Unterstützt das und leitet das weiter!
Es ist wahrscheinlicher, dass Euch ein Bug aus den #OWASPTop10 raushaut, als eine #AI oder ein #quantumcomputer
Zahllose Beispiele ...
#OWASPTop10
📢 November OWASP Ottawa Meetup Alert📢
Join us for an in-person #OWASPOttawa meetup next week at the University of Ottawa!
We’ve got two fantastic speakers (Tanya Janca and Gabriel Kronfeld) lined up to dive deep into #DevSecOps and #OWASPTop10.
Gabriel Kronfeld presents "A Brief overview of the OWASP Top 10"
Tanya Janca presents "DevSecOps Worst Practices"
RSVP link: https://www.meetup.com/owasp-ottawa/events/304507525
There was so much OWASP goodness shared as well. Of course, the standard top 10 was mentioned - but not a full deep dive because only a short period of time: https://owasp.org/www-project-top-ten/
👉 #APIattacks have grown in triple digits in the last two years.
After all, 71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.
Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.
In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning.
Vivek will discuss how to :
- Scan API endpoints for OWASP API Top 10 vulnerabilities
- Perform API penetration testing for business logic vulnerabilities
- Prioritize the most critical vulnerabilities with AcuRisQ
- Workflow automation for this entire process
Register now and start protecting your APIs today! https://bit.ly/3z7IPHf
#vulnerabilityscanning #hacking #apiscanning #cybersecurity #vulnerabilities #owaspapi #owasptop10 #pentesting #apiendpoints #apisecurity #apptrana #indusface
👉 Join Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface, in a live #API attack simulation. 🔓
In this session, they will cover:
- An exploit of #OWASP API Top 10 vulnerability
- A brute force #ATO (Account Takeover) attack on an API
- A #DDoS attack on an API
- Positive security model automation to prevent #APIattacks
Don't miss out – register now! https://bit.ly/3WODUV8
#authentication #authorization #apisecurity #hacking #owasptop10 #ddosattacks #apigateway #bruteforceattacks #cybersecurity #apptrana
It is 2024 and here we have yet another critical SQL Injection (#SQLi) vulnerability in a commercial product by a *CyberSecurity* vendor - F5! (PaloAlto vuln was a couple of weeks ago)
Attackers are exploiting a critical #XSS #vulnerability (CVE-2023-34192) in #Zimbra.
Our latest #securitybulletin proposes mitigation measures to address the flaw: https://bit.ly/47bK2s6
#crosssitescripting #owasptop10 #owasp #zeroday #zerodayvulnerability #xssvulnerability #waap #DAST #waf #virtualpatching #apptrana #indusface
👉 A new edition of the #OWASP Mobile Top 10 2023 has been released.
The blog breaks down the updated list of #vulnerabilities and provides mitigation guidelines - https://bit.ly/3RH1CQw
#owasptop10 #mobileapplications #mobilesecurity #penetrationtesting #mobileappsecurity #mobileapplicationscanning #apptrana #indusface
#cybersecurity #owasptop10 #owasp
The OWASP Top 10: What They Are and How to Test Them
https://www.bleepingcomputer.com/news/security/the-owasp-top-10-what-they-are-and-how-to-test-them/
🚀 🔍 #APIsecurity landscape is constantly changing, and keeping up is important.
The trusted resource for API security, the #OWASP #API Top 10, has been updated for 2023.
Get the latest insights and recommendations to protect your #APIs. See what's new compared to 2019: https://bit.ly/48z6WeV
#owaspapi #owasptop10 #apiprotection #apivulnerabilities #ddosattacks #riskprotection #appsec #apptrana #indusface
Check out SmartBear's YouTube series on the new 2023 #OWASPTop10 for Secure #APIs: https://www.youtube.com/watch?v=nIWBp_nvzq4&list=PLrA5ciulugn8nydmfvt9cGBgDFqg8XbEt
#api #apis #apisecurity #owasp #owasptop10 #owaspapi #cyberrisk #openapi #openapis #apptrana #indusface
#Workshop erfolgreich abgeschlossen 🙌🥳
Wieder 10 Leute beim "Hack It: Sichere Webanwendungen" bespaßt. ☺️
OWASP Top 10 for Large Language Model Applications
"The OWASP Top 10 for Large Language Model Applications project aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large Language Models (LLMs)."
https://owasp.org/www-project-top-10-for-large-language-model-applications/
Review the draft Top 10 list version 0.1: https://owasp.org/www-project-top-10-for-large-language-model-applications/descriptions/
1) Prompt Injections
2) Data Leakage
3) Inadequate Sandboxing
4) Unauthorized Code Execution
5) SSRF Vulnerabilities
6) Overreliance on LLM-generated Content
7) Inadequate AI Alignment
8) Insufficient Access Controls
9) Improper Error Handling
10) Training Data Poisoning
The initiative is community-driven, collaborate :)
#security #ai #data #llm #largelanguagemodel #artificialintelligence #owasp #training #OpenWorldwideApplicationSecurityProject #cybersecurity #community #owasptop10 #noprofit
You know the #OWASPTOP10 list of #cybersecurity risks? #owasp is developing something similar for #LLM applications.
It’s in the early stages now but I’m super excited about it. This is the first thing like a standardized cybersecurity body of knowledge or best practice specific to #generativeAI that I’ve ever seen.
https://owasp.org/www-project-top-10-for-large-language-model-applications/
OWASP has released the Top 10 API Security Risks (2023). https://owasp.org/API-Security/editions/2023/en/0x11-t10/ #OWASPTOP10 #appsec #owasp
Mitigating the OWASP Top 10 Vulnerabilities: Strategies for Protecting Your Systems - https://certerassl.com/blog/mitigating-the-owasp-top-10-vulnerabilities
Learn about effective mitigation strategies in our latest article: Mitigating the OWASP Top 10 Vulnerabilities.
Start your app testing now! #InfoSec #OWASPTop10
https://nonamesecurity.com/blog/preparing-for-the-soon-to-be-updated-owasp-api-security-top-10
:hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified:zodmagus@infosec.exchange
2022-12-21OWASP Top 10 - I have just completed this room! Check it out: https://tryhackme.com/room/owasptop10 #tryhackme #owasp #top 10 #Injection #Broken Authentication #Sensitive Data Exposure #XML External Entity #Broken Access Control #Security Misconfiguration #Cross-site Scripting #Insecure Deserialization #Insufficent Logging #Monitoring #Components with Known Vulns #web #owasptop10 via @RealTryHackMe
Today's THM Advent of Cyber challenge was a quick one but one that shouldn't be overlooked.
The challenge itself was pretty easy, but it's a good reminder that there are still a lot of websites and web applications that are poorly built and open to vulnerabilities.
I was listening to Darknet Diaries episode 2 on my commute yesterday and that talked about the VTech breach in 2015. The hacker was able to easily gain access because of garbage security.
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst