Portswigger (the company that makes Burp Suite) is out with their Top 10 web application hacking tec...
Read More
From the Absolute AppSec Podcast - learned about a really great article on how Account Enumeration i...
Read More
Simon Bennetts reminds me that OWASP ZAP also has a shiny new web presence, and an upgraded executab...
Read More
You know that open S3 buckets are one of my pet peeves - well guess what. Azure isn't any...
Read More
Good Twitter thread on JavaScript based redirection and Cross-site Scripting.
https://twitter.com/ha...
Read More
Post-CodeMash edition!
The Government of Gibraltar had a SQL Injection vulnerability in the s...
Read More
Pre-CodeMash Edition!
Adam Caudill is a personal friend of mine and has forgotten more about...
Read More
My favorite thing this week: SwiftOnSecurity accidentally dropped a Confluence 0-day on Twitter.&nbs...
Read More
Great breakdown on finding bugs in an OAUTH flow
https://blog.teddykatz.com/2019/11/05/github-oauth-...
Read More
Lawfare has a good article by Jim Baker (former legal council for the FBI) on a new way to thi...
Read More
Here is a good writeup on the overflow error found in libssh2
https://blog.semmle.com/libssh2-intege...
Read More
SplashData has their 100 worst passwords out again this year. Remember, at least, prevent thes...
Read More