#appsec search results

🚨One vulnerability could cost everything. Learn 9 best practices to keep your web apps secure. 👉7asecurity.com/blog/2025/11/9… #CyberSecurity #AppSec #WebSecurity

🧩🎉 Explored mass assignment — reminder that unchecked model binding can let attackers set unexpected fields. #AppSec #WebSec @CyberMindSpace

🎉 Found & exploited an unused API endpoint (lab)! Eye-opening reminder that forgotten endpoints can expose sensitive functionality. #AppSec #API @CyberMindSpace @anand114bug @RohitVishw54326

New data from @cmdnctrl reveals that moderate-level training delivers the best results in application security learning. Jose Lazu explores how the right balance of challenge design accelerates skills and strengthens AppSec. 🔗 Learn more: informationsecuritybuzz.com/challenge-desi… #AppSec #ISB

Authenticated DAST that just works: Polaris fAST Dynamic and Continuous Dynamic turn login chaos into scan-ready calm. Read the blog to learn more. 🔗 #Polaris #DAST #AppSec #BlackDuck #DevSecOps #ContinousDynamic bit.ly/4qQGSFi

OPA vs Cedar—7 steps to ship policy-as-code. When to choose each, deploy patterns (sidecar/library/gateway), ABAC/RBAC examples, CI gates, logs/metrics, and safe rollout. cybersrely.com/opa-vs-cedar-s… #DevSecOps #PolicyAsCode #AppSec #OPA #Cedar #Kubernetes #CI/CD #Authorization

Two New Web Application Risk Categories Added to OWASP Top 10 dlvr.it/TPBqXn #appsec

Shipping LLM features? Map OWASP LLM Top 10 to MITRE ATLAS to test prompt injection, data leakage & tool misuse—plus guardrails, evals, logging, kill-switches. #LLMSecurity #AppSec #DevSecOps #OWASPLLM #MITREATLAS linkedin.com/pulse/pentesti…

Finished PortSwigger: exploited a mass-assignment vuln to access unauthorized fields. Great hands-on reminder — whitelist inputs & validate server-side. #AppSec #BugBounty #PortSwigger @anand114bug @CyberMindSpace @rikki59845

Learned how query string parameter tampering can lead to SSPP on PortSwigger. Practical win for my bug bounty toolkit. 🛡️🔍 #AppSec #BugBountyv @anand114bug @CyberMindSpace @rikki59845

#AppSec #Whitepaper #Threat_Research "Comparative Analysis of Large Language Model Performance in Automated Threat Modeling: A WordPress Application Case Study", Aug. 2025. ]-> Repo - github.com/esekercan/sans… // This study investigates the use of LLMs as an assistant to conduct…

#AppSec #Cloud_Security 1⃣ PoC for CVE-2025-49844, CVE-2025-46817 and CVE-2025-46818 Critical Lua Engine Vulnerabilities redrays.io/blog/poc-for-c… // Three critical vulnerabilities in Redis 7.4.5 2⃣ Hunting for Bucket Traversals in Google's Client Libraries…

🤖➡️🕵️ When AI agents act like insiders. Nov 19, 12pm ET OWASP Virtual Chapter w/ Dan Glass Topic: Agentic Misalignment RSVP: meetup.com/owasp-virtual-… #OWASP #AppSec #AI #AgenticAI @jerryhoff

🚨 CVE-2025-64502: Parse Server lets anyone run MongoDB explain queries without a master key, exposing schema and performance data. Upgrade to 8.5.0-alpha.5 or block explain queries ASAP! Full advisory ➡️ volerion.com/vulnerabilitie… #ParseServer #infosec #AppSec

Had a blast at #OWASP Global AppSec USA! Amazing sessions, next-level convos, & the puppy room was pure stress relief. 🐶 Huge thanks to @OX__Security & @Hacker0x01 for an epic Happy Hour! Cheers to strong partnerships & ongoing security talks. 🤝 #AppSec #Cybersecurity

A single bad file upload can break your entire app! 🚨 Secure uploads in your .NET app with: ✅ File type & size validation ✅ Image dimension checks ✅ File count limits ✅ Clear user feedback Protect your app from exploits, overloads & bad UX. #dotnet #AppSec #WebDev

💥 New writeup! Found a logic flaw that unlocked Enterprise features with one parameter change — earned $947 💰 Sometimes it’s all about logic, not payloads 👀 👉 medium.com/@ferdusalam0/h… #BugBounty #AppSec #LogicFlaw #CyberSecurity #bugbountywriteups

“𝐇𝐮𝐠𝐠𝐢𝐧𝐠 𝐅𝐚𝐜𝐞 𝐀𝐈 𝐅𝐀𝐐𝐬” is live! Your quick guide to mastering & securing the Hugging Face ecosystem, models, tokens & AI workflows. Read now 👉 xygeni.io/blog/hugging-f… #AI #HuggingFace #AppSec #DevSecOps #Xygeni

📢 OWASP Top 10 2025 is here! The new list introduces 'Software Supply Chain Failures' and 'Mishandling of Exceptional Conditions'. Security Misconfiguration jumps to #2, reflecting modern cloud risks. 🔒 #OWASP #AppSec #DevSecOps 🔗 cyber.netsecops.io/articles/owasp…

#CyberSecurity #InfoSec #AppSec #CloudSecurity #BlueTeam #DFIR #DevSecOps #ThreatHunting #OWASP #SOC #LearnByDoing #CyberWalNet

Just released the Ultimate IDOR Testing Checklist 🧩 I combined techniques from many sources to cover IDOR scenarios. Know a technique I missed? Drop it in the comments. Notion: mrdesoky0.notion.site/Ultimate-IDOR-… GitHub: github.com/mrdesoky0/vuln… #bugbountytips #IDOR #AppSec #InfoSec

Many bug hunters ignore blank 401 Unauthorized pages. If you ever land on a 401 Unauthorized page (like in the image), always check the response, you might find something big. #BugBounty #bugbountytips #appsec #latepost

Critical: GET /api/users/signed_in exposes PII & a reusable session cookie — token replay after logout allows account takeover. Reported via @Intigriti. #ResponsibleDisclosure #AppSec

The #Doyensec team is back from another great retreat! This time we toured Ireland 🇮🇪 and even met a working 🐑sheep dog ! A great chance for our remote team to connect IRL. Also, a big thank you 🙏 to our tour guide Antonio! #security #appsec #remote

Easy bounty tip: Race conditions are gold! Send the same request in parallel & Turbo Intruder→ app logic breaks → $$$ Always test creation endpoints (users, groups, payments). #BugBounty #bugbountytips #appsec

We’re super excited to welcome Yassine Bengana (@cousky_) to the Doyensec team! 🎉 He’s bringing serious AppSec skills and great vibes — can’t wait to see the cool stuff we’ll break (and build) together 🔥 #AppSec #infosec #Doyensec

Practicing Python to build my own security tools — bullish about the opportunities ahead. #appsec #cybersecurty

If you’re in DC for @owasp Global AppSec, join us for Apps(ec) & Aperitifs: dinner, drinks, swag, and sharp security conversations. Register to attend; spots and swag are limited. 📍RSVP here xbow.com/dcreception2025 #OWASP #AppSec #Cybersecurity

Burp Automator - Tool that uses the Burp Suite API to automate scanning. Can be used to setup DAST scanning. github.com/tristanlatr/bu… Credits to the author of the tool. #appsec #infosec #cybersecurity

Bytes Revealer tip #1: export selected bytes or define start/end offsets in many different formats like Assembler, C, Python, JavaScript and many more! Great for exploit development or malware analysis 😀 bytesrevealer.online The Open Source Hex Editor. #reversing #AppSec…

What are you up to today my fellow security researchers? #appsec #offsec

While working with JSON data today, I discovered a simple yet powerful tool called Gron, created by @TomNomNom . It helps visualize JSON in a clear and structured way. #appsec #bugbounty

VAmPI — Vulnerable API: una sandbox ideal para aprender #APIsecurity y practicar el OWASP API Top10. 🔐🐙 Ligero, en Docker y repleto de fallas reales para testear. ¿Les interesa que arme un blog con el paso a paso y ejemplos? Repo: → github.com/erev0s/VAmPI #AppSec…

Many bug hunters ignore blank 401 Unauthorized pages. If you ever land on a 401 Unauthorized page (like in the image), always check the response, you might find something big. #BugBounty #bugbountytips #appsec #infosec

Application Security ≠ optional 🔐 One flaw in your code can cost millions. Here are 10 AppSec Testing Techniques every team must know 👇 👉 Follow @MarcelVelica for cybersecurity checklists & insights 🔁 Share to keep devs secure #CyberSecurity #AppSec #InfoSec

Is there an #AppSec or #DevSecOps trend right now that you think is overhyped? Which one and whyyyyyy? Tell me your feels #talkappsectome

🚀 @Sunrun VDP is LIVE with @Bugcrowd 🔐 Safe Harbor • fast triage • clear scope 📫 Report here → bugcrowd.com/engagements/su… 🎁 Swag for valid submissions (limited) #VulnerabilityDisclosure #BugBounty #AppSec #InfoSec #CyberSecurity #Security #Bugcrowd

Behind every disclosed bug: failed attempts, duplicate reports, long triage, and stubborn persistence. Progress comes from persistence — not excuses. #BugBounty #MobileSecurity #AppSec #AndroidSecurity

Vibe coding is fast—but is it secure? Here are 5 critical lessons for AppSec teams navigating AI-generated code in production. jpmellojr.blogspot.com/2025/10/vibe-c… #VibeCoding #AppSec #AIgeneratedCode #DevSecOps #LLMcoding #CodeReview #SoftwareSecurity

𝗦𝗲𝗰𝘂𝗿𝗲 𝗯𝘆 𝗗𝗲𝘀𝗶𝗴𝗻 - 𝗘𝘅𝗲𝗰𝘂𝘁𝗶𝗼𝗻 𝗮𝗻𝗱 𝗙𝗶𝗹𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 open.substack.com/pub/devsecopsg… Syd, a senior Spring developer, trusted her file upload service with basic extension validation. "Only .pdf and .jpg files allowed," she thought. #appsec #devsecops