HTTP/1.1 Must Die: What This Means for In-House Pentesters
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research,...
Read more →Category: Mix
HTTP/1.1 Must Die: What This Means for AppSec Leadership
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research,...
Read more →Why Marcus Is Wrong About AI
My friend Marcus Hutchins put out a long, well-written, and entertaining piece about all the reasons he thinks AI is...
Read more →
HTTP Request Smuggling Explained: with seasoned bug bounty hunter NahamSec and world-class researcher James Kettle
Amelia Coen | 05 August 2025 at 11:08 UTC Ever wondered how attackers can compromise modern websites by exploiting invisible...
Read more →Why Platforms Like Substack Won’t Make Sense for Much Longer
I think the future of Substack is self-hosting. Or—more directly—I don’t think they have much of a future. I’m sure...
Read more →
Why We Built a Museum Instead of a Booth — API Security
Think you know what to expect from a conference booth? Think again. Forget the cliches: the swag destined for the...
Read more →Launching Daemon: My Personal API
Super hyped to be launching the first version of Daemon today! My daemon is my personal API that anyone—or any...
Read more →Increased Worker Pressure from AI
My latest depressing thought about AI is that with all the pressure to adopt AI and replace employees with automation,...
Read more →
Solving the challenges of a bug bounty program manager (BBPM). Strategic execution for security leaders.
As more organizations lean on third-party platforms, cloud infrastructure, and remote development teams, the attack surface grows, often faster than...
Read more →![[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels](https://cybernoz.com/wp-content/uploads/2025/07/tldr-sec-290-Securing-MCP-AppSec-Archetypes-CISOs-Guide.png "[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels 14")
[tl;dr sec] #290 – Securing MCP, AppSec Archetypes, CISO’s Guide to Protecting Crown Jewels
Tools to scan MCP servers and an MCP WAF, 4 AppSec archetypes, how to strategically protect your org with limited...
Read more →
Debunking API Security Myths
I recently sat down with Tejpal Garwhal, Application Security and DevSecOps Leader, for a conversation debunking some of the most...
Read more →
How to identify the origin IP
Most of your targets often resort to using content delivery networks (CDNs) or other anti-DDoS reverse proxies to mask their...
Read more →