Category: Mix
How do companies respond to 0days in 3rd party software?
How do companies respond to 0days in 3rd party software? Source link
Read more →
There are better options for a privacy-respecting phone
Meet the new, better Apple. Here’s how to choose your phone and set it up. Whether you think the news...
Read more →
The Best Bug Bounty Recon Methodology
My first introduction to reconnaissance was Jason Haddix’s Bug Bounty Hunters Methodology. It’s the de facto standard and is still...
Read more →
Pre Auth Remote Command Execution (CVE-2022-36804) – Assetnote
Often when performing application security research, we come across other researchers who have found critical vulnerabilities in software that can...
Read more →
Misconfigured JSF ViewStates can lead to severe RCE vulnerabilities
tl;dr ViewStates in JSF are serialized Java objects. If the used JSF implementation in a web application is not configured...
Read more →
Seguridad de iOS – Web View XSS – allysonomalley.com
Esta entrada se trata de una vulnerabilidad sencilla, pero peligrosa, que he visto en varias ocasiones. Creo que esta falla...
Read more →
community/KCSA-CVE-2020-28914.md at main · kata-containers/community · GitHub
announcement-date: 2020-11-17 id: KCSA-CVE-2020-28914 title: Kata Containers Improper file permissions for read-only volumes description: An improper file permissions vulnerability affects...
Read more →
Exploiting WPAD with Burp Suite and the “HTTP Injector” extension | Agarri : Sécurité informatique offensive
Exploiting WPAD with Burp Suite and the “HTTP Injector” extension I went last week to the ASFWS conference (“Application Security...
Read more →
Insights into the New OWASP API Security Top-10 for CISOs
ICYMI, we recently presented A CISOs Guide to the New 2023 OWASP API Security Update. In this first of two...
Read more →