Hi/5: WrongSecrets, IT Assets, OWASP Top 10, CORS and Password Wisdom

Update: 2021-11-17

Description

Commonjoe/ WrongSecrets - https://github.com/commjoen/wrongsecrets
Improper secret storage is a common technology problem. Use this tool to expose your developers to how to do it wrong, so they can learn how to do it right

List of IT Assets an Attacker is most likely to Extort -https://www.helpnetsecurity.com/2021/10/13/it-assets-target/
Attackers love IT assets; here are the top things they are targeting and exploiting.

OWASP Top 10 2021: 7 action items for app sec teams https://www.securityjourney.com/post/owasp-top-10-2021-7-action-items-for-app-sec-teams
Your AppSec team has work to do with the new OWASP Top Ten for 2021.

How to win at CORS - https://jakearchibald.com/2021/cors
CORS is tough to implement correctly and develop against – but it is worth the effort. Security is often difficult.

7 Unconventional Pieces of Password Wisdom -https://www.darkreading.com/application-security/7-unconventional-pieces-of-password-wisdom
Nice summary of NIST 800-63b.

Comments

In Channel

Long Live SBOMs, Application Risk Profiling, Software Supply Chain, and more

2022-06-2302:25

Implementation of DevSevOps, Product Security Leads, GO Mitigations, and more

2022-06-0902:35

Hi/5: Automated Threat Modeling; In depth research; GitHub 99 designs/aws-vault; Nginx

2022-05-2602:49

Internal Secrets; SHA-256; 28,000 Vulnerabilities disclosed in 2021; Threat Modeling.

2022-05-1202:49

Terraform, CI/CD, Bug Bounties and more

2022-04-2802:39

Python Repos, Advanced SQL, NPM corruption, and more

2022-04-1202:32

XSS, Cybersecurity Management, OWASP Top Ten review, Web3 and more

2022-04-0503:03

ZAPping, AWS, and DevSecOps! Oh My!

2022-03-1703:31

Container Security, Securing our Software Future, Threat Modeling Medical Devices and more

2022-03-0203:06

Exact Dependencies, Insecure Design, How To Learn Stuff Quickly and more

2022-02-1703:06

Trojan Source Attacks, AppSec Things to Watch, AWS WAF's Dangerous Defaults and more

2022-01-2703:06

Holiday Hi/5: OWASP Top 10 Analysis, OWASP A08:2021, All Things SSRF, and more

2021-12-1702:41

Hi/5: Minimum Viable Secure Product, Bandit, Sigstore and more

2021-12-0202:41

Hi/5: WrongSecrets, IT Assets, OWASP Top 10, CORS and Password Wisdom

2021-11-1702:23

How Yahoo Built a Culture of Cybersecurity, minimaxir/big-list-of-naughty-strings, Issue #4409, OWASP A08:2021, Apache Servers

2021-10-2103:06

Threat Modeling, Highest Quality of Software Code, Cloud Company, and more

2021-10-0702:41

New and Growing Threats, HTTP/2, DefCon29, and More

2021-09-0204:34

Empty Npm Package, Privacy, Security Automation, and More

2021-08-2605:12

SQL Injection Vulnerabilities, Security Nihilism, Passwords, and More

2021-08-1904:42

Threat Modeling, Secure-Coding-Handbook, Security Headers, and more

2021-08-1204:52

00:00

Hi/5: WrongSecrets, IT Assets, OWASP Top 10, CORS and Password Wisdom

#box-pro-ellipsis-17614264855209{-webkit-line-clamp:2;}Hi/5: WrongSecrets, IT Assets, OWASP Top 10, CORS and Password Wisdom

Hi/5: WrongSecrets, IT Assets, OWASP Top 10, CORS and Password Wisdom

Security Journey

Hi/5: WrongSecrets, IT Assets, OWASP Top 10, CORS and Password Wisdom