OWASP Low-Code/No-Code
@OWASPNoCode
Security risks, hacking stories and ways to protect low-code/no-code apps #infosec #appsec #lowcode #nocode
Talvez você curta
Watch how #msft uses the #owasp Low-Code / No-Code Top 10 to securely accelarate business-led development! youtube.com/watch?v=yh9JdL…
youtube.com
YouTube
How Microsoft uses the OWASP Low-Code / No-Code Top 10
incredible vibes at openai's security conf last week I came out both humbled and excited and with a greater conviction -- you can just do things!
Had great fun Wednesday with Michael Bargury (@mbrg0 ) at Microsoft's BlueHat (#Bluehat) security conference on Wednesday. Our talk focused on risk reduction in Low-Code/No-Code platforms (x.com/MSFTBlueHat/st…).
really really excited to be sharing this insider today together with microsoft's @donwillits66 at #bluehat see you in 30m
modifying salesforce einstein is a privileged operation saved for admins unless einstein uses flows then flow makers can implicitly modify too
First Vulnerability in Salesforce AI Apparently you can edit edit EVERYONE’s Einstein Copilot without admin permissions? Here’s exactly how labs.zenity.io/p/over-permiss…
Join us in a couple of hours for awesome talks on attacking and defending low-code/no-code apps 🚀 by @wyattDaveDev @ZivDanielHagbi
🚨 Join Our Upcoming Webinar on Low-Code/No-Code Security! 🚨 I'm thrilled to invite you to our next OWASP Low-Code/No-Code security meetup! This is a must-attend event for anyone passionate about safeguarding their business apps. 👉 Register here: forms.gle/rot78zf6yKciNm…
@NoCodeOps is joining @Zapier, the leader in no-code automation! More here 👉 nocodeops.com/zapier
Pancakes have been had, now back to Power Automate. This tool is so powerful. As we all know, with great power comes .... This one will be a tough one to secure. Will need many layers of defense
tool drop time. enjoy! *powerpwn* v3 is out and its feature packed abusing m365 copilot collect full dumps of sensitive data across email, teams, sharepoint, calendar automated spear phishing scour the internet for copilot studio bots leaking sensitive data #DEFCON #BHUSA
Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows. wired.com/story/microsof…
Attacks on Microsoft’s Copilot AI allow for answers to be manipulated, data extracted, and security protections bypassed, new research shows. wired.trib.al/vULHXIm
I found a publicly exposed confidential document belonging to a fortune 500 company using copilot studio 🤖 The first step in finding it was discovering over 1K unauthenticated copilot studio bots
When I ask Copilot about bank details it starts talking about Satya Nadella?? This is ~RCE - Remote Copilot Execution. Making YOUR Copilot obey to ME. Asked about: -Emails? here's a link to the summary 😈 -Bank info? Here are the wrong details -And more... DIY guide: #RCE #BH
Wired magazine featuring #powerpwn Copilot spearphishing!! wired.com/story/microsof… youtube.com/watch?v=8qo42i…
Ever tried to navigate your way between the dozens of Microsoft admin portals? Just ask M365 Copilot, right? At your own risk. We got an ~RCE (Remote Copilot Execution) that can lead to phishing attacks just by sending a mail. #BHUSA #defcon32
we got an ~RCE on M365 Copilot by sending an email by ~RCE I mean full remote control over its actions - search for sensitive content (sharepoint, email, calendar, teams), execute plugins and outputs - bypass DLP controls, manipulate references, social engineer its users on our…
an attacker wants to get sensitive data you have access to here's how they get YOUR copilot to find and analyze that data, and lure you to a malicious site to exfiltrate it #DEFCON
while msft docs say this is not possible, copilot studio can leak High Restricted SharePoint files to any user on the Internet, no auth required #copilot #dataleak
The 2023 OWASP Global Board election has been finalized. First, congratulations to all the candidates. Directors elected in the 2023 Election are: Steve Springett Sam Stepanyan Kevin Johnson Avi Douglen The term for the Directors will begin on January 1, 2024.
Hi @OWASP folks at DC thank you for joining our project demo. Now join us at creating the next version of the Top 10!
United States Tendências
- 1. #SwiftDay 6,727 posts
- 2. Columbus 54.1K posts
- 3. #TSTheErasTour 1,685 posts
- 4. Knesset 93.5K posts
- 5. $ZOOZ 1,026 posts
- 6. Good Monday 35K posts
- 7. #IndigenousPeoplesDay 1,818 posts
- 8. #MondayMotivation 11.1K posts
- 9. Marc 34.5K posts
- 10. #MondayVibes 2,798 posts
- 11. Victory Monday N/A
- 12. Penta 4,259 posts
- 13. Branch 45K posts
- 14. Israeli Parliament 10.7K posts
- 15. Thanksgiving 39.7K posts
- 16. Rod Wave 2,606 posts
- 17. Happy 250th 1,408 posts
- 18. GOD BLESS THE PEACEMAKER 2,617 posts
- 19. All 20 76.4K posts
- 20. Cryptocurrencies 4,211 posts
Something went wrong.
Something went wrong.