Author Archive

DevSec Selection #19 – Swiss Army Knife for DevSecOps, DEF CON 32 Talks, Okta Authentication Vulnerability

DevSec Selection Logo

Intro Hey everyone! I’m excited to bring you this edition packed with insightful cybersecurity materials. From powerful DevSecOps tools to thought-provoking industry discussions, there’s something for everyone this week. First up, let’s take a look at interesting Mixeway Flow, an open-source tool designed to be the Swiss army knife for…

DevSec Selection #18 – Bug Bounty Hunting Resources, Vulnerability Prioritization, Time-to-Exploit Trends

DevSec Selection Logo

Intro Hey everyone! I hope you’re all doing well. This week, we’re diving into a variety of offensive application security topics, from bug bounty hunting, vulnerability exploitation techniques to AI prompt injection materials. We start with a great resource for beginners interested in bug bounty hunting — a search engine…

DevSec Selection #17 – Worst Place to Leave Your Secrets, Hacking Kia, DevSec Selection Insights

DevSec Selection Logo

Intro Hey everyone, this edition of DevSec Selection contains interesting application security topics for various experts, from web, mobile to DevSecOps. We start with a research presenting how quickly publicly disclosed secrets can be accessed by potential attackers. There is also an intriguing story about security flaws in Kia service…

DevSec Selection #13 – Malicious Packages Distributed, Security Automation and Prompt Airlines

DevSec Selection Logo

Intro Hi everyone! This edition covers some crucial cybersecurity topics. Check Point Research has revealed a sophisticated malware distribution network, Stargazers Ghost Network, using GitHub for phishing repositories. Additionally, a malicious Python package targeting macOS developers to steal Google Cloud Platform credentials was uncovered, emphasizing the need for vigilance in…

DevSec Selection #11 – RegreSSHion, API Rate Limiting, OWASP Quiz

DevSec Selection Logo

Intro Hi!The last few days have been full of news and articles about the RegreSSHion vulnerability, which affects hundreds of thousands of OpenSSH services. In this newsletter, you can find an article summarizing the vulnerability along with recommended remedial actions. If you’re working in Application Security field, I recommend taking the OWASP Top 10 Quiz to…