infosec   15996

« earlier    

Zero Trust Access Management Platform | ScaleFT
A BeyondCorp-inspired platform that shifts access controls from the network perimeter to the application layer, to perform dynamic, real-time authorization
product  company  security  infosec  authorization  authentication  AccessManagement  BeyondCorp  platform 
yesterday by rafaeldff
Common Vulnerability Scoring System SIG
The Common Vulnerability Scoring System (CVSS) provides a way to capture the principal characteristics of a vulnerability and produce a numerical score reflecting its severity. The numerical score can then be translated into a qualitative representation (such as low, medium, high, and critical) to help organizations properly assess and prioritize their vulnerability management processes.

CVSS is a published standard used by organizations worldwide, and the SIG's mission is to continue to improve it.
infosec  CVSS  security  seguridad  cybersecurity  ciberseguridad 
yesterday by qiqetin
‘We Got to Be Cool About This‘: An Oral History of the L0pht, Part 1 | Decipher
Factory is probably too grand a word for it, but the space that would eventually become the first home of L0pht Heavy Industries began as the location of a hat-making business. The second-floor spot in a building in Boston's South End was where the wives of two of the L0pht founders spent their days making and selling hats. Soon, it would be the workspace of some of the top white hat hackers on the planet.
history  security  computers  infosec 
2 days ago by docwlad
notes/Gathering-weak-npm-credentials.md at master · ChALkeR/notes
Or how I obtained direct publish access to 14% of npm packages (including popular ones).
The estimated number of packages potentially reachable through dependency chains is 54%.
javascript  npm  security  js  breach  infosec  netsec  hacks 
2 days ago by agius
sensepost/objection: 📱 objection - runtime mobile exploration
objection is a runtime mobile exploration toolkit, powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.

The project's name quite literally explains the approach as well, whereby runtime specific objects are injected into a running process and executed using Frida.
infosec  pentesting  mobile  android  ios  tools 
4 days ago by z0mbi3
NetSPI/SQLInjectionWiki: A wiki focusing on aggregating and documenting various SQL injection methods
This wiki's mission is to be a one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities across various Database Management Systems.
infosec  pentesting  techniques  sqli  webapp  reference 
4 days ago by z0mbi3
andresriancho/websocket-fuzzer: Simple HTML5 WebSocket fuzzer
A simple websocket fuzzer for application penetration testing.

Two tools are provided:

websocket-fuzzer.py: Receives a websocket message, modifies it, and then sends it in different connections. The response is analyzed to find potential vulnerabilities.

send-one-message.py: Sends a websocket message using a new connection
infosec  pentesting  webapp  tools 
4 days ago by z0mbi3

« earlier    

related tags

/  academia  accessmanagement  ai  amazon  and...  and  android  androidsecurity  apple  archive  arm  assembly  attacks  audit  authentication  authorization  automation  aws  best  beyondcorp  bodyofknowledge  bok  books  breach  bugs  business  c_suite_communications  cheatsheet  checklist  ciberseguridad  cli  command_line  comms  community  company  computers  consultants  cops  crypto  cryptography  csp  ctf  cvss  cwe  cwss  cybersecurity  cyberseguridad  data  development  devops  digitaltransformation  disclosure  domain  dorks  education  efail  email  encryption  engineering  eu  exploits  framework  gdpr  git  github  gmail  google  gpg  grimmeathook  hacking  hacks  hardening  history  howto  humans  humor  infrastructure  ios  isecom  it_sicherheit  itsec  javascript  job  js  kernel  law  legal  linux  malware  mindmap  mobile  mobilesecurity  monitoring  netsec  networking  news  nginx  nodejs  npm  object  openbsd  original-study  os  osstmm  papers  password  passwords  pentest  pentesting  pgp  phones  physics  platform  praxis  privacy  product  programming  programming_course  quantum  quantumcomputers  qwasp  recon  redteam  reference  removal  reviews  rowhammer  s3  saleft  sandbox  science  search  security  seguridad  shiny  signal  smarterhome  software  sqli  standard  tech  techniques  testing  toolkit  tools  tor  training  tumblr  twitter  utility  vectors  vendor  via-diigo  via-ifttt  virus  vpn  vulnerability  war  web  webapp  webdev  websites/apps/extensions  windows    🇮🇷 

Copy this bookmark:



description:


tags: