Discover and read the best of Twitter Threads about #appsec

Most recents (24)

Are you planning to become a Cloud Security Architecture?

But not sure what skills you need to become the one?

Then this ๐Ÿงตis for you ๐Ÿ‘‡

#cloudsecurity #aws #awssecurity #appsec #infosec
1 /

Understand how components work:

For starters, you need to have an intuitive understanding of how common security protocols and components work. Things like firewalls, network access, intrusion detection systems, etc.
2 /

Work with various operating systems:

You need to be aware of how operating systems like Windows, Linux, and macOS employ security.
Read 8 tweets
โ–ถ๏ธ Secure API Lifecycle

[A Thread ๐Ÿงต] ๐Ÿ‘‡

#cybersecurity #infosec #appsec #Pentesting
1/- Design

Strong API security starts at the design stage to ensure that full consideration of Authentication and authorization and Data privacy requirements, minimize attack surfaces and threat modeling activity ensures all attack surfaces are understood before implementation.
2/- Build

The construction of API back-ends is a critical factor in ensuring API security. For each of the respective frameworks (i.e., Spring Boot, ASPNET Core, etc.), developers should consult the specific security recommendations.
Read 7 tweets
Application Security is one of the top skills that every tech firm is aggressively looking for ๐Ÿš€

If you are a person who wants to make a great career in AppSec, this thread is for you ๐Ÿ‘‡

๐Ÿงต

#applicationsecurity #infosec #cloudsec #azure #aws
Five ways you could teach yourself Application Security

1 / 5
Five ways you could teach yourself Application Security

2 / 5
Read 8 tweets
๐—”๐˜๐˜๐—ฎ๐—ฐ๐—ธ๐—ถ๐—ป๐—ด ๐Ÿฎ๐—™๐—”๐Ÿ“ฒ ๐—ถ๐—ป ๐— ๐—ผ๐—ฑ๐—ฒ๐—ฟ๐—ป ๐—ช๐—ฒ๐—ฏ ๐—”๐—ฝ๐—ฝ๐˜€

9 Different Techniques to Bypass 2FA in WebApps.

[A Thread ๐Ÿงต]

#bugbounty #bugbountytips #cybersecurity #AppSec
๐–๐ก๐š๐ญ ๐ข๐ฌ ๐Ÿ๐…๐€ ?

2FA is a security process in which users provide two different authentication factors to verify themselves. 2FA is implemented to better protect both a userโ€™s credentials and the resources the user can access.
[๐๐ฒ๐ฉ๐š๐ฌ๐ฌ ๐Ÿ] - ๐…๐จ๐ซ๐œ๐ž๐ ๐›๐ซ๐จ๐ฐ๐ฌ๐ข๐ง๐ 

Try accessing different endpoints directly with the available token generated from passing the 1st authentication mechanism.
Read 12 tweets
#SecurityExplained S-61: CWE-787: Out-of-bounds Write

The Out-of-bounds Write is a software security vulnerability that occurs when the data is written beyond the boundaries (i.e. past the end, before the beginning) of the intended buffer.

1/n
2/n
This weakness is also listed in the CWE TOP 25 (2021). This has been given the CWE ID as CWE-787

- This vulnerability could result in buffer overflows, memory corruption, the crash of the software or even a code execution.
3/n
As per the cwe.mitre.org, The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
Read 9 tweets
#SecurityExplained S-60: Introduction to CWE

According to the official description, the CWEโ„ข (Common Weakness Enumeration) is a community-developed list of software and hardware weakness types.

[1/n๐Ÿงต]

#AppSec #infosec #websecurity #cybersecurity #bugbountytips #Pentesting
2/n
It serves as a common language, a measuring stick for security tools, and as a line for weakness identification, mitigation, and prevention efforts. The list includes more than 924 Common Weaknesses in Software & Hardware.
3/n
There are multiple options available to look for a CWE such as:
- By Software Development
- By Hardware Design
- By Research Concepts
- External Mappings such as (CWE TOP 25, OWASP TOP 10, Software Fault Pattern Cluster and more)
Read 8 tweets
#SecurityExplained S-59: Ruby ERB SSTI

Server-Side Template Injection (SSTI) vulnerabilities occur when user-supplied data is inserted into a template and insecurely evaluated as an expression by the template engine.

#appsec #bugbountytips
[1/n ๐Ÿงต]
This may allow an attacker to trick the template engine into evaluating an expression that could allow an attacker to execute system commands or get a shell
To look for template injection vulnerability, it is essential to enumerate and know if the template engine is in use.

2/n
3/n
If the application uses a template engine, the next thing is to know what language-based template injection is used and what all classes and methods are accessible that could be chained together to perform the desired action.
Read 7 tweets
10 different techniques to Find and Bypass Open Redirect Vulnerabilities in Web Application.

[A Thread ๐Ÿงต]

#bugbounty #bugbountytips #cybersecurity #AppSec
[1/n]

๐–๐ก๐š๐ญ ๐ข๐ฌ ๐š๐ง ๐Ž๐ฉ๐ž๐ง ๐‘๐ž๐๐ข๐ซ๐ž๐œ๐ญ ๐•๐ฎ๐ฅ๐ง๐ž๐ซ๐š๐›๐ข๐ฅ๐ข๐ญ๐ฒ?

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way.
[2/n]

๐‚๐จ๐ฆ๐ฆ๐จ๐ง ๐๐ฅ๐š๐œ๐ž๐ฌ ๐ญ๐จ ๐Ÿ๐ข๐ง๐ ๐Ž๐ฉ๐ž๐ง ๐‘๐ž๐๐ซ๐ข๐œ๐ญ๐ข๐จ๐ง:

login
register
logout
change site language
links in emails
Read 12 tweets
#securityexplained S-32: Account Takeover Methodologies

A thread on my Account Takeover Methodologies ๐Ÿงต

[1/n]

#appsec #infosec #webappsec #bugbountytips #bugbounty #hacking #Coding #security #development #securecoding #learn365 #securityexplained
[2/n]
An account takeover usually refers to gaining persistent access to the victim user's account and performing all the authentication actions as a victim would be able to do. The severity of account takeover issues is usually considered between High to Critical.
[3/n]
However, it also depends upon the complexity and likelihood of the attack.
In general, the account takeover is not a "vulnerability class" itself but an impact result of a vulnerability.
Read 27 tweets
#SecurityExplained S-7: My Methodology to Test Premium Features

Premium Features are not widely tested by the crowd due to the involvement of a purchase factor. However, the person who often invests in the premium account is less likely to go disappointed.

(1/n)๐Ÿงต
Below is my methodology to test for the Premium features:

[Without Purchase]
1. Fuzzing the API endpoints to find out the endpoints that are accessible to premium users.

(2/n)
2. Comparing the difference in the freemium vs premium accounts and creating a threat map of functionalities available in the premium account to make sure if it's really worth an investment.

(3/n)
Read 9 tweets
#securityexplained
S-6: Bypassing Biometrics in iOS with Objection

Many applications in iOS platform provides a functionality to enable touch/face ID to act as an added layer of protection to the application. However, it is possible to bypass this layer.

(1/n)
(2/n)
If the attack has "physical access" to the device, there are multiple options to bypass the checks, however, one of the simplest methods is to use "Objection".
Before, performing the attack ensure that the Frida is running. Also, the Objection must be installed.
(3/n)
# How to perform the attack:

1. Run the following command: objection --gadget <package_name_here>
2. In the objection run following command: ios ui biometrics_bypass
Read 6 tweets
8 different techniques to Bypass Rate Limits in Web Applications and API's.

[A Thread ๐Ÿงต]

#bugbounty #bugbountytips #cybersecurity #AppSec
- What is Rate Limit

Rate limiting is a process to limiting the number of request an user can make to a web server in an span of time. This can be achieved by implementing IP based, Session Based rate limits on web server.

Bypasses ๐Ÿ‘‡
- Where to Look for Rate Limit Bugs

Place like :
- Login/Signup pages
- Register Pages
- 2FA codes
- Confirmation Codes

and any other request which if bruteforce will allow attacker to achieve anything malicious should be check for "No Rate Limit" issue.

Bypasses ๐Ÿ‘‡
Read 11 tweets
#SecurityExplained S-5: Bypassing Privileges & Other Restrictions with Mass Assignment Attacks.

As per OWASP's definition: Software frameworks sometimes allow developers to automatically bind HTTP request parameters into program code variables or ...

(1/n)
objects to make using that framework easier on developers. Attackers can sometimes use this methodology to create new parameters that the developer never intended which in turn creates or overwrites new variable or objects in program code that was not intended.

(2/n)
(3/n)
There are multiple attacks that can be executed by exploiting this vulnerability such as escalating privileges, bypassing business logic, manipulating payloads and bypassing client-side checks.
Read 10 tweets
#SecurityExplained S-1: Web Testing Methodology

The below thread contains an overview of my pentesting methodology on the web application targets:

1. Initially, before starting with the engagement, I start with "Scoping" .........

(1/n)
(2/n)
where I go through the details shared by the client to understand the scope and see if the testing is feasible as per the given timeline. During this phase, I also check if the application is accessible and credentials (if required) are working properly.
(3/n)
If any of the things from "Step-1" are blocking, I reach out to the concerned person and request to unblock the blocking items.
2. Next, I start browsing the application while letting the traffic flow through Burp Suite to populate the "Target" menu.
Read 15 tweets
๐Ÿ“š tl;dr sec 113

* Log4Shell resources
* @JubbaOnJeans, @yashvi3r Security metrics
* How @netflix scales cloud detections
* @orange_8361 CTF challenges
* @prince_of_pasta Least privilege IAM
* Free @falco_org 101 course
* and more!

tldrsec.com/blog/tldr-sec-โ€ฆ
@JubbaOnJeans @yashvi3r @netflix @orange_8361 @prince_of_pasta @falco_org ๐Ÿ“ข Sponsor: @goteleport Teleport 8 delivers industry best practices for remotely accessing Windows and Linux servers, databases, Kubernetes clusters, and internal web applications via a single secure, highly available endpoint. Learn more goteleport.com/blog/rdp-accesโ€ฆ
@JubbaOnJeans @yashvi3r @netflix @orange_8361 @prince_of_pasta @falco_org @goteleport Boring AppSec: an awesome #AppSec newsletter by JubbaOnJeansNewsletter
boringappsec.substack.com

@mattomata Zero-friction โ€œkeyless signingโ€ with Github Actions
chainguard.dev/posts/2021-12-โ€ฆ

Building Trust in the Software Supply Chain w/ Binary Transparency
binary.transparency.dev
Read 12 tweets
How to Look for "Insecure CORS Configuration" vulnerabilities.

[A thread ๐Ÿงต]

#appsec #bugbounty #bugbountytips #cybersecurity
[2/n]
What is Insecure CORS issue?

An insecure CORS configuration allows any website to trigger requests with user credentials to the target application and read the responses thus enabling attackers to perform privileged actions or to retrieve potential sensitive information
[3/n]

Basic Origin Reflection Test:

Req: Origin: evil[.]com
Res: Access-Control-Allow-Origin: evil[.]com

> In this test case check if your Origin Header is being reflected within the Access-Control-Allow-Origin Header. If yes, this may be a vulnerability.
Read 8 tweets
Are you a CTO, a CISO or an AppSec lead in charge of securing a Software as a Service? ๐Ÿฆ„

Here are 12 macro-projects to enable an application security program. โ˜‚๏ธ

#appsec #bugbounty #cloudsecurity #cybersecurity #devsecops

Read the thread โฌ‡๏ธ https://twitter.com/appsectribe
๐Ÿ€ Manage vulnerabilities and security weaknesses

Centralize every potential vulnerability in a @Jira-like issue tracker. A vulnerability remediation workflow is a typical bug fixing flow but with more status for the #appsec team to triage alerts and verify fixes.
๐Ÿ‘พ Run crowd-sourced security programs

Starting with a Vulnerability Disclosure Policy (VDP). Publish a @securitytxt note to show bug hunters the reliable process to reach the #appsec team and report vulnerabilities and security weaknesses in your assets.
Read 14 tweets
#BurpHacksForBounties - Day 1/30

Turbo intruder: Power of Python with @Burp_Suite Intruder.

I use it to tailor my pen-testing for a specific target and targetted #bugbounty

#infosec #appsec #bugbountytips #bugbountytip #security
How to - ๐Ÿงต๐Ÿ™ƒ๐Ÿ‘‡
1/n
Using: CE so that everyone can explore.
Intruder in CE is limited in multithreading, Turbo-Intruder can overcome that.
- Install through Extender
- Send req to the plugin.
2/n
Once you send req to the plugin, a python editor will open. This will show a couple of existing python scripts to take reference from and to use.
Read 5 tweets
1/8 Now that the poll has closed, I'd like to disclose that I'm with the minority (No) on this one. Rationale summarized in this thread ๐Ÿ‘‡

#pci #training #appsec #swsec

cc: @shehackspurple @bilcorry @robertauger @cigitalgem
2/8 Note: My position is mostly for large enterprises - especially the ones that operate in different sectors/countries (jurisdictions) & thus are subject to multiple compliance mandates & regulations. But, one can philosophically embrace this approach for other enterprises too.
3/8 First up, if you are subject to various compliance regulations and standards, it is best to make sure that your internal security standards account for them all so that you can present a unified set of security requirements to product/engineering. No need to mention "PCI".
Read 8 tweets
#learn365 Day-31: Captcha Bypass Techniques

Captcha is widely adapted by the applications to avoid automated attempts on specific functionality, commonly on the Authentication forms to avoid brute-force attacks.

#bugbountytips #appsec #infosec #Pentesting

(1/n)
(2/n)
However, it is possible to bypass Captcha, and sometimes if the function is critical, it can be paid well in terms of bounties.

1. Missing Server-Sides Validation
- Some apps send Captcha Parameters on the client-side but they do not validate this on the server side.
(3/n)
- Simply, Remove the "Captcha" parameters and see if the request is processed successfully.
- If yes, you can now use this request to perform your brute-force or rate-limiting attempts.
Read 10 tweets
#learn365 Day-30: Common Business Logic Issues (Wrap)

(Cont'd...)
9. Parameter Tampering
- Tamper Payment or Critical Fields to manipulate their values
- Add multiple fields or unexpected fields by abusing HTTP Parameter Pollution & Mass Assignment
#bugbountytips #appsec
(1/n)
(2/n)
- Response Manipulation to bypass certain restrictions such as 2FA Bypass

10. App Implementation Logic Abuse
- If an app accepts JSON data, try changing content type to XML and see if the XML data is being processed, it can be left vulnerable to XXE or XML-based attacks.
(3/n)
- If an application is using the DELETE method to delete a resource but there is no CSRF protection, try converting the method to GET/POST and add an additional parameter like ?method=delete
Read 7 tweets
#learn365 Day-29: Common Business Logic Issues (Part - 2)

(cont'd...)
5. Premium Feature Abuse
- Try forcefully browsing the areas or some particular endpoints which come under premium accounts.

#bugbountytips #AppSec #infosec #pentest

(1/n)
(2/n)
- Pay for a premium feature and cancel your subscription. If you get a refund but the feature is still usable, it's a monetary impact issue.
- Some applications use true-false request/response values to validate if a user is having access to premium features or not.
(3/n)
- Try using Burp's Match & Replace to see if you can replace these values whenever you browse the app & access the premium features.
- Always check cookies or local storage to see if any variable is checking if the user should have access to premium features or not.
Read 8 tweets
How many of you will agree that @PortSwigger @PortSwiggerRes @burpsuite is the best #Web #AppSec #bugbounty Tool available on the internet?

This thread includes some of the best Burp Extensions, which I personally love.

#pentest #security #infosec #bugbounty
Turbo Intruder

Turbo Intruder is a Burp Suite extension for sending large numbers of HTTP requests and analyzing the results.
portswigger.net/bappstore/9abaโ€ฆ

#pentest #security #infosec #bugbounty
Retire.js
This extension integrates Burp with the Retire.js repository to find vulnerable JavaScript libraries.
portswigger.net/bappstore/3623โ€ฆ

#pentest #security #infosec #bugbounty
Read 20 tweets

Related hashtags

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!