🔒 Upstream 2024 recap: Escaping the CVE dungeon 🔒 What happens when CVEs are submitted to GitHub Issues? 🧐 During Upstream 2024, James Berthoty, tackled this frustrating process in his talk, "How can we get CVEs out of GitHub Issues?" James shed light on the challenge that both security professionals and maintainers face when vulnerability scanners flag #CVEs. These are often reported to maintainers without proper validation, overwhelming them with unverified #vulnerabilities. As James pointed out, "The goal here is to find our way out of the CVE dungeon in which we have unfortunately locked ourselves in." He highlighted the importance of clearer maintainer security policies and called for vulnerability scanners to focus on upstream direct dependencies rather than the endless transitive ones that cause unnecessary noise. 🎯 This talk is a must watch for anyone navigating the complexities of #opensource security. Watch the full talk here 👉 https://lnkd.in/ghqxEzqc
Tidelift’s Post
More Relevant Posts
-
📢 New Insight: Information Disclosure via Backup Files 🔒 Check out this intriguing article from PortSwigger on a common yet often overlooked security issue: information leakage through backup files. The lab walkthrough demonstrates practical steps to exploit and mitigate this vulnerability, making it a must-read for cybersecurity enthusiasts and professionals aiming to strengthen their defense strategies. Stay informed, stay secure! #Cybersecurity #InfoSec #DataProtection #BackupFiles #PortSwigger #VulnerabilityAssessment #InformationDisclosure
-
🚨 New Security Challenge: User Role Controlled by Request Parameter 🚨 Access control is a fundamental aspect of web security, yet it can be surprisingly easy to overlook. This insightful lab from PortSwigger dives into the vulnerabilities that arise when user roles are controlled by request parameters. Learn how attackers exploit these weaknesses and discover best practices to fortify your applications against such threats. #CyberSecurity #WebSecurity #AccessControl #AppSec #EthicalHacking #PortSwigger
Lab: User role controlled by request parameter | Web Security Academy
portswigger.net
-
🚀 Just conquered the Inconsistent Handling of Exceptional Input lab on PortSwigger’s Web Security Academy! 🎉 This lab sheds light on a critical aspect of web security: business logic vulnerabilities. Remember, my friend, business logic is like a delicate Jenga tower. One wrong move, and the whole thing collapses. So, wield your newfound power wisely, and may your exploits be legendary! 💻🔐 #WebSecurity #EmailTricks #BusinessLogic #PortswiggerAcademy
Lab: Inconsistent handling of exceptional input | Web Security Academy
portswigger.net
-
Cyber Security Specialist at Futuralab |VAPT| |Network Penetration Tester| |Web Penetration Tester| | Active Directory | | Buffer Overflow |
Thrilled to share my latest milestone: conquering the lab on 'User Role Controlled by Request Parameter' with PortSwigger! 🚀💼 Strengthening my understanding of access control vulnerabilities and enhancing cybersecurity prowess. #PortSwigger #Cybersecurity #AccessControl #HandsOnLearning
Lab: User role controlled by request parameter | Web Security Academy
portswigger.net
-
This vulnerability allows an attacker to change their role in the application by manipulating request parameters, potentially leading to unauthorized access to admin functions. #WebSecurity #PenetrationTesting #CyberSecurity #PortSwigger #AccessControl
Lab: User role controlled by request parameter | Web Security Academy
portswigger.net
-
Just finished the course “Web Security: OAuth and OpenID Connect (2019)” by Keith Casey! Check it out: https://lnkd.in/eFNYFMSR #secureauthentication.
Certificate of Completion
linkedin.com
-
Ever wish you could identify which PRs have more risky changes? Want to know which PRs are modifying auth() in your application stack? At DryRun Security, we released an analyzer that does just that. This is part of our Contextual Security Analysis approach and shows up right in GitHub as "AI-powered Sensitive Function Check." Want to see it in action? I'd love to show it to you. You can install it or book a demo at https://lnkd.in/g45htJia (or just DM me).
-
-
Just finished the course “Web Security: OAuth and OpenID Connect (2019)” by Keith Casey! Check it out: https://lnkd.in/gcVkrEjv #secureauthentication.
Certificate of Completion
linkedin.com
-
Pursuing Expertise in Smart Contract Auditing | Aspiring Blockchain Security Researcher | Dedicated to Ensuring Secure Decentralized Systems
Maybe I didn't learn everything the first time around... Starting over at the Web Security Academy to ensure that no pesky bugs get through! This is the Web Security Academy's first information disclosure lab! 263 more to go. #neverstoplearning #websecurityfail #betterlatethannever
Lab: Source code disclosure via backup files | Web Security Academy
portswigger.net
-
Just finished the course “Web Security: OAuth and OpenID Connect (2019)” by Keith Casey! Check it out: https://lnkd.in/dtA4aNDb #secureauthentication.
Certificate of Completion
linkedin.com
