Snyk prices are getting very high. Has anyone moved away from them? Which alternative did you choose?
Found this interesting list: https://list.latio.tech/
On the open source side, there is https://www.dependencytrack.org/
Oh nice, wasn't aware of this, definitely looks interesting, thanks! I am an OSCP holder as well.
Looking for a new training/certification. People who did OSWA (Web-200 by OffSec), how was it?
Learn the foundations of web application assessments. Exploit common web vulnerabilities, learn how to exfiltrate sensitive data from target web applications, and earn your OffSec Web Assessor (OSWA) certification.
Looking for a new training/certification. People who did OSWA (Web-200 by OffSec), how was it?
Learn the foundations of web application assessments. Exploit common web vulnerabilities, learn how to exfiltrate sensitive data from target web applications, and earn your OffSec Web Assessor (OSWA) certification.
Recommended AppSec conferences in Europe?
cross-posted from: https://infosec.pub/post/8123190
Hello everyone,
I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel.
I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?
Recommended AppSec conferences in Europe?
Hello everyone,
I hope this post belongs here, otherwise I'll move it to [email protected].
I work in appsec, my manager would like to send us to a conference this year. We are based in Europe, and the company would like to across intercontinental travel.
I have OWASP Global 2024 in Lisbon on my radar, as well as the BlackHat EU in London, is there any other conference you guys would recommend?
A database of cloud security incidents, campaigns, and techniques, Portswigger's labs on testing LLMs in web apps, using Azure logs for detection
![[tl;dr sec] #215 - Cloud Threat Landscape, Web LLM Security Labs, Azure Logs Primer](https://lazysoci.al/api/v3/image_proxy?url=https%3A%2F%2Fbeehiiv-images-production.s3.amazonaws.com%2Fuploads%2Fpublication%2Fthumbnail%2F080a561f-2435-4477-a549-ab9f115e047c%2Flandscape_Screenshot_2024-11-21_at_10.48.21_AM.png&format=webp)
A new script in the community-scripts repository enables the signing of outgoing requests with RSA keys, addressing the challenge of testing applications that require this functionality.
Why the downvotes? This is a call for speakers to a security conference
Stir Trek 2024 will take place at the AMC Easton Town Center 30 on Friday, May 3rd. We'll be at the same great location we have been for the past few ...
We Must Consider Software Developers a Key Part of the Cybersecurity Workforce
#213 - AWS Secure Defaults, Damn Vulnerable LLM Agent, cdk-goat
Useful secure defaults + SCPs for your AWS account, a chatbot LLM ReAct agent for prompt injection practice, vulnerable by design AWS Cloud Development Kit infrastructure
A review of application security happenings and industry news from Chris Romeo.
Trustwave Transfers ModSecurity Custodianship to OWASP on the main website for The OWASP Foundation. OWASP is a nonprofit foundation that works to improve the security of software.
AI dev assistants can be convinced to spill secrets learned during training
Community review - OWASP Mobile Application Security risk assessment formula
Black Hat USA 2023 slides
Nice resources
Thank you!
That's kind of legacy debt at some point. I understand why they still want to move towards evolving the standard
Write-up: https://lock.cmpxchg8b.com/zenbleed.html
A recently patched flaw in OpenSSH (CVE-2023-38408) could allow remote attackers to run arbitrary commands on vulnerable hosts.
Twelve Norwegian government ministries have been hit by a cyber attack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe's largest gas supplier and NATO's northernmost member.
cross-posted from: https://lemmy.capebreton.social/post/82259
OSLO, July 24 (Reuters) - Twelve Norwegian government ministries have been hit by a cyber attack, the Norwegian government said on Monday, the latest attack to hit the public sector of Europe's largest gas supplier and NATO's northernmost member.
"We identified a weakness in the platform of one of our suppliers. That weakness has now been shut," Erik Hope, head of the government agency in charge of providing services to ministries, told a news conference.
The attack was identified due to "unusual" traffic on the supplier's platform, Hope said, declining to provide specifics. It was uncovered on July 12 and was being investigated by police.
"It is too early to say who is back this and what is the extent of the impact (of the attack)," he said.
Celebrate the life of Kevin Mitnick, leave a kind word or memory and get funeral service information care of King David Memorial Chapel & Cemetery.
RIP
Google Cloud Build bug lets hackers launch supply chain attacks
Finally done with my 120 CPEs for my CISSP. That was a long ride, happy to be done with it
Thank you for this!
Be careful, 2FA still has issues at the moment: https://github.com/LemmyNet/lemmy/issues/3309
Security CPE: FAQ and links
You have to provide some kind of documentation on the podcast. I've read about people submitting a spreadsheet every month with links, topics and duration
Thank you!
Historical decisions seem to be the most common reasons
Nix has been on my radar for a while too. The approach is takes to reproducibility looks very interesting
Thank you!
