We're happy to announce an update to sodium_compat that improves performance.
See github.com/paragonie/so...
#PHP #cryptography #libsodium #crypto #encryption #infosec #webappsec #appsec
See github.com/paragonie/so...
#PHP #cryptography #libsodium #crypto #encryption #infosec #webappsec #appsec
Release Version 2.4.0 · paragonie/sodium_compat
The biggest change (besides unit testing) in this release is the optimization of Curve25519 field arithmetic by using object properties instead of an internal array. This skips some internal overhe...
github.com
October 6, 2025 at 9:27 AM
We're happy to announce an update to sodium_compat that improves performance.
See github.com/paragonie/so...
#PHP #cryptography #libsodium #crypto #encryption #infosec #webappsec #appsec
See github.com/paragonie/so...
#PHP #cryptography #libsodium #crypto #encryption #infosec #webappsec #appsec
I just completed the Web Security Academy lab:
Authentication bypass via OAuth implicit flow
#AuthenticationBypass #WebAppSec #Cybersecurity
portswigger.net/web-security...
Authentication bypass via OAuth implicit flow
#AuthenticationBypass #WebAppSec #Cybersecurity
portswigger.net/web-security...
Lab: Authentication bypass via OAuth implicit flow | Web Security Academy
This lab uses an OAuth service to allow users to log in with their social media account. Flawed validation by the client application makes it possible for ...
portswigger.net
August 31, 2025 at 1:06 PM
I just completed the Web Security Academy lab:
Authentication bypass via OAuth implicit flow
#AuthenticationBypass #WebAppSec #Cybersecurity
portswigger.net/web-security...
Authentication bypass via OAuth implicit flow
#AuthenticationBypass #WebAppSec #Cybersecurity
portswigger.net/web-security...
Protect your code! Supply chain attacks on open source are rising. Secure your software now! #OpenSource #Security #SupplyChain #Cybersecurity #DevSecOps #InfoSec #WebAppSec #CodeSecurity
Video
Is the software powering your life secretly vulnerable? Learn about the surge in supply chain attacks targeting open-source code by state-backed groups. Stay informed to protect our digital future! #OpenSource #Cybersecurity #SupplyChainAttack 2025-08-03T003013.871+0200 Tools used for generation Text Gemini Narator Azure TTS Clips Pexel Rendering Remotion
www.youtube.com
August 2, 2025 at 10:41 PM
Protect your code! Supply chain attacks on open source are rising. Secure your software now! #OpenSource #Security #SupplyChain #Cybersecurity #DevSecOps #InfoSec #WebAppSec #CodeSecurity
Now it’s even easier to:
✅ Uncover unlinked or forgotten resources
✅ Spot exposed config files, DB dumps, and admin panels
✅ Cut through static and surface real exposure - fast
📎 Try the new experience 👉 pentest-tools.com/website-vuln...
#offensivesecurity #webappsec #vulnerabilityassessment
✅ Uncover unlinked or forgotten resources
✅ Spot exposed config files, DB dumps, and admin panels
✅ Cut through static and surface real exposure - fast
📎 Try the new experience 👉 pentest-tools.com/website-vuln...
#offensivesecurity #webappsec #vulnerabilityassessment
URL Fuzzer - ML-powered scanner for web recon & fuzz testing
Uncover hidden files and directories with our ML-powered URL Fuzzer. Cut false positives by 50% and get cleaner results from every fuzz scan.
pentest-tools.com
July 29, 2025 at 1:48 PM
Now it’s even easier to:
✅ Uncover unlinked or forgotten resources
✅ Spot exposed config files, DB dumps, and admin panels
✅ Cut through static and surface real exposure - fast
📎 Try the new experience 👉 pentest-tools.com/website-vuln...
#offensivesecurity #webappsec #vulnerabilityassessment
✅ Uncover unlinked or forgotten resources
✅ Spot exposed config files, DB dumps, and admin panels
✅ Cut through static and surface real exposure - fast
📎 Try the new experience 👉 pentest-tools.com/website-vuln...
#offensivesecurity #webappsec #vulnerabilityassessment
“API security is about to have its moment.”
In our latest CISO Spotlight, Rick Bohm dives into:
- Humanizing security through storytelling
- Why APIs are the weakest link
- What tomorrow’s CISOs need to succeed
📖 Read: lab.wallarm.com/ciso-spotlig...
#APIsecurity #CyberSecurity #WebAppSec
In our latest CISO Spotlight, Rick Bohm dives into:
- Humanizing security through storytelling
- Why APIs are the weakest link
- What tomorrow’s CISOs need to succeed
📖 Read: lab.wallarm.com/ciso-spotlig...
#APIsecurity #CyberSecurity #WebAppSec
June 12, 2025 at 8:13 AM
“API security is about to have its moment.”
In our latest CISO Spotlight, Rick Bohm dives into:
- Humanizing security through storytelling
- Why APIs are the weakest link
- What tomorrow’s CISOs need to succeed
📖 Read: lab.wallarm.com/ciso-spotlig...
#APIsecurity #CyberSecurity #WebAppSec
In our latest CISO Spotlight, Rick Bohm dives into:
- Humanizing security through storytelling
- Why APIs are the weakest link
- What tomorrow’s CISOs need to succeed
📖 Read: lab.wallarm.com/ciso-spotlig...
#APIsecurity #CyberSecurity #WebAppSec
This. I help-desked through college, worked as a SDE for 11 years & just randomly was on call when AMZN was 1st hit w an XSS attack 25 years ago & we had to reverse engineer on the fly what was happening & how to protect against it. Webappsec wasn't even a field for another 10ish years after that.
I was in IT (it's been almost 20 years) doing QA/support shenanigans before this field was a known money-maker.
Now that it is, everyone wants a quick way in.
This comic about covers it while still managing to leave out DFIR.
Anyone who sells you on "quick & easy" is slinging snake oil.
Now that it is, everyone wants a quick way in.
This comic about covers it while still managing to leave out DFIR.
Anyone who sells you on "quick & easy" is slinging snake oil.
June 8, 2025 at 5:32 PM
This. I help-desked through college, worked as a SDE for 11 years & just randomly was on call when AMZN was 1st hit w an XSS attack 25 years ago & we had to reverse engineer on the fly what was happening & how to protect against it. Webappsec wasn't even a field for another 10ish years after that.
According to LinkedIn I've been working in/on Open Source for 11 years. I suspect that's on the low side, between ZAP and OWASP, but whatever.
#DAST #AppSec #WebAppSec
#DAST #AppSec #WebAppSec
May 14, 2025 at 1:23 PM
According to LinkedIn I've been working in/on Open Source for 11 years. I suspect that's on the low side, between ZAP and OWASP, but whatever.
#DAST #AppSec #WebAppSec
#DAST #AppSec #WebAppSec
Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
📖 Read more: www.helpnetsecurity.com/2025/04/25/r...
#cybersecurity #cybersecuritynews #Ruby #WebAppSec
📖 Read more: www.helpnetsecurity.com/2025/04/25/r...
#cybersecurity #cybersecuritynews #Ruby #WebAppSec
Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610) - Help Net Security
Researchers found vulnerabilities in the Rack Ruby interface, including CVE-2025-27610, potentially leading to disclosure of sensitive info.
www.helpnetsecurity.com
April 25, 2025 at 10:00 AM
Rack Ruby vulnerability could reveal secrets to attackers (CVE-2025-27610)
📖 Read more: www.helpnetsecurity.com/2025/04/25/r...
#cybersecurity #cybersecuritynews #Ruby #WebAppSec
📖 Read more: www.helpnetsecurity.com/2025/04/25/r...
#cybersecurity #cybersecuritynews #Ruby #WebAppSec
I've just had a minor #GitHub issue in @zaproxy.org #ZAP #zaproxy progress from issue opened to PR in 4 hours followed immediately by release of the fix. Amazing work, made possible by @checkmarxzero.bsky.social support for the project. #infosec #Pentesting #WebAppSec #AppSec
April 9, 2025 at 8:47 PM
I've just had a minor #GitHub issue in @zaproxy.org #ZAP #zaproxy progress from issue opened to PR in 4 hours followed immediately by release of the fix. Amazing work, made possible by @checkmarxzero.bsky.social support for the project. #infosec #Pentesting #WebAppSec #AppSec
Big thanks to
@psiinon.bsky.social @kingthorin.bsky.social and all
@zaproxy.org contribs for your work on #ZAP #zaproxy. Amazing #infosec #Pentesting tool. Huge thanks to @checkmarxzero.bsky.social & @crashappsec.bsky.social for supporting this important project. #WebAppSec #AppSec
@psiinon.bsky.social @kingthorin.bsky.social and all
@zaproxy.org contribs for your work on #ZAP #zaproxy. Amazing #infosec #Pentesting tool. Huge thanks to @checkmarxzero.bsky.social & @crashappsec.bsky.social for supporting this important project. #WebAppSec #AppSec
April 9, 2025 at 8:46 PM
Big thanks to
@psiinon.bsky.social @kingthorin.bsky.social and all
@zaproxy.org contribs for your work on #ZAP #zaproxy. Amazing #infosec #Pentesting tool. Huge thanks to @checkmarxzero.bsky.social & @crashappsec.bsky.social for supporting this important project. #WebAppSec #AppSec
@psiinon.bsky.social @kingthorin.bsky.social and all
@zaproxy.org contribs for your work on #ZAP #zaproxy. Amazing #infosec #Pentesting tool. Huge thanks to @checkmarxzero.bsky.social & @crashappsec.bsky.social for supporting this important project. #WebAppSec #AppSec
The @zaproxy.org team did some stuff in March 😎 You can get the details here:
www.zaproxy.org/blog/2025-04...
#DAST #AppSec #WebAppSec #DevSecOps
www.zaproxy.org/blog/2025-04...
#DAST #AppSec #WebAppSec #DevSecOps
ZAP Updates - March 2025
We released 2.16.1 and made more authentication handling improvements.
www.zaproxy.org
April 2, 2025 at 12:14 PM
The @zaproxy.org team did some stuff in March 😎 You can get the details here:
www.zaproxy.org/blog/2025-04...
#DAST #AppSec #WebAppSec #DevSecOps
www.zaproxy.org/blog/2025-04...
#DAST #AppSec #WebAppSec #DevSecOps
what's security like in these? i haven't been doing it for a minute but back when i was in webappsec angular was hot shit (or at least most the secure devs i knew seemed to think so)
April 1, 2025 at 5:59 PM
what's security like in these? i haven't been doing it for a minute but back when i was in webappsec angular was hot shit (or at least most the secure devs i knew seemed to think so)
📰 ZAP ⚡ release 2.16.1 just landed: www.zaproxy.org/blog/2025-03...
#AppSec #WebAppSec #BugBountyTips #PenTest #DevSecOps
#AppSec #WebAppSec #BugBountyTips #PenTest #DevSecOps
ZAP 2.16.1
ZAP 2.16.1 has just been released. This is a bug fix release, along with some minor enhancements
www.zaproxy.org
March 25, 2025 at 6:33 PM
📰 ZAP ⚡ release 2.16.1 just landed: www.zaproxy.org/blog/2025-03...
#AppSec #WebAppSec #BugBountyTips #PenTest #DevSecOps
#AppSec #WebAppSec #BugBountyTips #PenTest #DevSecOps
Giant set of #zaproxy add-on releases this morning. Including many fixes and improvements.
#DAST #AppSec #DevSecOps #WebAppSec #RedTeam #WebAppSec
#DAST #AppSec #DevSecOps #WebAppSec #RedTeam #WebAppSec
March 4, 2025 at 2:58 PM
Giant set of #zaproxy add-on releases this morning. Including many fixes and improvements.
#DAST #AppSec #DevSecOps #WebAppSec #RedTeam #WebAppSec
#DAST #AppSec #DevSecOps #WebAppSec #RedTeam #WebAppSec
見てる: "Clear a specific cookie · Issue #82 · w3c/webappsec-clear-site-data" https://github.com/w3c/webappsec-clear-site-data/issues/82
February 28, 2025 at 2:48 PM
見てる: "Clear a specific cookie · Issue #82 · w3c/webappsec-clear-site-data" https://github.com/w3c/webappsec-clear-site-data/issues/82
#WednesdayWin I had a PR merged this morning which means none of ZAP's core scan rules (active and passive) no longer use CWE-200 which is not supposed to be mapped 🥳🎉
#AppSec #WebAppSec #standards #DevSecOps #PenTest #Redteam #PurpleTeam
How have you WON this week?!?!
#AppSec #WebAppSec #standards #DevSecOps #PenTest #Redteam #PurpleTeam
How have you WON this week?!?!
a man in a red robe is celebrating with his arms in the air and says `` that 's a win ! ''
ALT: a man in a red robe is celebrating with his arms in the air and says `` that 's a win ! ''
media.tenor.com
February 19, 2025 at 2:20 PM
#WednesdayWin I had a PR merged this morning which means none of ZAP's core scan rules (active and passive) no longer use CWE-200 which is not supposed to be mapped 🥳🎉
#AppSec #WebAppSec #standards #DevSecOps #PenTest #Redteam #PurpleTeam
How have you WON this week?!?!
#AppSec #WebAppSec #standards #DevSecOps #PenTest #Redteam #PurpleTeam
How have you WON this week?!?!
Change x-frame-options obsoletes wording by tunetheweb · Pull Request #702 · w3c/webappsec-csp https://github.com/w3c/webappsec-csp/pull/702
X-Frame-Options ヘッダーは決して obseleted というわけではないという。MDN […]
X-Frame-Options ヘッダーは決して obseleted というわけではないという。MDN […]
Original post on fedibird.com
fedibird.com
January 24, 2025 at 1:43 AM
Change x-frame-options obsoletes wording by tunetheweb · Pull Request #702 · w3c/webappsec-csp https://github.com/w3c/webappsec-csp/pull/702
X-Frame-Options ヘッダーは決して obseleted というわけではないという。MDN […]
X-Frame-Options ヘッダーは決して obseleted というわけではないという。MDN […]
According to my VM update this morning @zaproxy.org y 2.16.0 is now available on @kalilinux.bsky.social nux
#DAST #PenTest #WebAppSec #AppSec #RedTeam #PurpleTeam
#DAST #PenTest #WebAppSec #AppSec #RedTeam #PurpleTeam
January 15, 2025 at 11:35 AM
According to my VM update this morning @zaproxy.org y 2.16.0 is now available on @kalilinux.bsky.social nux
#DAST #PenTest #WebAppSec #AppSec #RedTeam #PurpleTeam
#DAST #PenTest #WebAppSec #AppSec #RedTeam #PurpleTeam
We’ve just released @zaproxy.org 2.16!!
#DAST #DevSecOps #AppSec #WebAppSec #PurpleTeam #PenTest #Pentesting
www.zaproxy.org/blog/2025-01...
#DAST #DevSecOps #AppSec #WebAppSec #PurpleTeam #PenTest #Pentesting
www.zaproxy.org/blog/2025-01...
ZAP 2.16.0
ZAP 2.16.0 has just been released. It includes a brand new spider, detachable tabs, policy definitions, and lots more…
www.zaproxy.org
January 10, 2025 at 6:18 PM
We’ve just released @zaproxy.org 2.16!!
#DAST #DevSecOps #AppSec #WebAppSec #PurpleTeam #PenTest #Pentesting
www.zaproxy.org/blog/2025-01...
#DAST #DevSecOps #AppSec #WebAppSec #PurpleTeam #PenTest #Pentesting
www.zaproxy.org/blog/2025-01...
not really, like i said elsewhere i'm a generalist
webappsec for a couple years, pro-services for an appliance vendor that required very broad knowledge for a while, last job was first security hire/director of security for a start-up, mostly prep a soc 2 audit that was extremely in distress lol
webappsec for a couple years, pro-services for an appliance vendor that required very broad knowledge for a while, last job was first security hire/director of security for a start-up, mostly prep a soc 2 audit that was extremely in distress lol
December 12, 2024 at 11:04 PM
not really, like i said elsewhere i'm a generalist
webappsec for a couple years, pro-services for an appliance vendor that required very broad knowledge for a while, last job was first security hire/director of security for a start-up, mostly prep a soc 2 audit that was extremely in distress lol
webappsec for a couple years, pro-services for an appliance vendor that required very broad knowledge for a while, last job was first security hire/director of security for a start-up, mostly prep a soc 2 audit that was extremely in distress lol
oh FUCK no but when i get home i bet i know a few people (local citysec meetup in sf used to be lousy with cryptographers)
that's way beyond me, hard crypto shit
i started out doing webappsec and pivoted into management after experiencing very bad management
i'm a generalist, that's specialist
that's way beyond me, hard crypto shit
i started out doing webappsec and pivoted into management after experiencing very bad management
i'm a generalist, that's specialist
December 12, 2024 at 9:04 PM
oh FUCK no but when i get home i bet i know a few people (local citysec meetup in sf used to be lousy with cryptographers)
that's way beyond me, hard crypto shit
i started out doing webappsec and pivoted into management after experiencing very bad management
i'm a generalist, that's specialist
that's way beyond me, hard crypto shit
i started out doing webappsec and pivoted into management after experiencing very bad management
i'm a generalist, that's specialist
I'd seen this before, where an LLM retrospectively hides a response; it kind of feels like an "attack", but is it better classed as a "design flaw"?
I'm not sure that this seen in WebAppSec ( it's been a while ) where the data is retrospectively acted on - rather than hidden from the start?
I'm not sure that this seen in WebAppSec ( it's been a while ) where the data is retrospectively acted on - rather than hidden from the start?
These aren’t new LLM attacks. They are UI and architecture bugs that we’ve known since the very beginning of WebAppSec. If you send data to a user’s browser, they can capture and view it. 🤷♂️ www.knostic.ai/blog/introdu...
Suicide Bot: New AI Attack Causes LLM to Provide Potential “Self-Harm” Instructions
Knostic unveils a new class of AI attacks, LLM Flowbreaking, which disrupts AI/ML system architecture & guardrails: Second Thoughts and Stop and Roll.
www.knostic.ai
December 2, 2024 at 11:12 PM
I'd seen this before, where an LLM retrospectively hides a response; it kind of feels like an "attack", but is it better classed as a "design flaw"?
I'm not sure that this seen in WebAppSec ( it's been a while ) where the data is retrospectively acted on - rather than hidden from the start?
I'm not sure that this seen in WebAppSec ( it's been a while ) where the data is retrospectively acted on - rather than hidden from the start?
These aren’t new LLM attacks. They are UI and architecture bugs that we’ve known since the very beginning of WebAppSec. If you send data to a user’s browser, they can capture and view it. 🤷♂️ www.knostic.ai/blog/introdu...
Suicide Bot: New AI Attack Causes LLM to Provide Potential “Self-Harm” Instructions
Knostic unveils a new class of AI attacks, LLM Flowbreaking, which disrupts AI/ML system architecture & guardrails: Second Thoughts and Stop and Roll.
www.knostic.ai
December 2, 2024 at 4:50 PM
These aren’t new LLM attacks. They are UI and architecture bugs that we’ve known since the very beginning of WebAppSec. If you send data to a user’s browser, they can capture and view it. 🤷♂️ www.knostic.ai/blog/introdu...