Congrats to the University of Pennsylvania for the greatest number of hacked Google hits via website open redirect.

e.g. https://www.google.com/search?q=site%3Awww.workday.upenn.edu+%22untitled%22

You can put any URL after "http://www.workday.upenn.edu/" and it will redirect there.

See https://cwe.mitre.org/data/definitions/601.html

#cybersecurity #security #privacy #CWE #CWE601 #OpenRedirect #WebSecurity #CrossSiteRedirect #CrossDomainRedirect #UniversityOfPennsylvania

fun with automated transcripts

"There's a plus loan."

"It's lantastic, yeah."

(context: a proposed feature was well-received by its biggest advocate)

#CWE

Does anybody use #CWE for anything important beyond initial sense of #vulnerability root cause when the vendor advisory is useless? I don't deny that it's useful to have a classification schema of some sort, but it seems like the sheer number of options and the frequent vagueness/wrongness makes it not terribly helpful for anything beyond "the vendors refuse to give you useful info."

@eric_capuano @hacks4pancakes oh and even better because no #CWE and #CVE doesn’t much do services no CVE ids for these vulns, so low visibility and likely more people to be impacted. Happy new years too I guess. Oh yeah https://cwe.mitre.org/ for CWE

@eric_capuano @hacks4pancakes fun fact we submitted a #CWE for that because there isn’t currently one, it’s literally not seen as a security problem. https://docs.google.com/document/d/10mPnC_WlZNFD3Z3m_MME2TpHEepHrntkt8NFzPdzZxM/edit Merry Christmas!

Heute erscheint das Magazin "Chemnitz zieht an" - herausgegeben von der CWE & dem Stadtstreicher mit einem Artikel über uns: https://kiosk-chemnitz.de/chemnitz-zieht-an-magazin/67424203/45

#Chemnitz2025 #Kulturhauptstadt2025 #Chemnitz #HandinHand #cwe #stadtstreicher #Chemnitzziehtan

So. Should #DAST solutions include #CVE aside to #CWE / #OWASP ?
For example; include a CVE like “jquery or glassphish out of date” etc? #infosec #webapp

So. Should #DAST solutions include #CVE aside to #CWE / #OWASP ?
For example; include a CVE like “jquery or glassphish out of date” etc? #infosec #webapp

#introduction My name is Jen, and I'm an avid #wine student in the Washington, DC, area! Earned my #CSW in 2020, and been diving more deeply into wine connections as I work on my #CWE & #WSET. Other interests include #food #cooking #europe #music #recoveringrunner #cats

@vanhoefm Hrmmm. Adding an RNG sleep statement to the hardware basically, but even then with enough replies I suspect you'd be able to do some math magic to average it out if you collected enough (10? 1000?) and get an answer, less precise, but still an answer. This is a fascinating problem. #CWE reminder

前端的程式碼如果沒有 bundle / uglify 過，這樣到底算不算是安全問題啊 XD

#CWE-540