appsec N7x • 2 weeks ago • 100%

Found this interesting list: https://list.latio.tech/ On the open source side, there is https://www.dependencytrack.org/

appsec N7x • 8 months ago • 100%

cross-posted from: https://infosec.pub/post/8123190 > Hello everyone, > > > I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel. > > I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?

cybersecurity N7x • 8 months ago • 90%

Hello everyone, I hope this post belongs here, otherwise I'll move it to [!appsec@infosec.pub](https://infosec.pub/c/appsec). I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel. I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?

cybersecurity N7x • 1 year ago • 100%

www.reuters.com

cross-posted from: https://lemmy.capebreton.social/post/82259 > OSLO, July 24 (Reuters) - Twelve Norwegian government ministries have been hit by a cyber attack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe's largest gas supplier and NATO's northernmost member. > > "We identified a weakness in the platform of one of our suppliers. That weakness has now been shut," Erik Hope, head of the government agency in charge of providing services to ministries, told a news conference. > > The attack was identified due to "unusual" traffic on the supplier's platform, Hope said, declining to provide specifics. It was uncovered on July 12 and was being investigated by police. > > "It is too early to say who is back this and what is the extent of the impact (of the attack)," he said.

www.dignitymemorial.com

RIP

appsec N7x • 1 year ago • 100%

There is a nice list of Infosec podcasts here: https://infosec.pub/post/152754 What are your more specialized appsec recommendations?

appsec N7x • 1 year ago • 100%

sec-consult.com

A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.

appsec N7x • 1 year ago • 100%

portswigger.net

You might have found HTML injection, but unfortunately identified that the site is protected with CSP. All is not lost, it might be possible to bypass CSP using DOM clobbering, which you can now detect using DOM Invader! In this post we’ll show you how. We’ve based the test case on a bug bounty site, so you’re likely to encounter similar code in the wild. If you’re unfamiliar with DOM clobbering then head over to our Academy to learn about this attack class and solve the labs.

cybersecurity N7x • 1 year ago • 100%

portswigger.net

You might have found HTML injection, but unfortunately identified that the site is protected with CSP. All is not lost, it might be possible to bypass CSP using DOM clobbering, which you can now detect using DOM Invader! In this post we'll show you how. We've based the test case on a bug bounty site, so you're likely to encounter similar code in the wild. If you're unfamiliar with DOM clobbering then head over to our Academy to learn about this attack class and solve the labs.

cybersecurity N7x • 1 year ago • 100%

sec-consult.com

A brand-new Burp Suite extension for discovering DNS vulnerabilities in web applications.