Jay Cuthrell · @jay
103 followers · 438 posts · Server cuthrell.comπ₯β²οΈ Fudge Sunday "Fuzz Jam June" A look at the growing importance of fuzzing in platform engineering
#fuzzing #fuzztesting #fuzzylogic #fuzzball #fuzzy #platformengineering #platformengineer #toolchains #attestation #softwaresupplychain #softwaresupplychainsecurity #dast #owasp #waf #cncf #aif #artificialintelliegence #machinelearningmodels #cloudinfrastructure #securityautomation #securitybydesign #scanning #defenseindepth #shiftleft #newsletter #newsletters
#fuzzing #fuzztesting #fuzzylogic #fuzzball #fuzzy #platformengineering #platformengineer #toolchains #attestation #softwaresupplychain #softwaresupplychainsecurity #dast #owasp #waf #cncf #aif #artificialintelliegence #machinelearningmodels #cloudinfrastructure #securityautomation #securitybydesign #scanning #defenseindepth #shiftleft #newsletter #newsletters
Romano Roth · @romanoroth
17 followers · 60 posts · Server fosstodon.org
Learn How to Implement DAST (Dynamic Application Security Testing)in GitHub for Enhanced Application Security
With DAST, you evaluate a web application by simulating an attack in real-time to identify vulnerabilities and potential security flaws.
#cybersecurity #applicationsecurity #GitHub #DAST #securitytesting #devops
#cybersecurity #applicationsecurity #github #dast #securitytesting #devops
· @Dingodare
4 followers · 23 posts · Server mastodon.cloud
Brian Pavicic · @brianpavicic
1 followers · 3 posts · Server infosec.exchangeExtensive trials finished successfully β
.
Blessing from trial participants β
Solid vetting by outside experts β
Set to launch at π https://True-Inspect.com π is FREE TO USE enterprise-intensive #AppSec testing.
#appsec #tools #dast #websecurity #qa #pentesting
OWASP ZAP · @zaproxy
607 followers · 12 posts · Server infosec.exchangeHow to configure ZAP to handle difficult authentication use cases: https://www.zaproxy.org/blog/2023-02-01-authenticating-using-selenium/
#zaproxy #owasp #dast
Ben Stroz6i · @stroz
131 followers · 674 posts · Server infosec.exchangeIf you're looking for an SCA and/or DAST tool that doesn't break the bank, check out SOOS, it's pretty rad and has super simple pricing: https://soos.io/
#sca #SBOM #SBOMs #dast #cyclonedx
aegilops :github::microsoft: · @aegilops
71 followers · 264 posts · Server fosstodon.org@ibboard yep, it's painful!
A mix of compiler warnings, static analysis & dynamic analysis with sanitizers helped tame it for me.
Try Clang with `-Weverything -Werror`. Fix them and sometimes suppress them.
Free static analyzers include Clang Analyzer, GCC's static analyzer, CodeQL (free for open source), cbmc, cppcheck, and DevSkim.
Clang's sanitizers (ASan, UBSan, MSan, TSan) with a fuzzer (e.g. AFL++) will find lots of bugs.
#c #sast #dast #clang #securecoding
white amarok · @whiteamarok
6 followers · 13 posts · Server mastodon.uno
Nuclei adding URL Fuzzing
https://blog.projectdiscovery.io/nuclei-fuzz-all-the-way/
#hackwithautomation #dast #opensource #cybersecurity #bugbounty
#hackwithautomation #dast #opensource #cybersecurity #bugbounty
sumgr0 · @sumgr0
146 followers · 65 posts · Server infosec.exchangeRT @emgeekboy@twitter.com
Just released: the latest version of #nuclei, featuring β
β URL Fuzzing
β Automatic http probing
β ASN / CIDR Input
β Session/value sharing in workflows
β Custom template (GitHub/S3)
β Search engine query + template execution
https://github.com/projectdiscovery/fuzzing-templates
π¦π: https://twitter.com/emgeekboy/status/1600203535471480835
Brian Rogers · @brogers
153 followers · 92 posts · Server social.sdf.org@nonlinear
Boosted and bookmarked. I'll be curious to see what #DAST SaaS recommendations you get. I hope to be researching next year to recommend one to my employer. Doesn't Burp Suite Enterprise also have this capability?
#AppSec
Kris Hardy π§ · @nonlinear
34 followers · 92 posts · Server mastodon.nzDoes anyone have any thoughts about specific #dast systems? I'm putting together some recommendations for a small team that wants automated vuln scans on a website, and it needs to be SaaS. I've used #tinfoilsecurity before, and I'm curious what people think of #insightappsec #reconwithme #tenablewebapplicationscanning etc.
#dast #tinfoilsecurity #insightappsec #reconwithme #tenablewebapplicationscanning
sumgr0 · @sumgr0
146 followers · 65 posts · Server infosec.exchange
RT @emgeekboy@twitter.com
Next major @pdnuclei@twitter.com release in progress, this time automating nuclei templates to discover "unknown" vulnerabilities in web applications.
More details to be published soon.
#hackwithautomation #dast #security #opensource
π¦π: https://twitter.com/emgeekboy/status/1596600156174041094
#hackwithautomation #dast #security #opensource
Angerman π¦ · @Angerman
22 followers · 53 posts · Server infosec.exchange
Angerman π¦ · @Angerman
38 followers · 65 posts · Server infosec.exchange
G(0_o)S · @kgoossens
28 followers · 22 posts · Server fosstodon.org
π #gitlab 15.6 is here! With β #Git abuse rate limiting, Support for π£ special characters in CI/CD variables, π₯ group and subgroup-level scan result policies, π¬ DAST API analyzer for on-demand DAST API scans and π«Ά much more!
#gitlab #git #cicd #devops #devsecops #piplines #dast #policies
Alex Floyd Marshall · @afloydmarshall
47 followers · 39 posts · Server infosec.exchange
The standout quote: βintrusive black-box testing techniques like DAST and pen testing are particularly effective for surfacing exploitable vulnerabilities in the software development lifecycleβ #Infosec #SoftwareDevelopment #DevSecOps #DAST #PenTest
https://thenewstack.io/synopsyss-report-what-apps-dont-have-security-holes/
#infosec #softwaredevelopment #devsecops #dast #pentest
@steceroni β · @steceroni
16 followers · 30 posts · Server ioc.exchange
RT @Burp_Suite@twitter.com
Introducing the brand new flavour of Burp Suite - completely free, and available for a CI/CD pipeline near you β¦ #cicd #dast https://portswigger.net/blog/free-dastardly-from-burp-suite
π¦π: https://twitter.com/Burp_Suite/status/1586003274276261888
ITSEC News · @itsecbot
856 followers · 32557 posts · Server schleuss.online
DevSecOps Scanning Challenges & Tips - There are many ways to do DevSecOps, and each organization β each security team, ... http://feedproxy.google.com/~r/securityweekly/XBIC/~3/sDPFVohLN_k/ #devsecops #probely #dast