A01:2021 - Broken Access Control email scheduled to go out in 7 hours. It's a long one folks, but we cover a lot of ground and I hope it proves to be a great resource. I've also linked to a lot of prior tips and In Depths, so there is plenty to dig into.

Next week... crypto! 🤓

Working on my first @owasp@twitter.com Top 10 email for Laravel Security in Depth, covering 'A01:2021 - Broken Access Control' and how it relates to @laravelphp@twitter.com. It's a topic I'm always talking about in my talks and security audits, so I've got a lot to say!
larasec.substack.com/

Importantly the two pieces of personally identifiable information (financial info and password) that can be changed were not accessed. 🤨

Pity the ones you can't easily change were accessed... 🤦

RT @DailyRoP@twitter.com

This felt like it was straight out of JA Bayona's 'A Monster Calls'.

I love when TV and movies use animation to tell a story or fairytale, and the imagery here is gorgeous.

🐦🔗: twitter.com/DailyRoP/status/15

It's settled @GregSkerman@twitter.com, the Balrog has wings! 🥰

RT @tolkienarchives@twitter.com

🐦🔗: twitter.com/tolkienarchives/st

RT @DailyRoP@twitter.com

It's that time! @myelessar@twitter.com and I are back with a 2 hour discussion on Ep 4

Listen to Anna fail to beat the Adar simp allegations, as I lament Celebrimbor's sidelining, and lots more fun inbetween!

Episode 24 - Breakdown of Episode 4 sites.libsyn.com/428064/episod

🐦🔗: twitter.com/DailyRoP/status/15

RT @JustSteveKing@twitter.com

This is a must have for any dev team! Whether you're a manager or not, security principles are a skill we all need!

Check it out!

twitter.com/valorin/status/157

🐦🔗: twitter.com/JustSteveKing/stat

RT @ComfyConAU@twitter.com

Comfycon challenges @AISA_National@twitter.com. If we can assemble a quality, 100% female or non binary conference, for the weekend after the 18th November, that's the weekend after PerthSec, you make a donation to @awsn_au@twitter.com to the Project Friedman initiative for female first time speakers.

🐦🔗: twitter.com/ComfyConAU/status/

Request: Stop replacing podcasts with "Spotify Audio" or YouTube videos.

I want to use my own podcast app to listen, not a walled garden or a media site that forgets what I was listening to and where I was up to!

RT @mattturck@twitter.com

Request: shorter podcasts.

🐦🔗: twitter.com/mattturck/status/1

📢 Hey, Tech Leads & Engineering Managers (and anyone else who manages devs)!

We're starting on the OWASP Top 10 next week in Laravel Security in Depth, sign up your team and I'll train them on essential @laravelphp@twitter.com security skills.🔥

Team signup @ larasec.substack.com/subscribe

RT @Bliss_Hughes@twitter.com

I feel like it doesn’t NEED to be said, but with The Two Towers having its’ 20th this year, we are STILL in the middle of celebrating .

The Lord of the Rings is truly timeless and inspired filmmaking.

🐦🔗: twitter.com/Bliss_Hughes/statu

Can anyone suggest a good IoT pool thermometer? Wifi would be nice, so I don't need to stuff around with any other hardware.
We currently just have Google Home, but I'm interested in diving into Home Assistant.

RT @WOTWatchParty@twitter.com

You are summoned to the server - present yourselves! Choose spoiler & non-spoiler channels, share future episode ideas, interact with our panel, & maybe even get selected to be a guest on the show!

discord.gg/XAGDzNTvT2

🐦🔗: twitter.com/WOTWatchParty/stat

Starting next week: Laravel Security and the OWASP Top 10.🔥

Join me as we dive into the @owasp@twitter.com Top 10, covering a different risk each week and how they relate to @laravelphp@twitter.com security. This series is not to be missed!

larasec.substack.com/p/laravel

Surely you can detect malicious use too... It would follow a specific pattern and you could build some risk scores and throw up warnings.

Show thread

But seriously @anydesk@twitter.com, why aren't there big scammer warnings I need to agree to before using your software??
There was absolutely nothing telling me a scammer might be using your software. It's a hard problem to solve but you're not doing anything...

Well that was fun, and a bit if a let down... strung along a eBay scammer for 30 minutes. They tried to install @anydesk@twitter.com (no surprise there!), and even after I got bored and told them who I was, they kept calling to try again. 🤣

Finally reached my favourite passage in The Hobbit.

Mr 6 fell asleep during it. Apparently my Smaug voice is very smooth and sleep inducing... Or maybe it was Smaug's dragon-spell. 🐲

In Depth #11: Insecure Direct Object Reference (IDOR)

In the eleventh In Depth we explored IDOR vulnerabilities through a series of fun interactive challenges, and learned about protecting routes and hiding information! 😈
larasec.substack.com/p/in-dept

Show older
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.