This media is not supported in your browser
VIEW IN TELEGRAM
#BurpHacksForBounties - Day 28/30 - Super CSRF POC Generator Hack.
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
CSRF POC generator is only available in Burp Suite pro, but not anymore.
Use this -> https://github.com/merttasci/csrf-poc-generator by @mertistaken
#infosec #burp #appsec #security #bugbountytips #bugbountytip #cybersecurity
#BurpHacksForBounties - Day 29/30
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
No Collaborator No worries
Burp Suite Collaborator is part of pro, so use requestbin.net
- Exactly same as collaborator
- Free 20 requests without login
- HTTP bin
- DNS bin
#infosec #appsec #bugbountytips #bugbountytip #burp
Forget Password Vulns
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
https://www.xmind.net/m/nZwbdk/
#AppSec #hacking #bugbountytips #websecurity #xmind
Xmind
Common Vulnerabilities on Forget Password Functionality
A Mind Map about Common Vulnerabilities on Forget Password Functionality submitted by Harsh Bothra on Jul 23, 2021. Created with Xmind.
Beginners Guide to 0day/CVE AppSec Research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Walks through finding open-source web apps, environment setup, debugging for vulns, creating a Blind SQL time-based exploit, and publishing to @ExploitDB/MITRE CVE
https://0xboku.com/2021/09/14/0dayappsecBeginnerGuide.html
#appsec #0day #research
Boku
Beginners Guide to 0day/CVE AppSec Research
DevSecOps pipelines
— Secrets scan
— Code scan
— Dependency check (code libraries + image packages)
— DAST
— Exposures check
Pipelines:
https://gitlab.com/whitespots-public/pipelines
Security scanners:
https://gitlab.com/whitespots-public/security-images
Example project integration:
https://gitlab.com/whitespots-public/vulnerable-python-app
#appsec #devsecops #pipelines
— Secrets scan
— Code scan
— Dependency check (code libraries + image packages)
— DAST
— Exposures check
Pipelines:
https://gitlab.com/whitespots-public/pipelines
Security scanners:
https://gitlab.com/whitespots-public/security-images
Example project integration:
https://gitlab.com/whitespots-public/vulnerable-python-app
#appsec #devsecops #pipelines
🔥3👍2
List of Vulnerable Functions for Different Languages
This list contains signatures for potentially vulnerable functions for numerous languages in a format suitable for use.
https://rules.sonarsource.com/
https://github.com/wireghoul/graudit
#appsec #vulnerable #function #source
This list contains signatures for potentially vulnerable functions for numerous languages in a format suitable for use.
https://rules.sonarsource.com/
https://github.com/wireghoul/graudit
#appsec #vulnerable #function #source
🔥4
🎁 Application Security Pipelines
(Now with guides)
Scan your code, infrastructure configs and domains with many open source scanners.
Currently supported: trufflehog, gitleaks, bandit, gosec, spotbugs, terrascan, hadolint, retirejs, eslint, phpcs, sonarqube integration, semgrep, arachni, zap, subfinder, nuclei..
All reports will be passed to defectdojo
Guides:
https://github.com/Whitespots-OU/DevSecOps-Pipelines
Integration examples:
https://gitlab.com/whitespots-public/vulnerable-apps
#appsec #devsecops #pipelines
(Now with guides)
Scan your code, infrastructure configs and domains with many open source scanners.
Currently supported: trufflehog, gitleaks, bandit, gosec, spotbugs, terrascan, hadolint, retirejs, eslint, phpcs, sonarqube integration, semgrep, arachni, zap, subfinder, nuclei..
All reports will be passed to defectdojo
Guides:
https://github.com/Whitespots-OU/DevSecOps-Pipelines
Integration examples:
https://gitlab.com/whitespots-public/vulnerable-apps
#appsec #devsecops #pipelines
👍4🔥2