Colin Glenn’s Post

Find Sensitive Information in JavaScript Files ! 🕵️♂️ https://lnkd.in/gGC9TNPw #WebSecurity #JavaScript #CyberSecurity #Pentesting #Development #SecureCoding #API #Tech #YouTube

My write-up on Temple of Doom from VulnHub 👾 Medium This machine had a lot vulnerabilities to learn from, perfect practice for OSCP. If you’re into CTFs, pentesting, or just curious about how I approached it, check out the writeup on GitHub. #CTF #VulnHub #PenTesting #OSCP #InfoSec #WriteUp

Bug Bounty Tip For Injection Vulnerability: Search for hidden (and visible) input fields and try to set the value via GET… a lot of Webapps still use $_REQUEST… you will be surprised ;) if you have a reflected value -> check of html/script injection ;)

Your path to your first CVE just got clearer. 👀 Our latest blog takes you step-by-step through Vulnhuntr, from installation to reporting, and lands you at that coveted CVE number. Get the guide here: https://hubs.ly/Q02YZ9X80 💡 Pro Tip: Manually validate your findings before reporting—maintainers will thank you later! #bugbounty #vulnerabilityresearch #huntr

Excited to announce my first published CVE: 🚨CVE-2024-56361 I had been working on Open Source Contributions for school, and decided to focus on Security as is my calling. I reviewed codebases written in Rust, PHP, JavaScript, and Python, and found a couple of fundamental product security vulnerabilities that I have been reporting, and this is the first to get published. Combining DAST and Manual Code Reviews, I worked with maintainers to ensure the safe release of vulnerabilities via the CI/CD pipelines, as well as pushing fixes, allowing n-days to be handled properly. I’ve also published a detailed GitHub Security Advisory, which you can find here: GHSA-xx95-62h6-h7v3. https://lnkd.in/eFd9pZUs Let’s invest in security, one CVE at a time! #AppSec #CVE #InfoSec #CodeReview #GitHub #OpenSource

#CoderGirlsAarhus is happening on the 6th of February at INCUBA A/S. Security researcher 🍁 Sylwia Budzynska will introduce us to security research using static code analysis and lead a workshop on finding vulnerabilities with #CodeQL🔬🕵️ The event is open to all skill levels interested in programming. Sign up via the link👇 https://lnkd.in/d5p4XwYb #securityresearch #staticanalysis #Github #CodeQL

A friend told me about super-linter on github so i decided to try it today and below is the result after using it on a CI/CD project. Checkov: analyzes codebase for permissions issues Gitleaks: helps you find potential security vulnerabilities in your git repositories, files, and directories Javascript_ES: analyzes Javascript for code quality issues Javascript_Standard: analyzes for Javascript format issues JSCPD: Analyzes for duplicated code Super-linter is free and open-source, so there is no excuse not to add it to your project. I highly recommend configuring it within your project. You will be surprised where the errors in your codebase surface.

CORS vulnerabilities in Rust 🦀? Same common mistakes, new language. 🐛 Look out for starts_with(), contains(), and even some interesting ends_with() cases. Developers love trusting strings too much. 🌐🔍 Check out our new dive into Rust CORS issues: https://lnkd.in/g7t4_qmW #AppSec #RustLang #CodeReview

These are simple issues, but they illustrate how, by thinking of vulnerabilities as patterns rather than code, you can move from one language to another.

Ever wished bugs could fix themselves? (Not really as we'll be out of work, but let's pretend we did 🤓) GitHub's new code scanning autofix, powered by (OFC) Copilot and CodeQL, is again threatening to take our jobs away. Well, at least the boring part. This is a beta tool which identifies vulnerabilities 🥱 but then - it also suggests fixes 🤩, saving us time and effort. (At least until AGI comes along with a mind of its own and decides fixing bugs is too boring 🤨) https://lnkd.in/dPDnCxqb