@securitybits profile picture
David Johansson @securitybits

Working with software security, playing with security software.

Joined April 2012
  • Tweets 98
  • Following 66
  • Followers 181
17 Photos and videos
Workaround for "Audit selected items" (does not work when crawl is used): hide out of scope items in the site map filter before initiating the scan and they will be excluded ("Consolidate items..." also has an option to check and verify this).
Mastering Burp Suite Pro @MasteringBurp
29 Dec 2020
⚠️In v2's Scanner, items excluded from the Suite scope may be crawled/scanned nonetheless ⚠️ forum.portswigger.net/thread…
1
4
First day of attending Burp Pro training with @Agarri_FR was great and nice to see @CryptoGangsta getting some credits for his blog in the course too, really looking forward to the rest of this class!
1
2
10
Apart from being able to extract the content, #Chrome also sends the full file path when viewing a local PDF, but #Acrobat doesn't do the same. Looks like Chrome always truncates the last character of the file path, incorrectly assuming it's a trailing NULL value.
PortSwigger Research @PortSwiggerRes
10 Dec 2020
Portable Data exFiltration: XSS for PDFs by @garethheyes #BHEU portswigger.net/research/por…
1
3
I was looking for an example of RFD to demonstrate on when I realized that @PortSwigger labs provides what I need: portswigger-labs.net/xss/con… Interesting side note: Chrome in Android associates the download with the current page before link is visited, not the download server.
1
2
Playing around with HTTP request smuggling at @WebSecAcademy tonight after work to confirm that it's trivial to abuse both CL.TE and TE.CL for denial of service attacks, below is a simple page load taking several minutes. Perhaps this is well-known already?
1
2
6
@albinowax - what are the connection pool settings in the lab environment? Trying to figure out if this impact is just due to special circumstances or something that could potentially be abused to take down any system vulnerable to request smuggling.
1
1
Had a great evening with the speakers' dinner at @swisscyberstorm, looking forward to the conference tomorrow and what promises to be a great day of security talks! It's a pleasure to be invited to present at this event.
1
6
I finally crossed the finish line in 4:06:15... Thanks everyone for the support along the way, fantastic experience!
5
3
22
My daughter was there to cheer me on at the 25km mark, now she got inspired and told me she wants to start training for a marathon when she grows up. :)
0:22
2
5
Soon on the start line for London Marathon!
1
12
Will try to run my first marathon in 2 weeks, as part of the challenge I've decided to contribute to a few charities. Here's the link if you want to help out too: uk.virginmoneygiving.com/Dav…
3
Great to see @LewisArdern getting a speaker slot, you should definitely go listen if you are there!
Lewis Ardern @LewisArdern
29 Mar 2019
Turns out I can write a worthy proposal! I'll see you all at Global @owasp in Tel Aviv 😁 globalappsectelaviv2019.sche… crazy to see my name along-side many awesome people @shehackspurple @cktricky @sethlaw @Fe3Mike @kkotowicz @mvsamuel Et al
3
9
David Johansson retweeted
Tonimir Kisasondi @kisasondi
1 Mar 2019
OWASP ASVS 4.0 is released today: owasp.org/index.php/Category… One of the biggest ASVS updates up to date. Amazing work by @vanderaj @JoshCGrossman @manicode @dcuthbert @securitybits and a lot of others contributing, raising issues and reviewing.
17
23
Looking forward to this webinar by my colleague @_amanvir, should be interesting!
Follow @BlackDuck_SW @SW_integrity
15 Feb 2019
Don’t miss our Feb. 20 webinar with @_amanvir, “Building a Culture of Secure Programming in Your Organisation.” #ApplicationSecurity #SDLC #SoftwareSecurity snps.online/BfhYS3
1
5
Thinking back on the five years since I moved to London to work for Cigital (now @synopsys), I feel very lucky to be involved in a lot of interesting projects. Among other things, I've delivered 70 security trainings and probably reached 1000 developers around the world.
1
14
Thanks to @pacohope who brought me along to shadow him delivering training on one of my first days!
2
3
David Johansson retweeted
Lewis Ardern @LewisArdern
8 Feb 2019
My talk Reviewing Modern JavaScript Applications at @OWASPBayArea is online slideshare.net/mobile/LewisA… it feats @zemnmez @LiveOverflow @garethheyes

4
36
94
David Johansson retweeted
Lewis Ardern @LewisArdern
7 Feb 2019
Looking forward to speaking tomorrow at @OWASPBayArea on Reviewing Modern JavaScript Applications! Can't wait to meet some of the @owasp community in the Bay Area ☺️ meetup.com/Bay-Area-OWASP/ev…
2
6
Great event at Facebook tonight by @OWASPLondon with my colleague @_amanvir delivering a talk about React security!
3
4
15
Load more