We’re going teetotal: It’s goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down Over the past five-and-a-half years, The Daily Swig has provided...
Read more →Category: PortSwigger
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker Belgium became a haven for ethical hackers following the adoption of a nationwide...
Read more →
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Charlie Osborne 28 February 2023 at 14:15 UTC Updated: 28 February 2023 at 14:51 UTC Armed with personal data fragments,...
Read more →
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more...
Read more →
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed A recently patched bug in the Chromium project could allow malicious actors...
Read more →
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Jessica Haworth 24 February 2023 at 13:09 UTC Updated: 24 February 2023 at 13:15 UTC Your fortnightly rundown of AppSec...
Read more →
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review ANALYSIS The US National Institute of Standards and Technology (NIST) is planning...
Read more →
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies A security flaw in a bundle anti-malware scanner...
Read more →
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp ANALYSIS Weaknesses in the existing CVSS scoring system have been highlighted through...
Read more →
‘Most web API flaws are missed by standard security tests’ – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway’ into a pen testing career, advises specialist in the field INTERVIEW Securing web APIs...
Read more →
HTTP request smuggling bug patched in HAProxy
Ben Dickson 17 February 2023 at 16:05 UTC Updated: 17 February 2023 at 16:07 UTC Exploitation could enable attackers to...
Read more →
Read all about it: Introducing our new newsletter, Daily Swig Deserialized
Free fortnightly roundup and exclusive content for subscribers only Want to get the latest web security news straight to your...
Read more →