FreshRSS

πŸ”’
❌ About FreshRSS
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Today β€” April 25th 2024Your RSS feeds
Yesterday β€” April 24th 2024Your RSS feeds
Before yesterdayYour RSS feeds

[Article] Sniping at web applications to discover input-handling vulnerabilities

By /u/daindragon2

Web applications play a crucial role in modern businesses, offering various services and often exposing sensitive data that can be enticing to attackers. As a result, there is a growing interest in finding innovative approaches for discovering vulnerabilities in web applications. In the evolving landscape of web security, the realm of fuzz testing has garnered substantial attention for its effectiveness in identifying vulnerabilities. However, existing literature has often underemphasized the nuances of web-centric fuzzing methodologies. This article presents a comprehensive exploration of fuzzing techniques specifically tailored to web applications, addressing the gap in the current research. Our work presents a holistic perspective on web-centric fuzzing, introduces a modular architecture that improves fuzzing effectiveness, demonstrates the reusability of certain fuzzing steps, and offers an open-source software package for the broader security community. By addressing these key contributions, we aim to facilitate advancements in web application security, empower researchers to explore new fuzzing techniques, and ultimately enhance the overall cybersecurity landscape

submitted by /u/daindragon2
[link] [comments]

Customised CVE Notifier based on keywords

By /u/shantanu14g

I coded this over the weekend. It's my first hands-on experience with Golang, and I had fun.

This basically scrapes the RSS feed from vuldb.com and notifies on Slack when any CVEs matching the keywords are added.

Keywords can be any technology or product that you want to track, e.g., CVEs related to Apple, WordPress, Ivanti VPN, etc.

The intended users are bug bounty hunters who want to look out for interesting CVEs and organizations that want to take action when any CVE affecting them is released.

Feedback and criticism are always welcome.

Ideally, I would like to scrape the NVD API instead of vuldb, but I will work on that later.

submitted by /u/shantanu14g
[link] [comments]

Security headers audit tool

By /u/SmokeyShark_777

Hello guys! Here's a Go tool to check HTTP security headers insecure configuration. It supports Content-Security-Policy directives audit as well and can be used to assess multiple webpages/domains. If someone wants to collaborate or just leave feedback, here's the repo!

submitted by /u/SmokeyShark_777
[link] [comments]

CVE 10.0 vulnerability in PAN-OS

By /u/kerubi

This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 firewalls with the configurations for both GlobalProtect gateway and device telemetry enabled.

No patch yet, apply mitigations. Actively exploited.

submitted by /u/kerubi
[link] [comments]
❌