How I found a $5,000 Command Injection via an RSS validator #bugbounty #infosec #bugbountytip #bugbountytips #hackerone #webapplicationsecurity #vulnerability #bugcrowd medium.com/@anonanoon9/rss-v…

Day 14/100 - Learning Web Application Security. Today I solved this lab on portswigger academy. Lab: User ID controlled by request parameter, with unpredictable user IDs. We move 🎉 #100DaysOfCyberSecurity #WebApplicationSecurity @ireteeh @ce3nerd @WebSecAcademy

controls. This taught me an important lesson: Never trust the frontend. Always test how the server reacts. Every parameter is a potential entry point. Slowly, I'm learning to see applications like an attacker. #100DaysOfCyberSecurity #WebApplicationSecurity. @4osp3l @ireteeh

Me and this Access Control. Someone must give up. But obviously not me. Solved this lab on portswigger. Lab: Unprotected admin functionality with unpredictable URL. we move! Consistency is the key 🔐 #WebApplicationSecurity. @ireteeh @4osp3l

Came earlier than thought, so I was able to set up my labs completely.... let's go 🥳 Hacking is fun, hacking is interesting. #WebApplicationSecurity @ireteeh @ce3nerd @cyb3rshi3ld

❓ Who’s tested your web application more recently? You or hackers? Public-facing applications are probed constantly. If yours hasn’t been professionally tested, vulnerabilities may already be known. 👉 See what attackers look for: altiusit.com/auditwebapp.htm #WebApplicationSecurity

Not sure what to expect from the London OWASP Training Days? 👀 Here’s a quick overview of Fabio Cerullo’s Web Application Security Essentials training, for one more reason to join us 📆 youtube.com/watch?v=6ZH6gWIo… #appsec #owasp #training #opensource #webapplicationsecurity

Just wrapped up “Complete Guide to Application Security” by Jerod Brennen. Solid end-to-end coverage of modern AppSec, from OWASP fundamentals to real-world security mindset and risk-driven testing. Big takeaway: AppSec isn’t about tools, it’s about design decisions, threat modeling, and understanding how systems fail in production. This course reinforced how security must be baked in early, not bolted on later. If you’re serious about web application security and building defensible systems, this is worth the time. linkedin.com/posts/gabrielod… #owasp #applicationsecurity #webapplicationsecurity

Day 2/90 days Today i worked on IDOR and ACCESS Control issues on Portswigger and also read some writeups on them. This is the #1 web vulnerability in the world right now and has been scalling for more than 5 years. According to the OWASP 2021 and 2025.. Broken Access Control (BAC) tends to be the issues of most web vulnerabilities and I wonder why that is ! It was said that most security testers and Researchers has chosen this very vulnerability to the #1 OWASP in all of web application security, and who knows maybe in web3. This particular vulnerability should be a vulnerability of a particular concern. A wise man once said IDOR is every where, you just have to find it. This actually seems to be the case as majority of Pentesters and Security Researchers has found this very vulnerability over and over again. Kindly Note IDOR IS NOT ACCESS CONTROL. Similar in meaning but very distinct in nature. #AppSec #CyberSecurity #90daysAppSecChallenge #WebApplicationSecurity

Fortinet FortiWeb zero day lets attackers take admin control via the interface. Update to 8.0.2 and keep the interface off the internet. #cybersecurity #infosec #Fortinet #FortiWeb #zeroday #vulnerability #securityalert #patchnow #webapplicationsecurity #enterprisesecurity

A suspected Fortinet FortiWeb zero-day is actively exploited, researchers warn - helpnetsecurity.com/2025/11/… - @Fortinet @rapid7 @watchtowrcyber @DefusedCyber #PoC #Vulnerability #WebApplicationSecurity #Cybersecurity #CybersecurityNews

Today's suggestion: "OWASP Top 10 Adds A03:2025: Software Supply Chain Failures" ❗️💁🏻‍♀️ Credit: @EndorLabs 🌟🙌🏻 Link: api.cyfluencer.com/s/owasp-t… 🔗 #cybersecurity #infosec #OWASP #Top10 #webapplicationsecurity #appsec #applicationsecurity #webappsec #pentest #pentesting #pentester #happyhacking #supplychain #resourcesharing #article #learningeveryday

In this blog post we will delve into the OWASP Top 10 Web Application Security Vulnerabilities, exploring each security risk in detail read more: reconbee.com/owasp-top-10-we… #owasp #owasptop10 #webapplicationsecurity #webappsecurity #Vulnerability #VulnerabilityScanning

🏆 We’re honored! Fortinet #WebApplicationSecurity has been named a 2025 @Gartner_inc Peer Insights™ Customers’ Choice for #CloudWAAP, earning a 4.8/5 rating and 99% willingness to recommend score! 👉 See why we believe organizations choose Fortinet: ftnt.net/6015AsnPb

Today's suggestion: "Web Application Firewalls (WAFs): A false sense of security?"❗️👩🏻‍💻 Credit: @outpost24 🌟🙌🏻 Link: api.cyfluencer.com/s/web-app… 🔗 #cybersecurity #infosec #appsec #applicationsecurity #WAF #webapplicationsecurity #resourcesharing #article #learningeveryday

Bypass 403 With Origin Header #WebApplicationSecurity

🚨 New Writeup Alert! 🚨 " $10,000 Google Bug Bounty: How a Deserialization RCE in AppSheet Could Have Led to Remote Code…" by Yeswehack is now live on IW! Check it out here: infosecwriteups.com/955b0a2e… #bugbountyhunting #adityasunny06 #remotecodeexecution #securityexploitanalysis #webapplicationsecurity

🛡️ When Sophisticated Scrapers Meet Advanced Security: A Real-World Battle Yesterday, our anti-scraping middleware caught 20 malicious IPs attempting various bypass techniques on our platform. Here's what we learned about modern web security threats: The Initial Challenge: Despite having basic anti-scraping protection, we noticed suspicious activities slipping through: ✔️ NULL user agent attacks targeting database vulnerabilities ✔️ Direct IP access to bypass domain-based blocking ✔️ URL injection attempts from known malicious domains ✔️ Coordinated attacks from bot networks The Security Enhancement: We completely redesigned our middleware with multi-layered detection: ✔️ Advanced pattern recognition for evasion attempts ✔️ Real-time behavioral analysis of request patterns ✔️ Multi-vector blocking (user agents, referrers, URLs, headers) ✔️ Progressive penalties instead of binary blocking The Results: Our enhanced algorithm now catches sophisticated bypass attempts that traditional security misses. Every attack vector is now monitored and blocked in real-time. For Fellow Developers: Security isn't just a checkbox—it's an ongoing battle requiring the same attention you give to business logic. Modern attackers use sophisticated techniques that basic security measures simply can't handle. Speaking of Security & Opportunities: Developers: Your completed projects could be your next income stream You've built amazing web applications throughout your career. What if each one could generate $300-800 in ongoing sales? ScriptVil is a new marketplace where developers package and sell their existing projects. Instead of building once and moving on, you can monetize your solutions repeatedly. Perfect timing for early adopters: ✔️ Zero platform fees until October 31st (keep 100% of sales) ✔️ Permanent advantages in visibility and commission rates ✔️ Growing community of developers and buyers ✔️ Enhanced security infrastructure protecting your listings Simple process: ✔️ Select your strongest project ✔️ Add documentation and guides ✔️ Upload to ScriptVil.com ✔️ Start earning passive income Want to Help Our Community? We're also looking for experienced developers to volunteer as helpdesk responders—help fellow developers in real-time through our chat system while building valuable connections. Your code should be working as hard as you do. Ready to turn existing work into revenue? Check out ScriptVil.com ♻️ Repost this so web developers can be more security conscious #WebSecurity #AntiScraping #DeveloperSecurity #CyberSecurity #WebDevelopment #PassiveIncome #SideHustle #DeveloperCommunity #ScriptVil #TechSecurity #WebApplicationSecurity #DeveloperTools #SecurityFirst #CodeMonetization #FreelanceDeveloper #SoftwareSecurity #WebDev #TechStartup #DeveloperMarketplace #SecurityEngineering

In this blog post we will delve into the OWASP Top 10 Web Application Security Vulnerabilities, exploring each security risk in detail read more: reconbee.com/owasp-top-10-we… #OWASP #OWASPtop10 #webapplicationsecurity #webapplication #vulnerabilities #vulnerability #websecurity