OWASP – WindowsTechs.com

OWASP Data Breach Caused by Server Misconfiguration

Posted on April 2, 2024 by Ionut Arghire

The OWASP Foundation says a wiki misconfiguration exposed resumes filed over a decade ago by aspiring members.
The post OWASP Data Breach Caused by Server Misconfiguration appeared first on SecurityWeek.
Continue reading OWASP Data Breach Caused by Server Misconfiguration→

Double Submit Cookie Bypass

Posted on February 10, 2024 by Johnny

I am trying to work on an example for my class on how double submit cookie works and how attackers can bypass it
The idea i have is I have two domain att.com and victim.com. The login functionality on victim.com creates the session and als… Continue reading Double Submit Cookie Bypass→

unsafe-hashes an alternatives

Posted on October 27, 2023 by Shaunyl

I need to run the following inline script to inject some Thymeleaf model variables into a javascript file of mine.
<script th:inline="javascript">
/*<![CDATA[*/
var stripePublicKey = /*[[${stripePublicKey}]]*/ … Continue reading unsafe-hashes an alternatives→

Top Security Tools for Developers in 2023

Posted on October 6, 2023 by Enrique Corrales

Find the best security tool for developers with our comprehensive list. We reviewed the top security tools to help you choose which one fits best for your team. Continue reading Top Security Tools for Developers in 2023→

3 Best DevSecOps Tools in 2023

Posted on September 29, 2023 by Enrique Corrales

DevSecOps tools help organizations identify security vulnerabilities early in the development process. Explore our list of DevSecOps tools. Continue reading 3 Best DevSecOps Tools in 2023→

Is the new OWASP API Top 10 helpful to defenders?

Posted on August 30, 2023 by Help Net Security

The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) Security Top 10 2023 is no exception. First drafted five years ago and updated th… Continue reading Is the new OWASP API Top 10 helpful to defenders?→

8 open-source OSINT tools you should try

Posted on August 22, 2023 by Help Net Security

Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of a… Continue reading 8 open-source OSINT tools you should try→

10 open-source recon tools worth your time

Posted on June 20, 2023 by Help Net Security

Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten open-source recon tools that deserve to be in your arsenal. Altdns Altdns is… Continue reading 10 open-source recon tools worth your time→

OWASP’s 2023 API Security Top 10 Refines View of API Risks

Posted on June 7, 2023 by Kevin Townsend

OWASP’s ranking for the major API security risks in 2023 has been published. The list includes many parallels with the 2019 list, some reorganizations/redefinitions, and some new concepts.
The post OWASP’s 2023 API Security Top 10 Refines View of… Continue reading OWASP’s 2023 API Security Top 10 Refines View of API Risks→

Verbose Headers/Information Leakage via HttpResponse Headers vs fingerprinting via named headers

Posted on May 12, 2023 by JoSSte

I understand that a header like X-Powered-By can reveal details about the operating environment that can be used to find known vulnerabilities because you often get the language and compiler/interpreter/operating environment versions.
With… Continue reading Verbose Headers/Information Leakage via HttpResponse Headers vs fingerprinting via named headers→