Signing Requests using RSA Keys (www.zaproxy.org)
We Must Consider Software Developers a Key Part of the Cybersecurity Workforce (www.cisa.gov)
Stir Trek 2024: Call for Speakers (sessionize.com)
[tl;dr sec] #213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat (tldrsec.com)
Reasonable 🔐AppSec #33 - Signing Off '23 with a Bang: Five Security Articles, AppSec New Year's Resolutions, and Podcast Corner (appsec.beehiiv.com)
Trustwave Transfers ModSecurity Custodianship to OWASP | OWASP Foundation (owasp.org)
npm search RCE? - Escape Sequence Injection (blog.solidsnail.com)
It’s not a Feature, It’s a Vulnerability (blog.solidsnail.com)
cross-posted from: infosec.pub/post/5707149...
GitHub Copilot, Amazon Code Whisperer emit people's API keys (www.theregister.com)
Community review - OWASP Mobile Application Security risk assessment formula (mas.owasp.org)
From Terminal Output to Arbitrary Remote Code Execution (blog.solidsnail.com)
This is my first write-up, on a vulnerability I discovered in iTerm2 (RCE). Would love to hear opinions on this. I tried to make the writing engaging.
New OWASP Cheet Sheet on Mobile Securty (cheatsheetseries.owasp.org)
Mobile Application Security Cheat Sheet...
OWASP Top 10 for LLMs (v1.0) (owasp.org)
Google Cloud Build bug lets hackers launch supply chain attacks (www.bleepingcomputer.com)
Exploiting XSS in hidden inputs and meta tags (portswigger.net)
Why Authorization is Hard (www.osohq.com)
ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks (www.darkreading.com)
Feedback open until 31 of August for CVSS 4.0 (www.first.org)
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites (www.reversinglabs.com)
OWASP Top 10 for LLMs - 0.5 (owasp.org)
Testing GraphQL APIs | Web Security Academy (portswigger.net)
XML Security in Java (semgrep.dev)
Bypassing CSP via DOM clobbering (portswigger.net)
You might have found HTML injection, but unfortunately identified that the site is protected with CSP. All is not lost, it might be possible to bypass CSP using DOM clobbering, which you can now detect using DOM Invader! In this post we’ll show you how....