Collaborate Disseminate
I am running a pentest on a web application, and I detected a vulnerability but I am not sure how to report it. I am confused if I should split it or document it as 1 finding. I will explain below.
So the finding is, a JWT token with large… Continue reading How to report related findings in a pentest report
There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030. This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card […]
The post 3 Strategies to overcome data security challenges in 2024 appeared first on Security Intelligence.
Continue reading 3 Strategies to overcome data security challenges in 2024
I am currently conducting vulnerability assessment and penetration testing for an OTC platform that facilitates energy import and export. The platform caters to two types of users: 1) Admin and 2) DISCOM, a normal user.
I am utilizing Burp… Continue reading Seeking Advice on Configurations for Vulnerability Assessment Scans in BurpSuite Professional [closed]
While I was doing source code review of API handlers for REST APIs, I found a security issue.
This issue is that some methods have the annotation @PreAuthorize("permitAll()").
If I want to document this as a finding and give it a… Continue reading How to calculate CVSS score of a finding detected in the source code?
I am trying to analyze CVE-2023-34453. As per the NVD description, there is an integer overflow error in snappy-java, specifically in the method shuffle(int[] input) in BitShuffle.java.
In a huge codeline this CVE was detected, and I want … Continue reading If a library has a vulnerable function, but my code doesn’t call it, is my code at risk? Do I need to update?
We don’t normally worry about old school viruses breaking out of emulators; but sometimes we worry about targeted exploit code breaking out of emulators.
8086tiny is an 8086/80186 CPU emulator. The active development repository seems to be… Continue reading Is it possible to break out of 8086 tiny from within?
As far as I know, a load balancer distributes incoming network traffic based on the load/charge of resources (=> health checks) and on the volume of the inbound traffic
I was wondering if it is worth running a vulnerability scanner on a… Continue reading Is it worth doing a vulnerability scan on a load balancer?
I have disabled the firewall and im able to get ping from my local system and metasploitable vice versa,When i go to nessus portal and add the metasploitable IP im not able to scan it, it starts and compete in secs and no reports.
Also in … Continue reading Unable to scan metasploitable machine IP on Nessus [closed]
Why speed is of the essence in today’s cybersecurity landscape? How are you quickly achieving vulnerability resolution? Identifying vulnerabilities should be part of the daily process within an organization. It’s an important piece of maintaining an organization’s security posture. However, the complicated nature of modern technologies — and the pace of change — often make […]
The post Vulnerability resolution enhanced by integrations appeared first on Security Intelligence.
Continue reading Vulnerability resolution enhanced by integrations
Vulnerability scanners delve into systems to uncover security gaps. The primary mission? To fortify organizations against breaches and shield sensitive data from exposure. Beyond merely pinpointing weaknesses, vulnerability scanning is a proactive meas… Continue reading 5 free vulnerability scanners you should check out