appsec

372 readers
3 users here now

A community for all things related to application security.

founded 2 years ago
MODERATORS
laszlok
listing: all - local
26
1
New OWASP Cheet Sheet on Mobile Securty (cheatsheetseries.owasp.org)
submitted 2 years ago by mwguy to c/appsec
0 comments fedilink
 
 

Mobile Application Security Cheat Sheet

Mobile application development presents certain security challenges that are unique compared to web applications and other forms of software. This cheat sheet provides guidance on security considerations for mobile app development. It is not a comprehensive guide by any means, but rather a starting point for developers to consider security in their mobile app development.

Architecture & Design

1. Secure by Design

...

27
9
OWASP Top 10 for LLMs (v1.0) (owasp.org)
submitted 2 years ago by netr0m to c/appsec
2 comments fedilink
28
5
Google Cloud Build bug lets hackers launch supply chain attacks (www.bleepingcomputer.com)
submitted 2 years ago by N7x to c/appsec
0 comments fedilink
29
4
Exploiting XSS in hidden inputs and meta tags (portswigger.net)
submitted 2 years ago by N7x to c/appsec
0 comments fedilink
30
4
Why Authorization is Hard (www.osohq.com)
submitted 2 years ago by N7x to c/appsec
0 comments fedilink
31
8
ChatGPT Hallucinations Open Developers to Supply Chain Malware Attacks (www.darkreading.com)
submitted 2 years ago by N7x to c/appsec
1 comments fedilink
32
5
Feedback open until 31 of August for CVSS 4.0 (www.first.org)
submitted 2 years ago by N7x to c/appsec
2 comments fedilink
33
3
Here’s MITRE’s top-25 CWE list — with your old vulnerability category favorites (www.reversinglabs.com)
submitted 2 years ago by N7x to c/appsec
0 comments fedilink
34
4
OWASP Top 10 for LLMs - 0.5 (owasp.org)
submitted 2 years ago by N7x to c/appsec
0 comments fedilink
35
2
Testing GraphQL APIs | Web Security Academy (portswigger.net)
submitted 2 years ago by N7x to c/appsec
0 comments fedilink
36
6
XML Security in Java (semgrep.dev)
submitted 2 years ago by N7x to c/appsec
5 comments fedilink
37
5
Cache Me If You Can: Messing with Web Caching (tldrsec.com)
submitted 2 years ago by N7x to c/appsec
0 comments fedilink
38
7
AppSec podcasts? (self.appsec)
submitted 2 years ago by N7x to c/appsec
3 comments fedilink
 
 

There is a nice list of Infosec podcasts here: https://infosec.pub/post/152754

What are your more specialized appsec recommendations?

39
8
DNS Analyzer - Finding DNS vulnerabilities with Burp Suite (sec-consult.com)
submitted 2 years ago by N7x to c/appsec
1 comments fedilink
 
 

A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.

40
4
Bypassing CSP via DOM clobbering (portswigger.net)
submitted 2 years ago by N7x to c/appsec
1 comments fedilink
 
 

You might have found HTML injection, but unfortunately identified that the site is protected with CSP. All is not lost, it might be possible to bypass CSP using DOM clobbering, which you can now detect using DOM Invader! In this post we’ll show you how.

We’ve based the test case on a bug bounty site, so you’re likely to encounter similar code in the wild. If you’re unfamiliar with DOM clobbering then head over to our Academy to learn about this attack class and solve the labs.

41
4
Pre-authenticated RCE in VMware vRealize Network Insight (summoning.team)
submitted 2 years ago by laszlok to c/appsec
0 comments fedilink