Category: Mix

Game On! Adding Privacy to Threat Modeling
04
Jul
2023

Game On! Adding Privacy to Threat Modeling

Elevation of Privilege: Background Adam originally created Elevation of Privilege at Microsoft as a fun and low barrier to entry…

Find GraphQL API vulnerabilities, with Burp Suite Professional | Blog
04
Jul
2023

Find GraphQL API vulnerabilities, with Burp Suite Professional | Blog

Gareth Heyes | 04 July 2023 at 13:00 UTC As a penetration tester, you need your tools to find the…

Usable Security Tooling - Creating Accessible Security Testing with ZAP
04
Jul
2023

Usable Security Tooling – Creating Accessible Security Testing with ZAP

In this talk, David gives an overview and demo of ZAP’s new heads-up display (HUD), an intuitive and awesome way…

Open-source OWASP tools to aid in penetration testing coverage
04
Jul
2023

Open-source OWASP tools to aid in penetration testing coverage

These tools leverage the advantage that white hat penetration testers have over external attackers: they have access to server binaries/bytecode…

A static analysis tool to find web endpoints
04
Jul
2023

A static analysis tool to find web endpoints

Existing tools were either dead, regex-based, or didn’t support the analysis capabilities he wanted, so he built and open sourced…

BoMs Away - Why Everyone Should Have a BoM
04
Jul
2023

BoMs Away – Why Everyone Should Have a BoM

In this talk, Steve describes the various use cases of a software bill-of-materials (BOM), including facilitating accurate vulnerability and other…

What I Learned Watching All 44 AppSec Cali 2019 Talks
04
Jul
2023

What I Learned Watching All 44 AppSec Cali 2019 Talks

What I Learned Watching All 44 AppSec Cali 2019 Talks OWASP AppSec California is one of my favorite security conferences:…

[tl;dr sec] #186 - Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs
04
Jul
2023

[tl;dr sec] #186 – Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs

I hope you’ve been doing well! New Platform, Who Dis? 👋  Hello and welcome to the first edition of tl;dr…

[tl;dr sec] #187 - AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools
04
Jul
2023

[tl;dr sec] #187 – AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools

I hope you’ve been doing well! 💪 Bro-ing Out This week I’m visiting by brother, who has kindly offered to…

[tl;dr sec] #188 - Security Interview Questions, Secret Scanning Tools, PentestGPT
04
Jul
2023

[tl;dr sec] #188 – Security Interview Questions, Secret Scanning Tools, PentestGPT

I hope you’ve been doing well! The “Full Utah” Experience Last weekend I got to hang out with my friend…

Cache Me If You Can: Messing with Web Caching
03
Jul
2023

Cache Me If You Can: Messing with Web Caching

In this talk, Louis covers 3 web cache related attacks: cache deception, edge side includes, and cache poisoning. Note: this…

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce – RCE Security
03
Jul
2023

Patch Diffing CVE-2023-28121 to Compromise a WooCommerce – RCE Security

Back in March 2023, I noticed an interesting security advisory that was published by Wordfence about a critical “Authentication Bypass…