As part of our CVE monitoring, we came across GHSA-pcq9-mq6m-mvmp (CVE-2025-68402), an authentication bypass in FreshRSS, a self-hosted RSS aggregator. It ...
I recently gave a workshop at OWASP Bay Area and presented a fresh slide deck. My main goal was to explain ...
h5::after { display:none !important; } .tag-color { background-color: #448AB1; } h7 { font-family: SFMono-Regular, Menlo, Monaco, Consolas, "Liberation Mono", "Courier New", ...
When talking with security folks about the benefits of running an internal Capture the Flag (CTF) event or signing developers up ...
I often get asked about pentesting and code review methodologies. It seems like people are hoping for a secret sauce that ...
We recently released a lab on MongoDB IDOR and how to guess ObjectIds. Basically, you need to find the ObjectId of ...
A lot of people, when testing for security issues, jump right into "full exploitation" mode. They might flip multiple parameters in ...
With the new version of the famous OWASP Top 10 on the horizon, it’s a great time to talk about its ...
In a world where software vulnerabilities and data breaches dominate headlines, application security has become a top priority. Yet achieving consistent, ...