Miller : un outil Open Source pour le traitement de données en ligne de commande. Il permet de manipuler des fichiers CSV, TSV et JSON avec des opérations telles que awk, sed, cut, join et sort. -> Projet : github.com/johnkerl/miller -> Documentation : miller.readthedocs.io/en/6.12.0/

I saw that some people have validated the lab. Based on the description, I have performed CSRF attacks using all the exposed features, but the lab does not validate. Can anyone tell me the real condition to validate this lab? Web Security Academy Gareth Heyes \u2028 Burp Suite

Articles worth reading discovered last week: 🗞 blog.kulkan.com/gitxray-a-secu… 🗞 arxiv.org/pdf/2408.02153 🗞 portswigger.net/research/split… 🗞 portswigger.net/research/liste… #PentesterLabWeekly And as always, it's in our Blog: pentesterlab.com/blog/research-…

Don't miss our upcoming cohorts if you want to learn Web Security Code Review! One of our recent review! "I wanted to say thank you to Louis for his wonderful course, which opened up a new perspective on code review and the profession in general. Thanks to the author for the

Another Blog Post on Security Code Review: "Spotting Discrepancies in Security Code Reviews" pentesterlab.com/blog/spotting-…

Je découvre que maintenant que git à un rendu web directement dans le binaire ! git-scm.com/docs/git-insta…

New article: "The difference between good and bad code reviewers" pentesterlab.com/blog/differenc…

Articles worth reading discovered last week: 🗞 blog.trailofbits.com/2024/08/15/we-… 🗞 adepts.of0x.cc/CSS-History-LE… 🎥 youtube.com/watch?v=ydg95R… 🗞 pathonproject.com/zb/?d96604f2a8… #PentesterLabWeekly And it is also available in our blog: pentesterlab.com/blog/research-…

We just published 3 new challenges in our Java Code Review Badge: pentesterlab.com/badges/jcr #codereview #Java

We just published the final labs for our Java Code Review Badge! pentesterlab.com/badges/jcr

📡 OWASP Secure Headers Project: Header, disclosing the presence and version of Joomla, added. #appsec #appsecurity #http 📖 owasp.org/www-project-se…

New stickers?

No one will remember: - how busy you were - how big your salary was - how many hours you worked They will remember: - CVE-2014-0160 - CVE-2014-6271 - CVE-2021-44228

One of the reviews for our Web Security Code Review Training: "Louis from PentesterLab is running an outstanding code review training program that you won’t find anywhere else. It’s a brilliant resource for newcomers, offering content that’s hard to come by online. The training

What programming language should we pick for our next Code Review Badge?

I'm going to Hexacon! If you want to catch up and grab some PentesterLab swag, hit me up!

My favorite OSS tools to automate as part of a DevSecOps workflow * Semgrep for SAST * Checkov for IaC SAST * Syft, Grype for SBOM generation and SCA scans * Zap and Nuclei for DAST * Gitleaks for secret scanning * MobSF Mobile Security Code Scanning * Steampipe - Cloud Queries

Pour des raisons de robustesse, il est fortement recommandé d'avoir plusieurs serveurs faisant autorité pour une zone #DNS. Si on est une petite organisation, avec peu de moyens, on en trouve où ? bortzmeyer.org/dns-secondaire…

Articles worth reading discovered last week: 🗞 blog.redteam-pentesting.de/2024/moodle-rc… 🗞 embracethered.com/blog/posts/202… 🗞 blog.cryptographyengineering.com/2024/08/25/tel… encrypted-messaging-app/ 🗞 pathonproject.com/zb/?487a383bba… And as always it is also available in our blog: pentesterlab.com/blog/research-…