Collaborate Disseminate
Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of a… Continue reading 8 open-source OSINT tools you should try
Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten open-source recon tools that deserve to be in your arsenal. Altdns Altdns is… Continue reading 10 open-source recon tools worth your time
OWASP’s ranking for the major API security risks in 2023 has been published. The list includes many parallels with the 2019 list, some reorganizations/redefinitions, and some new concepts.
The post OWASP’s 2023 API Security Top 10 Refines View of… Continue reading OWASP’s 2023 API Security Top 10 Refines View of API Risks
I understand that a header like X-Powered-By can reveal details about the operating environment that can be used to find known vulnerabilities because you often get the language and compiler/interpreter/operating environment versions.
With… Continue reading Verbose Headers/Information Leakage via HttpResponse Headers vs fingerprinting via named headers
OWASP Core Rule Set has many versions the latest is version 4.0 (release candidate), but I cannot find any indication about compatibility among various modsecurity releases.
Could these be used with any modsecurity version, or is there som… Continue reading Compatibility of ModSecurity Core Rule Set 4
According to the OWASP Cheat Sheet on Certificate Pinning, their recommendation is to pin to the leaf certificate, but also pin to the intermediate CA as a backup.
Any security measure is only as good as its weakest link, so in this case i… Continue reading Benefits of certificate pinning to leaf with intermediate as a backup?
Endor Labs has introduced an OWASP-style listing of the most important or impactful risks inherent in the use of open source software (OSS).
The post Top 10 Security, Operational Risks From Open Source Code appeared first on SecurityWeek.
Continue reading Top 10 Security, Operational Risks From Open Source Code
42Crunch has become corporate member of the Open Web Application Security Project (OWASP), a worldwide not-for-profit charitable organization focused on improving the security of software. 42Crunch have always been inspired by OWASP’s role as an enable… Continue reading 42Crunch joins OWASP as a corporate member to advance API security
ModSecurity 3.0.8
ModSecurity-Nginx 1.0.3
CRS 4.0.0-rc1
I have a marketplace where sellers can list anything for sale. On the "item description" section, we allow users to copy and paste their HTML formatting, like eBay does. We… Continue reading ModSecurity / CRS: Need custom rule to deal with false positive (user-inserted HTML formatted listings)
I have problem when implementing modsecurity and crs. Here is the issue, I hope anyone can give us some guide for resolving this issue.
Apache version :
Server version: Apache/2.4.29 (Ubuntu) Server built:
2022-06-23T12:51:37
ModSecurity… Continue reading Execution error – PCRE limits exceeded