Category: PortSwigger

We’re going teetotal: It’s goodbye to The Daily Swig
02
Mar
2023

We’re going teetotal: It’s goodbye to The Daily Swig

PortSwigger today announces that The Daily Swig is closing down Over the past five-and-a-half years, The Daily Swig has provided…

Bug Bounty Radar // The latest bug bounty programs for March 2023
28
Feb
2023

Bug Bounty Radar // The latest bug bounty programs for March 2023

New web targets for the discerning hacker Belgium became a haven for ethical hackers following the adoption of a nationwide…

Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
28
Feb
2023

Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses

Charlie Osborne 28 February 2023 at 14:15 UTC Updated: 28 February 2023 at 14:51 UTC Armed with personal data fragments,…

Password managers: A rough guide to enterprise secret platforms
27
Feb
2023

Password managers: A rough guide to enterprise secret platforms

The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more…

Chromium bug allowed SameSite cookie bypass on Android devices
27
Feb
2023

Chromium bug allowed SameSite cookie bypass on Android devices

Protections against cross-site request forgery could be bypassed A recently patched bug in the Chromium project could allow malicious actors…

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
24
Feb
2023

Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption

Jessica Haworth 24 February 2023 at 13:09 UTC Updated: 24 February 2023 at 13:15 UTC Your fortnightly rundown of AppSec…

NIST plots biggest ever reform of Cybersecurity Framework
23
Feb
2023

NIST plots biggest ever reform of Cybersecurity Framework

CSF 2.0 blueprint offered up for public review ANALYSIS The US National Institute of Standards and Technology (NIST) is planning…

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
22
Feb
2023

Cisco ClamAV anti-malware scanner vulnerable to serious security flaw

Patch released for bug that poses a critical risk to vulnerable technologies A security flaw in a bundle anti-malware scanner…

CVSS system criticized for failure to address real-world impact
21
Feb
2023

CVSS system criticized for failure to address real-world impact

JFrog argues vulnerability risk metrics need complete revamp ANALYSIS Weaknesses in the existing CVSS scoring system have been highlighted through…

‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector
20
Feb
2023

‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector

API security is a ‘great gateway’ into a pen testing career, advises specialist in the field INTERVIEW Securing web APIs…

HTTP request smuggling bug patched in HAProxy
17
Feb
2023

HTTP request smuggling bug patched in HAProxy

Ben Dickson 17 February 2023 at 16:05 UTC Updated: 17 February 2023 at 16:07 UTC Exploitation could enable attackers to…

Read all about it: Introducing our new newsletter, Daily Swig Deserialized
16
Feb
2023

Read all about it: Introducing our new newsletter, Daily Swig Deserialized

Free fortnightly roundup and exclusive content for subscribers only Want to get the latest web security news straight to your…