Dominique Righetto
@righettod.eu
👨💻 AppSec enthusiast | 🐶 Addicted to Shetland Sheepdogs | 🌏 Open Source/AppSec/OWASP junkie | 🐝 OWASP Secure Headers Project Leader.
🚩 Opinions mentioned are mine.
🚩 Opinions mentioned are mine.
🧑💻 During the secure code reviews I perform, I quite often find that sensitive information is included in messages intended to be written to event logs or error messages. I added a utility method to my "code-snippets-security-utils" project to help detection.
#appsec #appsecurity
#appsec #appsecurity
November 9, 2025 at 10:01 AM
🧑💻 During the secure code reviews I perform, I quite often find that sensitive information is included in messages intended to be written to event logs or error messages. I added a utility method to my "code-snippets-security-utils" project to help detection.
#appsec #appsecurity
#appsec #appsecurity
🧑🎓 Learning of the day for me: During my technical survey, I found a GitHub project offering a POC for CVE-2025-54988. I therefore decided to add a new check for this attack vector to my code snippet project for validating PDF files.
github.com/righettod/co...
#appsec #appsecurity
github.com/righettod/co...
#appsec #appsecurity
September 15, 2025 at 1:14 PM
🧑🎓 Learning of the day for me: During my technical survey, I found a GitHub project offering a POC for CVE-2025-54988. I therefore decided to add a new check for this attack vector to my code snippet project for validating PDF files.
github.com/righettod/co...
#appsec #appsecurity
github.com/righettod/co...
#appsec #appsecurity
📡 OWASP Secure Headers Project: We added information about the response header "X-DNS-Prefetch-Control" based on technical tests we performed.
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
August 17, 2025 at 6:52 AM
📡 OWASP Secure Headers Project: We added information about the response header "X-DNS-Prefetch-Control" based on technical tests we performed.
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
💻 Script:
github.com/righettod/to...
📖 References & tools used:
- deps.dev
- owasp.org/www-project-...
- docs.npmjs.com/cli/v9/comma...
- classic.yarnpkg.com/lang/en/docs...
#appsec #appsecurity #cve #maven #npm
github.com/righettod/to...
📖 References & tools used:
- deps.dev
- owasp.org/www-project-...
- docs.npmjs.com/cli/v9/comma...
- classic.yarnpkg.com/lang/en/docs...
#appsec #appsecurity #cve #maven #npm
July 19, 2025 at 3:39 PM
💻 Script:
github.com/righettod/to...
📖 References & tools used:
- deps.dev
- owasp.org/www-project-...
- docs.npmjs.com/cli/v9/comma...
- classic.yarnpkg.com/lang/en/docs...
#appsec #appsecurity #cve #maven #npm
github.com/righettod/to...
📖 References & tools used:
- deps.dev
- owasp.org/www-project-...
- docs.npmjs.com/cli/v9/comma...
- classic.yarnpkg.com/lang/en/docs...
#appsec #appsecurity #cve #maven #npm
🔬 When I perform a secure code review, I also check whether the external components used are affected by public vulnerabilities (CVE). Recently, after a advice from my manager on this subject, I tried to go further and check whether the CVEs identified had a POC/Exploit.
#appsec #appsecurity #cve
#appsec #appsecurity #cve
July 5, 2025 at 2:57 PM
🔬 When I perform a secure code review, I also check whether the external components used are affected by public vulnerabilities (CVE). Recently, after a advice from my manager on this subject, I tried to go further and check whether the CVEs identified had a POC/Exploit.
#appsec #appsecurity #cve
#appsec #appsecurity #cve
🧑🎓 Learning of the day for me: I discovered that it is possible to leverage the instruction "include" in a XSD schema to perform a SSRF when the schema is parsed by the schema factory.
#appsec #appsecurity #java
#appsec #appsecurity #java
June 26, 2025 at 5:08 PM
🧑🎓 Learning of the day for me: I discovered that it is possible to leverage the instruction "include" in a XSD schema to perform a SSRF when the schema is parsed by the schema factory.
#appsec #appsecurity #java
#appsec #appsecurity #java
📡 OWASP Secure Headers Project: We've reworked the section providing code snippets for configuring different web/application servers to leverage "LLM as a Service" providers.
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
June 12, 2025 at 4:38 AM
📡 OWASP Secure Headers Project: We've reworked the section providing code snippets for configuring different web/application servers to leverage "LLM as a Service" providers.
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
📡 OWASP Secure Headers Project: Spring updates n°1.
1) Several updates were made to the content.
2) A redirection from previous links was implemented.
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
💡 Related pull requests:
- github.com/OWASP/www-pr...
- github.com/OWASP/owasp....
1) Several updates were made to the content.
2) A redirection from previous links was implemented.
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
💡 Related pull requests:
- github.com/OWASP/www-pr...
- github.com/OWASP/owasp....
April 15, 2025 at 4:35 AM
📡 OWASP Secure Headers Project: Spring updates n°1.
1) Several updates were made to the content.
2) A redirection from previous links was implemented.
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
💡 Related pull requests:
- github.com/OWASP/www-pr...
- github.com/OWASP/owasp....
1) Several updates were made to the content.
2) A redirection from previous links was implemented.
#appsec #appsecurity #owasp_shp
📖 owasp.org/www-project-...
💡 Related pull requests:
- github.com/OWASP/www-pr...
- github.com/OWASP/owasp....
💡Discovery of the day for me: Mozilla's new tool for checking a website's configuration in terms of HTTP headers and other aspects of its security.
💻GitHub Repository: github.com/mdn/mdn-http...
🔬Site: developer.mozilla.org/en-US/observ...
#appsec #appsecurity #web
💻GitHub Repository: github.com/mdn/mdn-http...
🔬Site: developer.mozilla.org/en-US/observ...
#appsec #appsecurity #web
April 13, 2025 at 7:11 AM
💡Discovery of the day for me: Mozilla's new tool for checking a website's configuration in terms of HTTP headers and other aspects of its security.
💻GitHub Repository: github.com/mdn/mdn-http...
🔬Site: developer.mozilla.org/en-US/observ...
#appsec #appsecurity #web
💻GitHub Repository: github.com/mdn/mdn-http...
🔬Site: developer.mozilla.org/en-US/observ...
#appsec #appsecurity #web
Thank you very x1000000 much @shehackspurple.bsky.social 😊
It is time for me to learn new things in secure code review activity 👨💻
It is time for me to learn new things in secure code review activity 👨💻
March 18, 2025 at 5:18 AM
Thank you very x1000000 much @shehackspurple.bsky.social 😊
It is time for me to learn new things in secure code review activity 👨💻
It is time for me to learn new things in secure code review activity 👨💻
👨💻 Addition of a new method for checking a regular expression against the “ReDOS” attack.
🌍 righettod.github.io/code-snippet...
💻 github.com/righettod/co...
#appsec #appsecurity
📖 Every resources used are referenced into the code.
🌍 righettod.github.io/code-snippet...
💻 github.com/righettod/co...
#appsec #appsecurity
📖 Every resources used are referenced into the code.
March 16, 2025 at 8:10 AM
👨💻 Addition of a new method for checking a regular expression against the “ReDOS” attack.
🌍 righettod.github.io/code-snippet...
💻 github.com/righettod/co...
#appsec #appsecurity
📖 Every resources used are referenced into the code.
🌍 righettod.github.io/code-snippet...
💻 github.com/righettod/co...
#appsec #appsecurity
📖 Every resources used are referenced into the code.
📡 OWASP Secure Headers Project: We've redesigned the way statistics are generated and presented. They are now integrated into the main site.
#appsec #appsecurity #owasp_shp
📊 owasp.org/www-project-...
#appsec #appsecurity #owasp_shp
📊 owasp.org/www-project-...
February 22, 2025 at 9:11 AM
📡 OWASP Secure Headers Project: We've redesigned the way statistics are generated and presented. They are now integrated into the main site.
#appsec #appsecurity #owasp_shp
📊 owasp.org/www-project-...
#appsec #appsecurity #owasp_shp
📊 owasp.org/www-project-...
✅I ran a quick test, and the default behavior seems secure against this attack vector, which is good news from an AppSec point of view.
#appsec #appsecurity #web #python
#appsec #appsecurity #web #python
February 16, 2025 at 9:13 AM
✅I ran a quick test, and the default behavior seems secure against this attack vector, which is good news from an AppSec point of view.
#appsec #appsecurity #web #python
#appsec #appsecurity #web #python
🤔 Based on issues that I have seen during recent assessments, I updated my code sharing project with a method related to JWT based tokens:
#appsec #appsecurity #jwt #web
🌍 URL:
github.com/righettod/co...
righettod.github.io/code-snippet...
#appsec #appsecurity #jwt #web
🌍 URL:
github.com/righettod/co...
righettod.github.io/code-snippet...
February 9, 2025 at 4:59 PM
🤔 Based on issues that I have seen during recent assessments, I updated my code sharing project with a method related to JWT based tokens:
#appsec #appsecurity #jwt #web
🌍 URL:
github.com/righettod/co...
righettod.github.io/code-snippet...
#appsec #appsecurity #jwt #web
🌍 URL:
github.com/righettod/co...
righettod.github.io/code-snippet...
Indeed and, to be honest, I was wrong until your message 😱
So, I performed a tiny POC that fully confirmed your remark. Thanks a lot for your very useful remark 👍
So, I performed a tiny POC that fully confirmed your remark. Thanks a lot for your very useful remark 👍
January 19, 2025 at 8:54 AM
Indeed and, to be honest, I was wrong until your message 😱
So, I performed a tiny POC that fully confirmed your remark. Thanks a lot for your very useful remark 👍
So, I performed a tiny POC that fully confirmed your remark. Thanks a lot for your very useful remark 👍
📡If you use TestSSL to check the TLS configuration of several services, you may find this set of scripts useful:
github.com/righettod/to...
github.com/righettod/to...
#appsec #appsecurity #tls #testssl
github.com/righettod/to...
github.com/righettod/to...
#appsec #appsecurity #tls #testssl
January 18, 2025 at 7:59 PM
📡If you use TestSSL to check the TLS configuration of several services, you may find this set of scripts useful:
github.com/righettod/to...
github.com/righettod/to...
#appsec #appsecurity #tls #testssl
github.com/righettod/to...
github.com/righettod/to...
#appsec #appsecurity #tls #testssl
📡 OWASP Secure Headers Project: Section about Content-Security-Policy bypasses prevention updated with information related to the "base-uri" directive.
#appsec #appsecurity #owasp_shp #csp
📖 owasp.org/www-project-...
#appsec #appsecurity #owasp_shp #csp
📖 owasp.org/www-project-...
January 14, 2025 at 3:09 PM
📡 OWASP Secure Headers Project: Section about Content-Security-Policy bypasses prevention updated with information related to the "base-uri" directive.
#appsec #appsecurity #owasp_shp #csp
📖 owasp.org/www-project-...
#appsec #appsecurity #owasp_shp #csp
📖 owasp.org/www-project-...
Thanks a lot, we already referenced it 😉
December 22, 2024 at 9:52 AM
Thanks a lot, we already referenced it 😉
📡 OWASP Secure Headers Project: We played around with some popular artificial intelligence systems to generate cool new OSHP logos that better fit our mantra.
#appsec #appsecurity #oshp #logo
📖 github.com/OWASP/owasp-...
💡 AI systems used:
- chatgpt.com
- copilot.microsoft.com
👀 Example:
#appsec #appsecurity #oshp #logo
📖 github.com/OWASP/owasp-...
💡 AI systems used:
- chatgpt.com
- copilot.microsoft.com
👀 Example:
December 20, 2024 at 1:26 PM
📡 OWASP Secure Headers Project: We played around with some popular artificial intelligence systems to generate cool new OSHP logos that better fit our mantra.
#appsec #appsecurity #oshp #logo
📖 github.com/OWASP/owasp-...
💡 AI systems used:
- chatgpt.com
- copilot.microsoft.com
👀 Example:
#appsec #appsecurity #oshp #logo
📖 github.com/OWASP/owasp-...
💡 AI systems used:
- chatgpt.com
- copilot.microsoft.com
👀 Example:
Thank you very much @pentesterlab.com and @snyff.pentesterlab.com 🥰🥰🥰🥰
December 19, 2024 at 3:52 PM
Thank you very much @pentesterlab.com and @snyff.pentesterlab.com 🥰🥰🥰🥰
📡 OWASP Secure Headers Project: To close the 2024 roadmap and prepare for 2025, discussion/issue management has been moved to the main repository.
#appsec #appsecurity #oshp
📖 github.com/OWASP/www-pr...
#appsec #appsecurity #oshp
📖 github.com/OWASP/www-pr...
December 18, 2024 at 7:57 AM
📡 OWASP Secure Headers Project: To close the 2024 roadmap and prepare for 2025, discussion/issue management has been moved to the main repository.
#appsec #appsecurity #oshp
📖 github.com/OWASP/www-pr...
#appsec #appsecurity #oshp
📖 github.com/OWASP/www-pr...
📡 OWASP Secure Headers Project: The "Response Headers" section has been updated with a series of very interesting blog posts about the "Cross-Origin-Embedder-Policy", "Cross-Origin-Opener-Policy" and "Cross-Origin-Resource-Policy" headers.
#appsec #appsecurity #oshp
📖 owasp.org/www-project-...
#appsec #appsecurity #oshp
📖 owasp.org/www-project-...
December 6, 2024 at 7:52 AM
📡 OWASP Secure Headers Project: The "Response Headers" section has been updated with a series of very interesting blog posts about the "Cross-Origin-Embedder-Policy", "Cross-Origin-Opener-Policy" and "Cross-Origin-Resource-Policy" headers.
#appsec #appsecurity #oshp
📖 owasp.org/www-project-...
#appsec #appsecurity #oshp
📖 owasp.org/www-project-...
I share an image, that I found on Twitter some month ago, that I uses in my "toolkit" to handle my ASD+ADHD:
🌏Source: twitter.com/milan_milano...
#autism #asd #adha
🌏Source: twitter.com/milan_milano...
#autism #asd #adha
November 27, 2024 at 6:25 AM
I share an image, that I found on Twitter some month ago, that I uses in my "toolkit" to handle my ASD+ADHD:
🌏Source: twitter.com/milan_milano...
#autism #asd #adha
🌏Source: twitter.com/milan_milano...
#autism #asd #adha