GHSA-R6WW-5963-7R95 Denial of Service via reachable assertion

A grpc-swift server is vulnerable to a denial of service attack via a reachable assertion. This was due to incorrect logic when handling GOAWAY frames. The attack is low-effort: it takes very little resources to construct and send the required sequence of frames. The impact on availability is hig...

Cross site scripting

Kiwi TCMS is an open source test management system for both manual and automated testing. Kiwi TCMS allows users to upload attachments to test plans, test cases, etc. Earlier versions of Kiwi TCMS had introduced upload validators in order to prevent potentially dangerous files from being uploaded...

Node.js March 17th Infrastructure Incident Post-mortem

Node.js March 17th Infrastructure Incident Post-mortem By Matt Cowley, Claudio Wunder, Mar 23, 2023 The Incident Starting on March 15th and going through to March 17th with much of the issue being mitigated on the 16th, users were receiving intermittent 404 responses when trying to download Node....

REST-Attacker - Designed As A Proof-Of-Concept For The Feasibility Of Testing Generic Real-World REST Implementations

REST-Attacker is an automated penetration testing framework for APIs following the REST architecture style. The tool's focus is on streamlining the analysis of generic REST API implementations by completely automating the testing process - including test generation, access control handling, and...

app.getxray:xray-testng-extensions (>=0.1.0 <=0.2.0-beta), com.actiontestscript:ats-automated-testing (>=2.3.6 <=2.5.8) +143 more potentially affected by CVE-2022-4065 via org.testng:testng (>=7.6.0 <=7.6.1)

org.testng:testng MAVEN version =7.6.0, =0.1.0, =2.3.6, =2.4.13, =0.33.0, =1.3, =0.0.2, =0.0.2, =0.0.2, =3.0.0, =2.7.0, =2.8.1 and more Source cves: CVE-2022-4065 Source advisory: OSV:GHSA-RC2Q-X9MF-W3VF...

Explained: Fuzzing for security

Fuzzing, or fuzz testing, is defined as an automated software testing method that uses a wide range of invalid and unexpected data as input to find flaws in the software undergoing the test. The flaws do not necessarily have to be security vulnerabilities. Fuzzing can also bring other undesirable...

GraphCrawler - GraphQL Automated Security Testing Toolkit

Graph Crawler is the most powerful automated testing toolkit for any GraphQL endpoint. NEW: Can search for endpoints for you using Escape Technology's powerful Graphinder tool. Just point it towards a domain and add the '-e' option and Graphinder will do subdomain enumeration + search popular...

Finding Vulnerabilities in Open Source Projects

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open source projects: The "Alpha" side will emphasize vulnerability testing by hand in the most popular...

Command Execution Vulnerability in Metersphere

MeterSphere is a one-stop open source continuous testing platform, covering test tracking, interface testing, performance testing, team collaboration and other functions, compatible with JMeter and other open source standards, effectively helping development and testing teams to make full use of...

How using the purple team approach helps in addressing cybercrime

By Waqas Automated purple teaming is one of the best ways to address cybercrime as it does not only test for the deficiencies in existing security controls. This is a post from HackRead.com Read the original post: How using the purple team approach helps in addressing cybercrime...

[SECURITY] Fedora 34 Update: os-autoinst-4.6-35.20210326git24ec8f9.fc34

The OS-autoinst project aims at providing a means to run fully automated tests. Especially to run tests of basic and low-level operating system components such as bootloader, kernel, installer and upgrade, which can not easily and safely be tested with other automated testing frameworks. However,...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, referred to as 'Vulhub'. It is an offensive tool for web application security testing and education. The primary vulnerability class/vector targeted by this collection is not explicitly stated, but it likely...

SQL Injection Vulnerability in EasyTest Platform

EasyTest is an automated testing platform developed by an individual. The EasyTest platform suffers from a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 August 2020...

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 August 2020...

Code injection

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 August 2020...

CVE-2020-25064

Technical details (affected products, vulnerable component, root cause, exploit information) are not provided in the connected documents. Monitor for updates from LG/Security advisories.

CVE-2020-25064

An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 August 2020...

Secure and Integrate Your Azure DevOps CI/CD Pipeline

Explore experiments from Chuck Losh, Solution Architect, to explore how Application Security can help protect your applications at runtime as they are built, and integrate with your automated Azure DevOps CI/CD pipeline with automated testing...

[SECURITY] Fedora 30 Update: os-autoinst-4.5-19.20190706gitc3d5e8a.fc30

The OS-autoinst project aims at providing a means to run fully automated tests. Especially to run tests of basic and low-level operating system components such as bootloader, kernel, installer and upgrade, which can not easily and safely be tested with other automated testing frameworks. However,...