Tweetovi
- Tweetovi, trenutna stranica.
- Tweetovi i odgovori
- Medijski sadržaj
Blokirali ste korisnika/cu @InonShkedy
Jeste li sigurni da želite vidjeti te tweetove? Time nećete deblokirati korisnika/cu @InonShkedy
-
Prikvačeni tweet
Starting tomorrow, we'll post a daily tip on API security & Pentesting. Follow me &
@traceableai, get unique tricks, learn how to break & protect APIs. Whoami? *API Security Leader@owasp *Head of Security Research @ http://traceable.ai *8+ years in AppSec;#bugbountytipspic.twitter.com/2U6tY5ActD
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
Meet our
#APICON expert of the day:@InonShkedy will talk about#Testing and#Hacking#APIs. And that's not all, he will alsogive a session about#OWASP (the gold standard in AppSec)! http://ow.ly/ywwb30qevPX#APIpic.twitter.com/bJ9M3eMR4A
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
Happy to see
#Charmander active in#OWASP. I feel safer knowing that.Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
-API TIP:31/31- Dear followers, when I created the list of daily API tips I forgot there are 31 days in January. Unfortunately I don’t have an API tip for you today. Instead, here’s a photo of Charmander at the
@owasp conference last week in#SantaMonica#appseccali#charmanderpic.twitter.com/GzEsKVBnG1
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
-API TIP: 31/31- Found a "limit" / "page" param? (e.g: /api/news?limit=100) It might be vulnerable to Layer 7 DoS. Try to send a long value (e.g: limit=999999999) and see what happens :)
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
Also the latest added API endpoint has a high chance of missing a specific security filter. Always make sure to the every single one of them
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
-API TIP:31/31- Dear followers, when I created the list of daily API tips I forgot there are 31 days in January. Unfortunately I don’t have an API tip for you today. Instead, here’s a photo of Charmander at the
@owasp conference last week in#SantaMonica#appseccali#charmanderpic.twitter.com/GzEsKVBnG1
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
In light of nearly 20 years of widespread
#SQLi#vulnerabilities, we interviewed@InonShkedy about why this continues to be such a rampant issue. Take a look at his thoughts: http://bit.ly/30Sun0A#Injection#CVE#SQLInjectionpic.twitter.com/MrCmr83ZNe
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
-API TIP:30/31- Got stuck during an API pentest? Expand your attack surface! If the API has mobile clients, download old versions of the APK file to explore old/legacy functionality and discover new API endpoints.
#bugbountytipsPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
Remember: companies don’t always implement security mechanisms from day one && DevOps engineers don’t often deprecate old APIs. Leverage these facts to find shadow API endpoints that don’t implement security mechanism (authorization, input filtering & rate limiting)
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Remember:companies don’t always implement security mechanisms from day one && DevOps engineers don’t often deprecate old APIs. Leverage these facts to find shadow API endpoints that don’t implement security mechanism (authorization, input filtering & rate limiting)
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-API TIP:30/31- Got stuck during an API pentest? Expand your attack surface! If the API has mobile clients, download old versions of the APK file to explore old/legacy functionality and discover new API endpoints.
#bugbountytipsPrikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
Thanks
@traceableai for providing API testing resources(tips) There aren't many info about API testing but your tups and this blog post is awesome to learn API Testing#bugbountytips#bugbountytip#bugbountyhttps://twitter.com/traceableai/status/1221704507953840128 …Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
-API TIP:29/30- APIs expose the underlying implementation of the app. Pentesters should leverage this fact to better understand users, roles, resources & correlations between them and find cool vulnerabilities & exploits. Always be curious about the API responses.
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Join us next week and learn about API Security & the OWASP Top 10 for APIshttps://twitter.com/VirtuallyTestin/status/1222688284045762561 …
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
API or IPA? Date: Friday 02/07/2020 at 3P EST (12P PST) Registration Link: http://02072020.virtuallytesting.com Join
@InonShkedy who is a leader OWASP API Security Project. Linkedin Post: https://www.linkedin.com/feed/update/urn:li:activity:6628453297768534016 …#virtuallytesting#vtedu#API#OWASP#cybersecurity#CISOpic.twitter.com/hu6XmaG5XC
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
-API TIP:27/31- BE Servers no longer responsible for protecting against XSS. APIs don't return HTML, but JSON instead. If API returns XSS payload? - E.g: {"name":"In<script>alert(21)</script>on} That's fine! The protection always needs to be on the client side
#bugbountytipsHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Inon Shkedy proslijedio/la je Tweet
-API TIP:28/31- Pentest for .NET apps? Found a param containing file path/name? Developers sometimes use "Path.Combine(path_1,path_2)" to create full path. Path.Combine has weird behavior: if param#2 is absolute path, then param#1 is ignored. - Leverage it to control the path -
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi -
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-API TIP:28/31- Pentest for .NET apps? Found a param containing file path/name? Developers sometimes use "Path.Combine(path_1,path_2)" to create full path. Path.Combine has weird behavior: if param#2 is absolute path, then param#1 is ignored. - Leverage it to control the path -
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.