94 private links
Vulnerable app with examples showing how to not use secrets - GitHub - OWASP/wrongsecrets: Vulnerable app with examples showing how to not use secrets
This repository brings together tool builders, bloggers, speakers, book authors, and other interesting Mastodon accounts - GitHub - cipher387/OSINT-and-Cybersecurity-accounts-in-Mastodon: This repository brings together tool builders, bloggers, speakers, book authors, and other interesting Mastodon accounts
Hello, we shall run the OWASP juice shop as a deployment, and expose it as a service in a local kubernetes cluster launched with kind. Hence, familiarity with kubernetes deployment and service is essential to follow along. You can try this with any cluster, though I am using a cluster that was launched with kind. For those not aware, kind is a tool that makes launching k8s clusters on your local machine easy.
Welcome to the page where you will find each hacking trick/technique/whatever I have learnt from CTFs, real life apps, reading researches, and news.
Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks - GitHub - TalEliyahu/awesome-security-newsletters: Periodic cyber security newsletters that capture the latest news, summaries of conference talks, research, best practices, tools, events, vulnerabilities, and analysis of trending threats and attacks
Run Juice Shop on Kubernetes
Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening - GitHub - arkenfox/user.js: Firefox privacy, security and anti-tracking: a comprehensive user.js template for configuration and hardening
Die lange Liste der Hackerangriffe des Jahres in Deutschland.
It’s been a while since my last post on medium but I’m back, I want to tell you a short story about a private bug bounty program and why you can always check public Repos on GitHub, because you will…
A reference of the reporting settings administrators configure in kibana.yml.
Zip Bombs are a thing of the past, but the concept behind them is still relevant nowadays. Indeed, your GraphQL application might be vulnerable to what we'll call GraphQL Bombs in this article. Read on to know if you're vulnerable and how to secure your GraphQL application!
How do zip
A curated list of awesome GraphQL Security frameworks, libraries, software and resources - GitHub - Escape-Technologies/awesome-graphql-security: A curated list of awesome GraphQL Security frameworks, libraries, software and resources
Useful Google Dorks for WebSecurity and Bug Bounty - GitHub - Proviesec/google-dorks: Useful Google Dorks for WebSecurity and Bug Bounty
Trivy v0.29.0 release brings many updates, such as RBAC security and Helm chart scanning, custom extensions, a Trivy Operator Lens integration, and more
This is the first post in a series called ‘Smashing the Modern Web Tech Stack.’ Web Applications today are more complex than ever. I’m writing this series to organize and process some core ideas and…
whatfiles is a Linux utility. It traces any new processes and threads that are created by the targeted process as well.
Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, Google CloudBuild. No server required! - GitHub - AppThreat/dep-scan: Fully open-source security audit for project dependencies based on known vulnerabilities and advisories. Supports both local repos and container images. Integrates with various CI environments such as Azure Pipelines, CircleCI, Google CloudBuild. No server required!