FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
☐ β˜† βœ‡ The Hacker News

Bug or Feature? Hidden Web Application Vulnerabilities Uncovered

By: The Hacker News β€” December 15th 2023 at 11:08
Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet
☐ β˜† βœ‡ The Hacker News

New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now

By: Newsroom β€” December 12th 2023 at 05:23
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution. Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file
☐ β˜† βœ‡ The Hacker News

New Webinar: 5 Must-Know Trends Impacting AppSec

By: The Hacker News β€” October 30th 2023 at 12:09
Modern web app development relies on cloud infrastructure and containerization. These technologies scale on demand, handling millions of daily file transfers – it's almost impossible to imagine a world without them. However, they also introduce multiple attack vectors that exploit file uploads when working with public clouds, vulnerabilities in containers hosting web applications, and many other
☐ β˜† βœ‡ The Hacker News

Nation State Hackers Exploiting Zero-Day in Roundcube Webmail Software

By: Newsroom β€” October 25th 2023 at 13:20
The threat actor known asΒ Winter VivernΒ has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023, to harvest email messages from victims' accounts. "Winter Vivern has stepped up its operations by using a zero-day vulnerability in Roundcube," ESET security researcher Matthieu FaouΒ saidΒ in a new report published today. Previously, it was using known
☐ β˜† βœ‡ The Hacker News

Top SaaS Cybersecurity Threats in 2023: Are You Ready?

By: The Hacker News β€” January 9th 2023 at 07:56
Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be.Β 1 β€” Web application weaknesses Web applications are at the core of what SaaS companies do and how they operate, and they can store some of
☐ β˜† βœ‡ The Hacker News

Does the OWASP Top 10 Still Matter?

By: The Hacker News β€” October 13th 2022 at 11:50
What is the OWASP Top 10, and – just as important – what is it not? In this review, we look at how you can make this critical risk report work for you and your organisation. What is OWASP? OWASPΒ is the Open Web Application Security Project, an international non-profit organization dedicated to improving web application security.Β  It operates on the core principle that all of its materials are
❌