cybersecurity

Introducing brainstorm Brainstorm is a web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery. It combines traditional web fuzzing techniques (as implemented in ffuf) with AI-powered path generation to discover hidden endpoints, files, and directories in web applications. Brainstorm usually finds more endpoints with fewer requests. The tool […]

It’s nearly 2025, yet SQL injection still ranks as the #3 most dangerous application security weakness. Despite tech industry hype suggesting that SQL databases are on their way out and it’s only a matter of time before they’re all replaced by NoSQL, GraphQL, or some other QL, SQL injections continue to feature in data breaches

The underlying vulnerability: Unsafe initialization vectors in TLS 1.0 The vulnerability in version 1.0 of the TLS (Transport Layer Security) protocol that was later exploited in the BEAST attack had been known since 2002 and fixed in the TLS 1.1 specification from 2006. It was considered impractical to exploit, as it required a huge number

Diffusion models Diffusion models are generative artificial intelligence models that produce unique photorealistic images from text prompts. A diffusion model creates images by slowly turning random noise into a clear picture. It starts with just noise and, step by step, removes bits of it, slowly shaping the random patterns into a recognizable image. This process

Intro to NotebookLM One of the tools that I found recently and I keep using more and more each day is NotebookLM from Google Labs. NotebookLM is a great tool for learning new topics, researching large amounts of data, summarizing data. The data is organized into notebooks, each notebook can contain multiple sources of data.You

Time-based SQL injection is a type of attack where the attacker checks if a website has a vulnerability by measuring how long it takes for the database to respond. In this attack, the attacker injects SQL code into a web input field, like a search box or form, to make the database respond slowly on

Invicti is expanding its application security testing capabilities by adding comprehensive SCA to complement its existing SAST and DAST capabilities. Through a strategic partnership with Mend, Invicti now offers static SCA on its AppSec platform, enhancing its supply-chain security capabilities. To provide multiple layers of component security checking, Mend SCA operates at both the code

Anyone responsible for application security across an entire organization inevitably wrestles with the same questions day in, day out: What assets are we exposing to the world? What risks does that exposure bring? What are the priority actions for addressing those risks? How do we remedy this stuff? And is there really no way to

What are injection attacks? Injection attacks refer to any type of attack that targets injection vulnerabilities—a broad category of cybersecurity weaknesses that includes several of the most serious application security risks. While you could argue it’s an artificial way to group otherwise unrelated attacks, the OWASP Top 10 for 2021 took this exact approach, naming

There’s no silver bullet solution with cybersecurity, a layered defense is the only viable defense. —James Scott, Fellow at the Institute for Critical Infrastructure Technology Building up overlapping and complementary layers of security is a crucial goal for any company’s cybersecurity program, and web applications and APIs are at the heart of that effort. But