Sr. Information Security Engineer | CSPM, CWPP, Vulnerability Management, & SOC | Founding Member @hih_community, Ex. AWS Community
Dec 4, 2021 β’ 7 tweets β’ 2 min read
Web Applications can be complex in nature, and it's not always possible for developers to prevent vulnerabilities such as XSS.
In this thread ππ§΅,
Learn how they try to prevent XSS, and in #bugbounty it's better to know the defense.
Credits: @saferinternetpr #infosec1) Filtering User Input: When a user inputs data into the website, the developers want it to be filtered as strictly as possible while still getting the same output as if there was no filter.
Nov 26, 2021 β’ 7 tweets β’ 2 min read
Shodan detects devices that are connected to the internet at any given time, the location of those devices and their current users.
It's a thread π§΅π
You can search, hack and even get a bounty if lucky enough with @shodanhq #infosec1) To find vulnerable Databases:
Nov 15, 2021 β’ 9 tweets β’ 3 min read
Networking is a massive topic, but when starting into cyber security; you have to know the commonly used methods to uncover the potential areas of interest as an attacker you can leverage.
It's a thread 𧡠π #infosec1. The OSI Model: can be seen as a universal language for computer networking. Itβs based on the concept of splitting up a communication system into seven abstract layers, each one stacked upon the last.
Read more: bit.ly/3DkBEZs
Nov 11, 2021 β’ 10 tweets β’ 4 min read
9 OSINT Tools, you might have come across.
Read about them below, it's a thread π.
Let me know if I missed an awesome OSINT Tool. #OSINT#infosec1. Maltego: Specializes in uncovering relationships among ppl, companies, domains, and publicly accessible information on the internet. Itβs also known for taking the sometimes enormous amount of discovered info and plotting it all out in easy-2-read charts and graphs. #maltego