AppSec Wiki
@appsecwiki
An initiative to provide Application security related resources to Security Researchers. Account Maintained by @exploitprotocol , @prakharprasad , @abhibundela.
Tal vez te guste
We've added a huge new topic, on XXE (XML external entity) injection. Lots of new content and 9 new labs! portswigger.net/web-security/x…
@appsecwiki has one of the most comprehensive and high quality appsec resources I have seen. I am using it now to learn AppSec appsecwiki.com
Added a DevSecOps section in @appsecwiki with some intial links. Will continue to add more resources as i learn more about it. Please add links/resources you are aware of. Thanks! appsecwiki.com/#/devsecops
GitHub Desktop RCE (OSX) Bug Bounty writeup: pwning.re/2018/12/04/git… Thank you @GitHubSecurity for the bounty!
Story of my two (but actually three) RCEs in SharePoint in 2018: soroush.secproject.com/blog/2018/12/s… - it all began with a simple question in Jan. 2018: "have you worked with ysoserial .net?" what a year! Glad blackhat.com/docs/us-17/thu… is in Top 10 Web Hacking Techniques of 2017 @pwntester
New write up - "Reading ASP secrets for $17,000" - the really fun process of exploiting local file disclosure 🧐 samcurry.net/reading-asp-se…
For better management of content, i have shifted all content of mobilesecuritywiki.com to @appsecwiki now. Apart from the existing content, Report/Writeups section is added. (appsecwiki.com/#/mobilesecuri…) Planning to release some useful content next month. Stay Tuned 😉
kiajobsingeorgia.com
Alexistogel » Situs Togel Resmi Dengan Bet Angka Bandar Togel Terpercaya
Alexistogel merupakan situs penyedia permainan togel resmi dengan bet angka jitu hari ini. Di banyaknya tempat pemasangan angka bandar togel terpercaya, yang menyediakan puluhan pasaran togel terbaik...
There's a common misconception that 'X-Frame-Options: allow-from hxxp://example.com/' prevents framing. In fact, this isn't secure because Chrome doesn't support allow-from and never will: bugs.chromium.org/p/chromium/iss… So you can stop reporting Burp's XFO check as a false positive :)
Hackers, minor cool insight that I gained some time ago and found a vulnerability with: when you're looking at an asset that may use a microservices architecture, look for IDOR vulnerabilities using path traversal. E.g. https://example/?id=1/../2. See thread. #TogetherWeHitHarder
Remote Code Execution with EL injection #bugbounty #RCE betterhacker.com/2018/12/rce-in…
This is very interesting!
Here are the slides from me and @LittleJoeTables's talk "Getting Buzzed on Buzzwords" (a talk on using cloud tech to vastly improve pen-testing activities): drive.google.com/file/d/1N52DTd… CC @_devalias @riposte_sec @bishopfox
A small gift from S2anta: @breenmachine showed how to abuse JasperReports for RCE (foxglovesecurity.com/2016/10/14/hac…) - now here's a single .JRXML file to achieve the same thing if no .JAR's are allowed: gist.github.com/v-p-b/dd95c72c…
We just shipped our first newsletter. You can subscribe to newsletter at appsecwiki.com/#/?id=newslett… if you have not already. Here is the link to this week newsletter: mailchi.mp/7d632ba1dc74/a… Thanks!
My latest #bugbounty writeup: A $2,500 IDOR in New Relic that allowed me to run NRQL queries and retrieve data from any New Relic account. You can read it here: jonbottarini.com/2018/10/09/get… Let me know what you think! #TogetherWeHitHarder #HackerOne
An interesting #Google vulnerability that got me 3133.7 reward. sec-down.com/wordpress/?p=8…
My new blog post. GoogleMeetRoulette: Joining random #Google meetings. Enjoy! martinvigo.com/googlemeetroul…
United States Tendencias
- 1. Lakers 55K posts
- 2. Luka 55.7K posts
- 3. Wemby 21.9K posts
- 4. Marcus Smart 4,271 posts
- 5. #LakeShow 4,467 posts
- 6. Blazers 6,551 posts
- 7. Richard 44.8K posts
- 8. Ayton 10.5K posts
- 9. Horford 1,592 posts
- 10. Westbrook 8,386 posts
- 11. #RipCity N/A
- 12. #AEWDynamite 19.2K posts
- 13. Podz 2,238 posts
- 14. Champagnie 1,134 posts
- 15. Kuminga 3,116 posts
- 16. #AmphoreusStamp 4,106 posts
- 17. Spencer Knight N/A
- 18. Thunder 31K posts
- 19. #Survivor49 3,270 posts
- 20. Deni 5,925 posts
Tal vez te guste
-
Joel Margolis (teknogeek)
@0xteknogeek -
Jasmin Landry
@JR0ch17 -
streaak
@streaak -
pwnmachine 👾
@princechaddha -
Wh11teW0lf
@Wh11teW0lf -
Ron Chan
@ngalongc -
Armaan Pathan
@armaancrockroax -
Parth Malhotra
@Parth_Malhotra -
gujjuboy10x00
@vis_hacker -
Vipin Panchal
@dirtycoder0124 -
@v!b$123!
@vibs123i -
Karel Origin
@Karel_Origin -
Arbaz Hussain
@ArbazKiraak -
𝐑𝐀𝐢𝐡𝐚𝐧 ✪
@zapstiko -
Akhil Renikunta
@akhilreni_hs
Something went wrong.
Something went wrong.