Roozbeh
@tracethecode
Security Researcher | App&Cloud Security Enthusiast
You might like
Conducting a pentest isn't just about finding vulnerabilities; it's crucial to show developers how to reproduce and properly fix issues. A good report includes NOT JUST evidence, but also clear steps for remediation. #Pentesting #CyberSecurity #Appsec
TRACE may be a useful HTTP method for debugging, but it's also a major security risk in production environments. By enabling TRACE, sensitive user data could be exposed to attackers. Always disable TRACE in production environments! #cybersecurity #websecurity
Reminder to developers: always use the verify() method when dealing with JWTs! Don't risk accepting arbitrary signatures by only decoding them with your JWT library. #cybersecurity #jwt #devtips
Good collection of API Security tools and resources. github.com/arainho/awesom… #AppSec #BugBounty #CyberSecurtiy
The results are in! We're proud to announce the Top 10 Web Hacking Techniques of 2022! portswigger.net/research/top-1…
AWSGoat : A Damn Vulnerable AWS Infrastructure. #Cloudsecurity #AWS #CyberSec github.com/ine-labs/AWSGo…
False assumptions = vulnerabilities. Don't assume this #NodeJS code is enough to prevent #PathTraversal attacks. Don't overlook the power of URL encoding! Ensure proper decoding & sanitization of filenames for robust #CyberSecurity. Stay ahead of the game. #WebSecurity 💡
Don't underestimate the importance of function behaviour in penetration testing. A deep understanding of functions behaviour is the foundation for finding vulnerabilities. #infosec #pentesting #BugBounty
Penetration testing is all about understanding a system's behavior. The key to finding vulnerabilities lies in comprehending the functions at play. #cybersecurity #penetrationtesting #AppSec
Different developers bring different levels of security knowledge to the table. That's why understanding the application's functions and their behaviours are crucial during a penetration test. #developers #securityawareness #PenetrationTesting
A built-to-be-vulnerable API application based on the OWASP top 10 API vulnerabilities. #informationsecurity #API #BugBounty github.com/Checkmarx/capi…
PHP Development Server <= 7.4.21 - Remote Source Disclosure. #infosecurity #development #AppSec #phpdeveloper blog.projectdiscovery.io/php-http-serve…
Just learned you can exploit blind file-reads in PHP by combining the dechunk filter with the PHP memory limit. This crazy finding by @hash_kitten is a great reminder to pay attention to CTF writeups! github.com/DownUnderCTF/C…
Truffle Security is proud to host a new XSSHunter, that finds new vulnerabilities trufflesecurity.com/blog/xsshunter/
APIs vs microservices! APIs allow communication between different services, while microservices represent a way of organizing and building those services. Think of APIs as the language, and microservices as the architecture. #APIs #Microservices #SoftwareArchitecture #cloud
ASP.NET insecure file upload code: Attackers could try to upload files with different extensions that are associated with , such as ".aspx", ".ashx", ".asmx", or ".axd". #bugbountytips #pentest #ASP #coding #appsec
A simple #Vulnerable File Upload PHP code that is lacking security measures & is vulnerable to #PathTraversal attacks, also allows uploading executables with alternative extensions. #cybersecuritytips #infosec #Security #bugbountytips #PHP
Don't let a simple file upload be your server's downfall! Ensure file names are properly validated & sanitized, and reject any that contain "../" #WebDevelopment #CyberSecurity #CyberSecurityAwareness
250k subdomain combinations in 0.67 seconds with mksub🚀
Here is a good collection of #bugbounty write-ups that can be helpful in understanding the methods and techniques to identify different #vulnerabilities. github.com/devanshbatham/… #CyberSecurity #BugBountyWriteups #PenTest
United States Trends
- 1. Packers 100K posts
- 2. Eagles 129K posts
- 3. Veterans Day 31.6K posts
- 4. Benítez 13.8K posts
- 5. Jordan Love 15.5K posts
- 6. LaFleur 14.9K posts
- 7. #WWERaw 139K posts
- 8. #TalusLabs N/A
- 9. AJ Brown 7,215 posts
- 10. McManus 4,517 posts
- 11. Green Bay 19.2K posts
- 12. Grayson Allen 4,478 posts
- 13. JOONGDUNK BRIGHT SKIN 233K posts
- 14. Sirianni 5,148 posts
- 15. Jaelan Phillips 8,280 posts
- 16. Patullo 12.5K posts
- 17. James Harden 2,076 posts
- 18. Berkeley 65.7K posts
- 19. Jalen 24.3K posts
- 20. Smitty 5,646 posts
Something went wrong.
Something went wrong.