Oh nice, wasn't aware of this, definitely looks interesting, thanks! I am an OSCP holder as well.
Learn the foundations of web application assessments. Exploit common web vulnerabilities, learn how to exfiltrate sensitive data from target web applications, and earn your OffSec Web Assessor (OSWA) certification.
Learn the foundations of web application assessments. Exploit common web vulnerabilities, learn how to exfiltrate sensitive data from target web applications, and earn your OffSec Web Assessor (OSWA) certification.
cross-posted from: https://infosec.pub/post/8123190
> Hello everyone, > > > I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel. > > I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?
Hello everyone,
I hope this post belongs here, otherwise I'll move it to !appsec@infosec.pub.
I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel.
I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?
A database of cloud security incidents, campaigns, and techniques, Portswigger's labs on testing LLMs in web apps, using Azure logs for detection
A new script in the community-scripts repository enables the signing of outgoing requests with RSA keys, addressing the challenge of testing applications that require this functionality.
Stir Trek 2024 will take place at the AMC Easton Town Center 30 on Friday, May 3rd. We'll be at the same great location we have been for the past few ...
OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.OWASP is completely v...
Useful secure defaults + SCPs for your AWS account, a chatbot LLM ReAct agent for prompt injection practice, vulnerable by design AWS Cloud Development Kit infrastructure
![[tl;dr sec] #213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat](https://infosec.pub/pictrs/image/4c257586-421f-4f89-93bc-c8cdd24e0b28.png?format=webp&thumbnail=256)
A review of application security happenings and industry news from Chris Romeo.
Trustwave Transfers ModSecurity Custodianship to OWASP on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
AI dev assistants can be convinced to spill secrets learned during training
Write-up: https://lock.cmpxchg8b.com/zenbleed.html
A recently patched flaw in OpenSSH (CVE-2023-38408) could allow remote attackers to run arbitrary commands on vulnerable hosts.
Twelve Norwegian government ministries have been hit by a cyber attack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe's largest gas supplier and NATO's northernmost member.
cross-posted from: https://lemmy.capebreton.social/post/82259
> OSLO, July 24 (Reuters) - Twelve Norwegian government ministries have been hit by a cyber attack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe's largest gas supplier and NATO's northernmost member. > > "We identified a weakness in the platform of one of our suppliers. That weakness has now been shut," Erik Hope, head of the government agency in charge of providing services to ministries, told a news conference. > > The attack was identified due to "unusual" traffic on the supplier's platform, Hope said, declining to provide specifics. It was uncovered on July 12 and was being investigated by police. > > "It is too early to say who is back this and what is the extent of the impact (of the attack)," he said.
Celebrate the life of Kevin Mitnick, leave a kind word or memory and get funeral service information care of King David Memorial Chapel & Cemetery.
RIP
A critical design flaw in the Google Cloud Build service discovered by cloud security firm Orca Security can let attackers escalate privileges, providing them with almost nearly-full and unauthorized access to Google Artifact Registry code repositories.
Finally done with my 120 CPEs for my CISSP. That was a long ride, happy to be done with it
Be careful, 2FA still has issues at the moment: https://github.com/LemmyNet/lemmy/issues/3309
They should be fixed Indeed
Oh yes sorry for that, should have posted the one you linked
Well, I guess there is a compromise to be found between aggregating content from different instances, and consuming a tremendous amount of resources on the server to do so.
As an example, it seems reasonable to me for someone to aggregate content from other security/IT instances here, but not let's say gardening or language learning.
And about the number of accounts, I have one for infosec, and a few others, each for every interest I have
You have to search them first.
As a side comment, I'm not sure this instance should be federated with fitness communities, as it doesn't seem really related to the domain of infosec
I see you also like Absolute Appsec.
I just started a more specialized AppSec list here: https://infosec.pub/post/318834, can I link you comment there?
Nix has been on my radar for a while too. The approach is takes to reproducibility looks very interesting
I'm also going to post it as much as I can. I love the idea of having a lemmy instance dedicated to infosec, we just need a few more people on board.
