Chris.Harris
@AppSecTutor
Application Security Pro, cutting through the hype, continuously improving and sharing quality techn content | OSCP, CISSP, MS Software Dev - Boston University
You might like
Excellent in depth write-up by @pwntester of some nuanced Java deserialization vulns found in Dubbo!
GHSL-2021-034_043: Multiple pre-auth RCEs in Apache Dubbo - CVE-2021-25641, CVE-2021-30179, CVE-2021-30180, CVE-2021-30181, CVE-2021-32824 github.co/3xKShKm
5 things you must do as a new developer👇 1. You must start now 2. You must be consistent 3. You must build projects 4. You must join a community 5. You must code along when using a tutorial/course What would you add to this list?
Here's the deal. If you want to do #swsec (aka #appsec), you really need to know how to code. Honest.
This is an amazing piece of work from @thatsjet that helps bring sense around what to log for security purposes. This cheatsheet just went live today! cheatsheetseries.owasp.org/cheatsheets/Ap…
Awesome new opportunity to join our growing AppSec squad! Looking for anyone with a passion for software security, continuous learning and helping our dev teams run fast and stay secure paychex.recsolu.com/jobs/2wtGkCjz5…
If you work with app devs and struggle to succinctly answer the question “What should I be logging?”, this is a fantastic resource to get started from!
Just published my first project in the #OWASPCheatSheet series, the Application Logging Vocabulary Cheat Sheet. It's still in draft, but I'm proud of it. #AppSec #DevSecOps #Logging #infosecurity github.com/OWASP/CheatShe…
Cloud Learning Protip: If you can afford it, set aside $15-25 a paycheck to pay for machines/services so you can learn-by-doing. It's a really solid way to build something and gain some level of experience. Be real, you've spent more money on dumber things. Invest in yourself.
As a college kid in ‘08, reading the DNS research by @dakami totally blew my mind and was a huge part of what led me to chase a career in infosec. You are an inspiration, your passion and warmth was contagious and it lit a fire in me as well as many many others. Rest In Peace
1/2 Don’t view XSS as a vulnerability that needs fixing - you’ll end up playing “whack-a-mole” till kingdom comes. Instead view “lack of context-aware automated output escaping” in all of your web application frameworks as the issue that needs fixing.
Manicode AppSec Top Ten 1) Lack of Security Testing 2) Insecure 3rd Party Libs 3) SSRF 4) SQL & Other Forms of Injection 5) Access Control Issues 6) XSS 7) AuthN Issues 8) Lack of AppSec Dev Champions 9) Lack of Secrets Management 10) Poorly configured HTTPS
Starting in one hour, @devops_rob will join us @Owasp_DevSlop and discuss secret management and what challenges a developer may face when their code meets secrets including how to implement simple API driven workflows. 🔗: youtu.be/Ol4HEhhwobs
Check out the new cheatsheet : 10 best practices to build a Java container with Docker | snyk.io/blog/best-prac…
snyk.io
10 best practices to build Java containers with Docker | Snyk Blog | Snyk
Learn how to create an optimized secure Java container for your application. This cheatsheet is the guide you need to create a Java container with Docker.
OAuth2 can be your best friend forever if you BFF #KeepOAuth2TokensOutOfBrowsers kennethlange.com/backends-for-f…
Damn-Vulnerable-GraphQL-Application - Damn Vulnerable GraphQL Application Is An Intentionally Vulnerable Implementation Of Facebook's GraphQL Technology, To Learn And Practice GraphQL Security ift.tt/3ahdIK8 #security #pentest #hacking #hacker #tools
Fantastic presentation w/ lots of live coding & review by @manicode and @ronperris on XSS in React! Some really quality conversation about entity vs attribute encoding, and ensuing fixes are comprehensive. Highly recommended
Yesterday I fixed a couple XSS vulnerabilities in a React application with @manicode. He wore many hats during the presentation, literally - he switched physical hats three times. youtu.be/VtNotePFuJY
That’s a real one right there! In the same vain, a deep knowledge of fundamentals in web security and software proves hugely more valuable than trying to chase the latest obscure attacks and overhyped products
Yesterday I fixed a couple XSS vulnerabilities in a React application with @manicode. He wore many hats during the presentation, literally - he switched physical hats three times. youtu.be/VtNotePFuJY
Whenever I get discouraged and want to quit something, I remember the words of my then 3 year-old after she puked carrots all over the living room floor: "I'm gonna need more carrots."
![dayzerosec's profile picture. Account for the day[0] podcast + media.](https://pbs.twimg.com/profile_images/1221600753904537601/8sV0PIy_.png)
United States Trends
- 1. Comey 116K posts
- 2. GeForce Season 1,226 posts
- 3. Everton 67.9K posts
- 4. Gueye 12.2K posts
- 5. Opus 4.5 4,877 posts
- 6. Mark Kelly 80.4K posts
- 7. Halligan 37.1K posts
- 8. Keane 8,051 posts
- 9. Hegseth 29K posts
- 10. #WooSoxWishList 11.2K posts
- 11. Department of War 23.5K posts
- 12. UCMJ 12.5K posts
- 13. Pentagon 17.3K posts
- 14. #MUNEVE 6,701 posts
- 15. Ja'Kobi Gillespie N/A
- 16. Happy Thanksgiving 14.8K posts
- 17. Dismissed 55.6K posts
- 18. Brosmer 2,473 posts
- 19. Dorgu 3,646 posts
- 20. Gana 53.1K posts
Something went wrong.
Something went wrong.