OWASP Top 10 for LLMs (v1.0) (owasp.org)
Feedback open until 31 of August for CVSS 4.0 (www.first.org)
Stir Trek 2024: Call for Speakers (sessionize.com)
ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks (www.darkreading.com)
Recommended AppSec conferences in Europe?
cross-posted from: infosec.pub/post/8123190...
[tl;dr sec] #215 - Cloud Threat Landscape, Web LLM Security Labs, Azure Logs Primer (tldrsec.com)
Signing Requests using RSA Keys (www.zaproxy.org)
We Must Consider Software Developers a Key Part of the Cybersecurity Workforce (www.cisa.gov)
OWASP Foundation - 2024 Global AppSec Lisbon Call for Trainers (owasp.submittable.com)
[tl;dr sec] #213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat (tldrsec.com)
Reasonable 🔐AppSec #33 - Signing Off '23 with a Bang: Five Security Articles, AppSec New Year's Resolutions, and Podcast Corner (appsec.beehiiv.com)
Trustwave Transfers ModSecurity Custodianship to OWASP | OWASP Foundation (owasp.org)
npm search RCE? - Escape Sequence Injection (blog.solidsnail.com)
It’s not a Feature, It’s a Vulnerability (blog.solidsnail.com)
cross-posted from: infosec.pub/post/5707149...
Community review - OWASP Mobile Application Security risk assessment formula (mas.owasp.org)
From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)
This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.
New OWASP Cheet Sheet on Mobile Securty (cheatsheetseries.owasp.org)
Mobile Application Security Cheat Sheet...