekly newsletter curated by members of the bug bounty community. The second series is curated by InsiderPhD. Every week, she keeps…
Ruby Cheatsheet
🔍 Introduction Ruby는 자연스럽게 읽히고 쓰기 쉬운 우아한 문법을 가지고 있는 언어입니다. 철학 자체가 인간 중심의 설계다 보니 뛰어난 가독성을 가졌고 언어 자체도 쉽게 사용할…
Holistic API Security Strategy for 2023
In the digital landscape of 2023, Application Programming Interfaces (APIs) have taken center stage in business operations. APIs act as the backbone of many digital…
Patch Diffing Progress MOVEIt Transfer RCE (CVE-2023-34362) – Assetnote
In the last few days, threat actors have been exploiting a critical pre-authentication vulnerability within Progress MOVEIt Transfer. There have been several great blog posts…
[tl;dr sec] #185 – Artisanal to Industrial Security, Securing the EC2 Instance Metadata Service, 12 Threat Modeling Methods
Hey there, I hope you’ve been doing well! 🚨 Changing Platforms 🚨 Over the next few weeks I’m going to be changing two important things…
Seven Essential Components Of A Top-Tier Attack Surface Management Program
1. Discover and Import Maintaining an up-to-date inventory of all your internet-facing assets is crucial for effective risk management. HackerOne automates continuous attack…