Claudius Link
boosted
Frédéric Jacobs
boosted
#CVECrowd, your go-to place for #CVE discussions on the Fediverse and Bluesky, now supports email alerts.
Here's how it works:
- You define one or more alert keywords
- Keywords are matched against vendor, product, and package names from official CVE data
- If a post mentions a CVE that matches one of your keywords, you receive an email notification
Read more below 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking
#CVECrowd, your go-to place for #CVE discussions on the Fediverse and Bluesky, now supports email alerts.
Here's how it works:
- You define one or more alert keywords
- Keywords are matched against vendor, product, and package names from official CVE data
- If a post mentions a CVE that matches one of your keywords, you receive an email notification
Read more below 🧵
#Pentesting #AppSec #InfoSec #CyberSecurity #BugBounty #Hacking
Claudius Link
boosted
The year 2025 is slowly coming to an end.
End of years can be joyful and relaxing, exciting and wholesome, full of reflection and gaining energy for the new year. This time can also be lonely and sad, incredibly stressful and terribly difficult to navigate, with folks barely making it through.
Let's be mindful and considerate - and help each other to move the needle. Now and in 2026. 💜
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi]
The year 2025 is slowly coming to an end.
End of years can be joyful and relaxing, exciting and wholesome, full of reflection and gaining energy for the new year. This time can also be lonely and sad, incredibly stressful and terribly difficult to navigate, with folks barely making it through.
Let's be mindful and considerate - and help each other to move the needle. Now and in 2026. 💜
#osco #osco26 #CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity [lisi]
John Siracusa
and 1 other
boosted
"Secure your app with Memory Integrity Enforcement" - An Apple Developer session: https://youtu.be/iYUMr3Y9fAU
https://developer.apple.com/documentation/Xcode/enabling-enhanced-security-for-your-app
"Secure your app with Memory Integrity Enforcement" - An Apple Developer session: https://youtu.be/iYUMr3Y9fAU
https://developer.apple.com/documentation/Xcode/enabling-enhanced-security-for-your-app
Jonathan Schofield
boosted
This is such a good read on how secrets end up in logs and neat advice on how to prevent this by @ar: https://allan.reyes.sh/posts/keeping-secrets-out-of-logs/ #RecommendedRead #AppSec #SecureCoding
Claudius Link
boosted
You're curious how the past editions of #osco turned out? We've got you covered! 🙌🏻
🎉 This was #osco25! Check out our recap: https://2025.opensecurityconference.org/conference/recapitulation/
💜 Gain impressions from all conferences: https://opensecurityconference.org/about/past-conferences/
✅ Save the dates for #osco26 on November 5-8, 2026! 😉
#CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
This is such a good read on how secrets end up in logs and neat advice on how to prevent this by @ar: https://allan.reyes.sh/posts/keeping-secrets-out-of-logs/ #RecommendedRead #AppSec #SecureCoding
You're curious how the past editions of #osco turned out? We've got you covered! 🙌🏻
🎉 This was #osco25! Check out our recap: https://2025.opensecurityconference.org/conference/recapitulation/
💜 Gain impressions from all conferences: https://opensecurityconference.org/about/past-conferences/
✅ Save the dates for #osco26 on November 5-8, 2026! 😉
#CyberSecurity #Security #InfoSec #AppSec #ProductSecurity #OTsecurity #OpenSpace [lisi]
nullagent
boosted
Moving Beyond the NPM elliptic Package
If you're in a hurry, head on over to soatok/elliptic-to-noble and follow the instructions in the README in order to remove the elliptic package from your project and all dependencies in node_modules. Art: CMYKat Why replace the elliptic package? Yesterday, the Trail of Bits blog published a post about finding cryptographic bugs in the elliptic library (a Javascript package on NPM) by using the Wycheproof.
http://soatok.blog/2025/11/19/moving-beyond-the-npm-elliptic-package/
#npm #crypto #cryptography #elliptic #security #infosec #cve #mitigation #appsec #javascript #js #npm #npmsecurity #npmpackages
Moving Beyond the NPM elliptic Package
If you're in a hurry, head on over to soatok/elliptic-to-noble and follow the instructions in the README in order to remove the elliptic package from your project and all dependencies in node_modules. Art: CMYKat Why replace the elliptic package? Yesterday, the Trail of Bits blog published a post about finding cryptographic bugs in the elliptic library (a Javascript package on NPM) by using the Wycheproof.
http://soatok.blog/2025/11/19/moving-beyond-the-npm-elliptic-package/
#npm #crypto #cryptography #elliptic #security #infosec #cve #mitigation #appsec #javascript #js #npm #npmsecurity #npmpackages
What cool shit can I add to a response header if I found poisoning? Aside from the boring "send in a whole new page?"
dch :flantifa: :flan_hacker:
boosted
Happy to announce that #Vienna is getting its own @owasp chapter.
We are still in the process of setting everything up, so make sure to check out https://owasp.org/www-chapter-vienna/ for the latest status. :)
You can find all the current chapter leaders here in the #Fediverse: @firefart, @matthegap, @ntrm, @tightropemonkey, and me @shibayashi.
If you are interested in #AppSec or #Security in general, and happen to be around in Vienna when we have one of our meetups, come and join us. 😊
Happy to announce that #Vienna is getting its own @owasp chapter.
We are still in the process of setting everything up, so make sure to check out https://owasp.org/www-chapter-vienna/ for the latest status. :)
You can find all the current chapter leaders here in the #Fediverse: @firefart, @matthegap, @ntrm, @tightropemonkey, and me @shibayashi.
If you are interested in #AppSec or #Security in general, and happen to be around in Vienna when we have one of our meetups, come and join us. 😊
We, as an industry, need to start giving very specific and clear advice, if we want to have better outcomes. No more high level, vague, and ambiguous advice please.
