I'm in a waiting room on page 1 of Web Application Security by Andrew Hoffman. When I got near the bottom of the page I noticed my thumb was slowly swiping up to reveal more content.

I need to read more dead trees.

#infosec #oreilly #webappsec #tech #books #stupid

Last updated 1 year ago

Axel Nennker · @AxelNennker
74 followers · 412 posts · Server mastodon.social

Did you note the fact that with in the cross-device scenario, when a qrcode is scanned the authenticator device makes sure via Bluetooth that the device displaying the qrcode and the one scanning it are in close proximity?!

Can we standardize this security feature at @w3c , please?

This is a really useful security feature, I think

Thoughts, @torgo @dveditz

#passkey #webappsec

Last updated 2 years ago

ath0 · @scottlink
211 followers · 282 posts · Server infosec.exchange

: Day 7d : Kept chipping away at new release broscience. Good challenge for testing. Recognized an top 10 vulnerability, but I needed a nudge on how to get ZAP to help me exploit it--Replacer, ftw. Still have some enumeration to do to figure out initial access. Incremental progress is still progress...

#hack100days #hackthebox #webappsec #owasp #infosec #sharpenthesaw

Last updated 2 years ago

kingthorin_rm · @kingthorin_rm
100 followers · 160 posts · Server infosec.exchange

Never a dull moment in

Some of my 2022 stats:

#opensource #owasp #zaproxy #webappsec #appsec

Last updated 2 years ago

Nikahverse · @nikahverse
78 followers · 162 posts · Server infosec.exchange
kingthorin_rm · @kingthorin_rm
86 followers · 121 posts · Server infosec.exchange

I did a thing:

Last week version 1.0.0 of the @zaproxy Encode/Decode/Hash add-on was released with a bunch of work I completed.

github.com/zaproxy/zap-extensi

#zaproxy #appsec #webappsec #redteam #purpleteam #owasp #bugbountytips #pentesting

Last updated 2 years ago

sumgr0 · @sumgr0
146 followers · 65 posts · Server infosec.exchange

RT @zaproxy@twitter.com

Version 1.0.0 of the Encode/Decode/Hash add-on was released earlier today with a bunch of work from @kingthorin_rm@twitter.com. Thanks!!!!

github.com/zaproxy/zap-extensi

🐦🔗: twitter.com/zaproxy/status/160

#zaproxy #appsec #webappsec #redteam #purpleteam #owasp #bugbountytips #pentesting

Last updated 2 years ago

kingthorin_rm · @kingthorin_rm
80 followers · 99 posts · Server infosec.exchange

@owasp & stuff I've been up to lately:

- A bunch of work on the @zaproxy
Encode/Decode/Hash tool.
- Prep work for @twitter@owasp_wstg release v4.3.
- Work on @zaproxy can rules example alerts & alert refs for documentation generation.
- OWASP VWAD additions.

#opensource #appsec #webappsec

Last updated 2 years ago

kingthorin_rm · @kingthorin_rm
80 followers · 99 posts · Server infosec.exchange
kingthorin_rm · @kingthorin_rm
73 followers · 65 posts · Server infosec.exchange

Support OWASP & ZAP!!!
giving.owasp.org/kingthorin_rm

We're still getting the content setup. But we can use any and all help!!!!! So I'm jumping in with both feet, 5 days to go on

#givingtuesday #owasp #opensource #pentest #redteam #purpleteam #blueteam #webappsec #appsec #vulnerabilityassessment

Last updated 2 years ago

Paweł Malita · @pawelmalita
31 followers · 46 posts · Server infosec.exchange

I'm spotting a LOT of tutorials, howtos, and manuals on based access token-only authorization for frontend applications, like . Almost none of them explain the connected with building the authorization layer based on long-living (sometimes infinitely) credential, which is not possible to be invalidated!

Those solutions are copied and pasted to real-life projects, introducing serious .

Dear ! You must stop!
Access tokens should live shortly, and their refreshing process must give a possibility to revoke the access (refresh token invalidation)!

There MUST BE some kind of user session in a web application!

evertpot.com/jwt-is-a-bad-defa

#jwt #react #risk #cyberthreat #developers #owasp #cybersecurity #webappsec

Last updated 2 years ago

kingthorin_rm · @kingthorin_rm
73 followers · 65 posts · Server infosec.exchange

Did you know you can color history items in w/ the Neonmarker add-on? Which now support coloring based on tags as well as arbitrary assignments.

#zaproxy #owasp #appsec #webappsec #bugbountytip #redteam #purpleteam #pentesting #pentest

Last updated 2 years ago

Rory McCune · @raesene
450 followers · 77 posts · Server infosec.exchange

As appears to be tradition, here's an from me :) After some time as a admin, I've been in for a bit over 20 years.

Started in financial services as a security analyst, moved into for banks then as a consultant for various companies and now experiencing the sometimes odd world of Security Advocacy.

Tech-wise these days I focus on and all things containerization, but dabble in things and code in and when required.

#introduction #netware #infosec #pentesting #kubernetes #docker #webappsec #ruby #golang

Last updated 2 years ago

Yellow Flag · @WPalant
651 followers · 2784 posts · Server infosec.exchange

Yahoo! and AOL implement an account recovery flow which can be summed up as "please hijack me." If you use them, you are better be very certain you control that recovery phone number of yours.

palant.de/2020/03/09/yahoo-and

#webappsec #infosec #yahoo #aol #verizon

Last updated 5 years ago