| 2024-05-07 |
Bypassing Certificate Pinning on Flutter-based Android Apps. A new guide. |
Certificate Pinning ‧ Christian Cotignola (@b4dsheep) |
|
| 2024-04-17 |
Semgrep Rules for iOS Application Security (Swift) |
iOS ‧ Maurizio Siddu |
|
| 2023-06-22 |
A Cool New Project: Semgrep Rules for Android Apps Security |
Android Security ‧ Stefano Di Paola |
|
| 2023-03-27 |
20 years of Software Security: threats and defense strategies evolution |
Matteo Meucci |
|
| 2023-02-24 |
OWASP Global AppSec Dublin 2023: WorldWide and Threat Modeling |
OWASP ‧ Matteo Meucci |
|
| 2022-07-28 |
UN ECE 155 Threats in the real world: Wireless Networking Attacks and Mitigations. A case study |
Automotive ‧ Stefano Di Paola |
|
| 2021-12-14 |
The Worst Log Injection. Ever. (Log4j [2.0.0-alpha,2.14.1] ) |
appsec ‧ Stefano Di Paola |
|
| 2021-08-31 |
A Journey Into the Beauty of DNSRebinding - Part 2 |
DeviceSecurity ‧ Anonymous |
|
| 2021-05-27 |
Mobile Screenshot Prevention Cheatsheet - Testing and Fixing |
Android Security ‧ Martino Lessio |
|
| 2021-02-26 |
A Journey Into the Beauty of DNSRebinding - Part 1 |
DeviceSecurity ‧ Alessandro Braccio |
|
| 2021-01-26 |
Demystifying Web Cache Threats |
Application Security ‧ Giorgio Rando |
|
| 2020-12-06 |
Secure Development Lifecycle: the SDL value evolution. Part 1 |
compliance ‧ Anonymous |
|
| 2020-12-06 |
How to prevent Path Traversal in .NET |
absolute path check ‧ Giorgio Fedon |
|
| 2020-12-06 |
From Path Traversal to Source Code in Asp.NET MVC Applications |
asp.net ‧ Fabrizio Bugli |
|
| 2020-12-06 |
Pentesting IoT devices (Part 2: Dynamic Analysis) |
Lorenzo Comi |
|
| 2020-12-06 |
A practical guide to testing the security of Amazon Web Services (Part 2: AWS EC2) |
Federico De Meo |
|
| 2020-12-06 |
A practical guide to testing the security of Amazon Web Services (Part 1: AWS S3) |
Federico De Meo |
|
| 2020-12-06 |
Pentesting IoT devices (Part 1: Static Analysis) |
Lorenzo Comi |
|
| 2020-12-06 |
Microservices Security: Dos and Dont's |
agile ‧ Stefano Di Paola |
|
| 2020-12-06 |
Antitamper Mobile - Minded Security's Magik Quadrant for Mobile Code Protection (2018 Edition) |
Android Security ‧ Anonymous |
|
| 2020-12-06 |
Shhlack, message encryption for Slack |
Encryption ‧ Stefano Di Paola |
|
| 2020-12-06 |
DOM XSS in Google VRView library |
Federico Fazzi |
|
| 2020-12-06 |
JavaScript security and tools evolution talk at OWASP Taiwan Week 2017 |
blueclosure ‧ David Cervigni |
|
| 2020-12-06 |
OWASP Summit 2017: what's new? |
OWASP ‧ Matteo Meucci |
|
| 2020-12-06 |
RCE in Oracle NetBeans Opensource Plugins: PrimeFaces 5.x Expression Language Injection |
Arbitrary Code Execution ‧ Giorgio Fedon |
|
| 2020-12-06 |
RAT WARS 2.0: Advanced Techniques for Detecting RAT Screen Control |
Banking Malware ‧ Unknown |
|
| 2020-12-06 |
Request parameter "_method" may lead to CakePHP CSRF Token Bypass |
Giorgio Fedon |
|
| 2020-12-06 |
WAF Journey - Fixing Telerik UI Remote Code Execution via Arbitrary File Upload |
Supply Chain Security ‧ Anonymous |
|
| 2020-12-06 |
Mobile Screenshot prevention Cheat Sheet - Risks and Scenarios |
Android Security ‧ Martino Lessio |
|
| 2020-12-06 |
Implementing Secure Biometric Authentication on Mobile Applications |
Android ‧ Michele Tumolo |
|
| 2020-12-06 |
Behave! A monitoring browser extension for pages acting as "bad boi". |
Stefano Di Paola |
|
| 2020-12-06 |
Remote Working - Web Chats: Threats and countermeasures |
chat ‧ Fabrizio Bugli |
|
| 2020-12-06 |
OWASP SAMM v2: lessons learned after 9 years of assessment |
Matteo Meucci |
|
| 2020-12-06 |
How to Path Traversal with Burp Community Suite |
blackbox ‧ Enrico Aleandri |
|
| 2020-12-06 |
A practical guide to testing the security of Amazon Web Services (Part 3: AWS Cognito and AWS CloudFront) |
Federico De Meo |
|
| 2020-12-06 |
Secure Development Lifecycle: the SDL value evolution. Part 2 |
DEVSECOPS ‧ Anonymous |
|
