Open-source OWASP tools to aid in penetration testing coverage
These tools leverage the advantage that white hat penetration testers have over external attackers: they have access to server binaries/bytecode and the server-side source code.…
Category: Mix
A static analysis tool to find web endpoints
Existing tools were either dead, regex-based, or didn’t support the analysis capabilities he wanted, so he built and open sourced endpointfinder, which parses JavaScript code…
BoMs Away – Why Everyone Should Have a BoM
In this talk, Steve describes the various use cases of a software bill-of-materials (BOM), including facilitating accurate vulnerability and other supply-chain risk analysis, and gives…
What I Learned Watching All 44 AppSec Cali 2019 Talks
What I Learned Watching All 44 AppSec Cali 2019 Talks OWASP AppSec California is one of my favorite security conferences: the talks are great, attendees…
[tl;dr sec] #186 – Enterprise Purple Teaming, Cloud CTFs, Code Review with LLMs
I hope you’ve been doing well! New Platform, Who Dis? 👋 Hello and welcome to the first edition of tl;dr sec on Beehiiv! If you…
[tl;dr sec] #187 – AWS Pentest Methodology, Destroyed by Breach, Awesome LLM Cybersecurity Tools
I hope you’ve been doing well! 💪 Bro-ing Out This week I’m visiting by brother, who has kindly offered to host me in his 1…
[tl;dr sec] #188 – Security Interview Questions, Secret Scanning Tools, PentestGPT
I hope you’ve been doing well! The “Full Utah” Experience Last weekend I got to hang out with my friend Scott Piper, and he gave…
Cache Me If You Can: Messing with Web Caching
In this talk, Louis covers 3 web cache related attacks: cache deception, edge side includes, and cache poisoning. Note: this was an awesomely dense, technical…
Patch Diffing CVE-2023-28121 to Compromise a WooCommerce – RCE Security
Back in March 2023, I noticed an interesting security advisory that was published by Wordfence about a critical “Authentication Bypass and Privilege Escalation” (aka CVE-2023-28121)…
We want to check out your BChecks … | Blog
Emma Stocks | 03 July 2023 at 14:54 UTC Want to create customized scans without the hassle of learning advanced programming? Burp Suite’s got you…
Citrix Gateway Open Redirect and XSS (CVE-2023-24488) – Assetnote
Summary URL query parameters are not adequately sanitised before they are placed into an HTTP Location header. An attacker can exploit this to create a…
Reversing Citrix Gateway for XSS – Assetnote
One of the targets we looked at late last year was Citrix Gateway. Citrix Gateway is another of these “all-in-one” network devices, combining a load…