Technical Information Security Content & Discussion

The original post: /r/netsec by /u/dx7r__ on 2024-04-16 14:04:21.

The original post: /r/netsec by /u/roy_6472 on 2024-04-16 10:30:36.

The original post: /r/netsec by /u/sebazzen on 2024-04-16 08:39:37.

The original post: /r/netsec by /u/TheMaestro810 on 2024-04-16 00:44:18.

The original post: /r/netsec by /u/louis11 on 2024-04-15 20:27:43.

The original post: /r/netsec by /u/daindragon2 on 2024-04-15 20:24:46.

Web applications play a crucial role in modern businesses, offering various services and often exposing sensitive data that can be enticing to attackers. As a result, there is a growing interest in finding innovative approaches for discovering vulnerabilities in web applications. In the evolving landscape of web security, the realm of fuzz testing has garnered substantial attention for its effectiveness in identifying vulnerabilities. However, existing literature has often underemphasized the nuances of web-centric fuzzing methodologies. This article presents a comprehensive exploration of fuzzing techniques specifically tailored to web applications, addressing the gap in the current research. Our work presents a holistic perspective on web-centric fuzzing, introduces a modular architecture that improves fuzzing effectiveness, demonstrates the reusability of certain fuzzing steps, and offers an open-source software package for the broader security community. By addressing these key contributions, we aim to facilitate advancements in web application security, empower researchers to explore new fuzzing techniques, and ultimately enhance the overall cybersecurity landscape

The original post: /r/netsec by /u/MegaManSec2 on 2024-04-15 19:47:59.

The original post: /r/netsec by /u/RedTermSession on 2024-04-15 15:39:53.

The original post: /r/netsec by /u/eg1x on 2024-04-15 14:18:18.

The original post: /r/netsec by /u/shantanu14g on 2024-04-15 14:00:34.

I coded this over the weekend. It's my first hands-on experience with Golang, and I had fun.

This basically scrapes the RSS feed from vuldb.com and notifies on Slack when any CVEs matching the keywords are added.

Keywords can be any technology or product that you want to track, e.g., CVEs related to Apple, WordPress, Ivanti VPN, etc.

The intended users are bug bounty hunters who want to look out for interesting CVEs and organizations that want to take action when any CVE affecting them is released.

Feedback and criticism are always welcome.

Ideally, I would like to scrape the NVD API instead of vuldb, but I will work on that later.

The original post: /r/netsec by /u/Soggy_Sally on 2024-04-12 20:44:30.

The original post: /r/netsec by /u/louis11 on 2024-04-10 15:01:18.

The original post: /r/netsec by /u/7331senb on 2024-04-14 12:49:50.

The original post: /r/netsec by /u/sunshine-and-sorrow on 2024-04-14 05:00:37.

The original post: /r/netsec by /u/Secret-Inspection180 on 2024-04-14 01:25:24.

The original post: /r/netsec by /u/fin3ss3g0d on 2024-04-14 01:00:37.

The original post: /r/netsec by /u/SmokeyShark_777 on 2024-04-13 11:06:11.

Hello guys! Here's a Go tool to check HTTP security headers insecure configuration. It supports Content-Security-Policy directives audit as well and can be used to assess multiple webpages/domains. If someone wants to collaborate or just leave feedback, here's the repo!

The original post: /r/netsec by /u/eg1x on 2024-04-13 08:49:52.

The original post: /r/netsec by /u/amitschenedel on 2024-04-13 07:06:27.

The original post: /r/netsec by /u/dx7r__ on 2024-04-13 04:19:53.

The original post: /r/netsec by /u/tootac on 2024-04-13 00:19:50.

The original post: /r/netsec by /u/danishlogon1 on 2024-04-12 20:49:16.

The original post: /r/netsec by /u/derp6996 on 2024-04-12 18:24:26.

The original post: /r/netsec by /u/Hallow_Rose on 2024-04-12 14:35:48.

The original post: /r/netsec by /u/sottaly on 2024-04-12 13:17:10.