HTTP/1.1 Must Die: What This Means for Contract Pentesters and MSSPs
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research, James Kettle, issued a stark…
Category: Mix
HTTP/1.1 Must Die: What This Means for Bug Bounty Hunters
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research, James Kettle, issued a stark…
HTTP/1.1 Must Die: What This Means for In-House Pentesters
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research, James Kettle, issued a stark…
HTTP/1.1 Must Die: What This Means for AppSec Leadership
Andrzej Matykiewicz | 06 August 2025 at 22:23 UTC At Black Hat USA and DEFCON 2025, PortSwigger’s Director of Research, James Kettle, issued a stark…
Why Marcus Is Wrong About AI
My friend Marcus Hutchins put out a long, well-written, and entertaining piece about all the reasons he thinks AI is hype. I think it was…
HTTP Request Smuggling Explained: with seasoned bug bounty hunter NahamSec and world-class researcher James Kettle
Amelia Coen | 05 August 2025 at 11:08 UTC Ever wondered how attackers can compromise modern websites by exploiting invisible cracks in HTTP infrastructure to…
Why Platforms Like Substack Won’t Make Sense for Much Longer
I think the future of Substack is self-hosting. Or—more directly—I don’t think they have much of a future. I’m sure you’ve heard about their struggles—the…
Why We Built a Museum Instead of a Booth — API Security
Think you know what to expect from a conference booth? Think again. Forget the cliches: the swag destined for the back of your wardrobe, the…
Launching Daemon: My Personal API
Super hyped to be launching the first version of Daemon today! My daemon is my personal API that anyone—or any AI—can query to learn about…
Increased Worker Pressure from AI
My latest depressing thought about AI is that with all the pressure to adopt AI and replace employees with automation, the lived experience of many/most…
Solving the challenges of a bug bounty program manager (BBPM). Strategic execution for security leaders.
As more organizations lean on third-party platforms, cloud infrastructure, and remote development teams, the attack surface grows, often faster than internal security teams can manage.…
![[tl;dr sec] #290 - Securing MCP, AppSec Archetypes, CISO's Guide to Protecting Crown Jewels](https://image.cybernoz.com/wp-content/uploads/2025/07/tldr-sec-290-Securing-MCP-AppSec-Archetypes-CISOs-Guide.png)
[tl;dr sec] #290 – Securing MCP, AppSec Archetypes, CISO’s Guide to Protecting Crown Jewels
Tools to scan MCP servers and an MCP WAF, 4 AppSec archetypes, how to strategically protect your org with limited resources I hope you’ve been…