Erlend Oftedal
@webtonull.bsky.social
Security researcher at Crosspoint Labs. AppSec. Tweets are my own and do not express the opinion of my employer. OWASP. retire.js
Reminder that the Call for Presentations for Sikkerhetsfestivalen (The Security Festival) is open. OWASP Oslo is hosting an AppSec track. Scroll down the page for English version:
sikkerhetsfestivalen.no/alle-nyheter...
sikkerhetsfestivalen.no/alle-nyheter...
February 10, 2025 at 11:20 AM
Reminder that the Call for Presentations for Sikkerhetsfestivalen (The Security Festival) is open. OWASP Oslo is hosting an AppSec track. Scroll down the page for English version:
sikkerhetsfestivalen.no/alle-nyheter...
sikkerhetsfestivalen.no/alle-nyheter...
The CFP for the developer conference NDC Oslo closes today. Security talks of course also very welcome.
ndcoslo.com/call-for-pap...
ndcoslo.com/call-for-pap...
January 6, 2025 at 7:26 AM
The CFP for the developer conference NDC Oslo closes today. Security talks of course also very welcome.
ndcoslo.com/call-for-pap...
ndcoslo.com/call-for-pap...
Reposted by Erlend Oftedal
My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]
nastystereo.com/security/rai...
nastystereo.com/security/rai...
December 10, 2024 at 8:30 AM
My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]
nastystereo.com/security/rai...
nastystereo.com/security/rai...
Reposted by Erlend Oftedal
📡 OWASP Secure Headers Project: The "Response Headers" section has been updated with a series of very interesting blog posts about the "Cross-Origin-Embedder-Policy", "Cross-Origin-Opener-Policy" and "Cross-Origin-Resource-Policy" headers.
#appsec #appsecurity #oshp
📖 owasp.org/www-project-...
#appsec #appsecurity #oshp
📖 owasp.org/www-project-...
December 6, 2024 at 7:52 AM
📡 OWASP Secure Headers Project: The "Response Headers" section has been updated with a series of very interesting blog posts about the "Cross-Origin-Embedder-Policy", "Cross-Origin-Opener-Policy" and "Cross-Origin-Resource-Policy" headers.
#appsec #appsecurity #oshp
📖 owasp.org/www-project-...
#appsec #appsecurity #oshp
📖 owasp.org/www-project-...
Great read on bypassing upload filters:
blog.sicuranext.com/breaking-dow...
blog.sicuranext.com/breaking-dow...
Breaking Down Multipart Parsers: File upload validation bypass
TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass va...
blog.sicuranext.com
November 19, 2024 at 8:10 AM
Great read on bypassing upload filters:
blog.sicuranext.com/breaking-dow...
blog.sicuranext.com/breaking-dow...
Does anybody know why Microsoft is blocking the string ".@" in passwords in Azure AD B2C custom policy examples? It's not that they are blocking the individual characters, but that exact combination.
November 18, 2024 at 2:51 PM
Does anybody know why Microsoft is blocking the string ".@" in passwords in Azure AD B2C custom policy examples? It's not that they are blocking the individual characters, but that exact combination.
The CFP for NDC Security in Oslo, Norway is about to run out! Submit your talk today!
ndc-security.com/call-for-pap...
ndc-security.com/call-for-pap...
Call for Papers - NDC Security 2025 | Security Conference for Software Developers
NDC Security 2025 is a 4-Day Event for Software Developers with a focus on Security. 20-23 January 2025 - Radisson Blu Scandinavia Hotel.
ndc-security.com
September 13, 2024 at 7:37 AM
The CFP for NDC Security in Oslo, Norway is about to run out! Submit your talk today!
ndc-security.com/call-for-pap...
ndc-security.com/call-for-pap...
For people with more than one slack of varying importance, this grouping of the slacks is not a good design choice. I don't care if the least important slack has unreads. Now I have to click or hover to see which one it is.
September 13, 2023 at 8:24 AM
For people with more than one slack of varying importance, this grouping of the slacks is not a good design choice. I don't care if the least important slack has unreads. Now I have to click or hover to see which one it is.