What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...

PassMute - PassMute - A Multi Featured Password Transmutation/Mutator Tool

This is a command-line tool written in Python that applies one or more transmutation rules to a given password or a list of passwords read from one or more files. The tool can be used to generate transformed passwords for security testing or research purposes. Also, while you doing pentesting it...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

Project Name CVE-2021-22555 attack script Description Th...

Bearer - Code Security Scanning Tool (SAST) That Discover, Filter And Prioritize Security Risks And Vulnerabilities Leading To Sensitive Data Exposures (PII, PHI, PD)

Discover, filter, and prioritize security risks and vulnerabilities impacting your code. Bearer is a static application security testing SAST tool that scans your source code and analyzes your data flows to discover, filter and prioritize security risks and vulnerabilities leading to sensitive da...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2023-21839 Due to special requirements, the GO version of...

Exploit for CVE-2022-30190

FOLLINA-CVE-2022-30190 Implementation of FOLLINA-CVE-2022-3019...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2023-21839 Using this project to attack or test target...

Regular Pen Testing Is Key to Resolving Conflict Between SecOps and DevOps

In an ideal world, security and development teams would be working together in perfect harmony. But we live in a world of competing priorities, where DevOps and security departments often butt heads with each other. Agility and security are often at odds with each other— if a new feature is...

JSA10400 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - SSL-VPN Security Bundle - Admin Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Issue in archiving web page - Dig parameter injection issue in...

JSA10490 - 2011-09 Security Bulletin: Pulse Connect Secure (PCS): Cross Site Scripting Issues

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Cross Site Scripting vulnerabilities found and fixed through a combination of internal and external proactive security testing: - Cross Site Scripting issue found in Secure Meeting web...

JSA10414 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) - Security Bundle - Admin Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Admin vulnerability found and fixed through a combination of internal and external proactive security testing: - When an admin uses certain sub-menus within the console, a timeout is...

JSA10413 - Pulse Connect Secure (PCS) and Pulse Policy Secure (PPS) products - Security Bundle - Authentication & Authorization Issue

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Authentication & Authorization vulnerability found and fixed through a combination of internal and external proactive security testing: - When using NTLMv1 or NTLMv2 authentication...

JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...

vulhub

This is a collection of vulnerable web applications and tools for testing and learning about web application security. The repository contains a variety of applications, including CouchDB, FFmpeg, Git, and Jenkins, each with its own set of vulnerabilities. The applications are designed to be used...

UBUNTU-CVE-2022-4206

A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report...

Metasploit Framework 6.3 Released

The Metasploit team is pleased to announce the release of Metasploit Framework 6.3, which adds native support for Kerberos authentication, incorporates new modules to conduct a wide range of Active Directory attacks, and simplifies complex workflows to support faster and more intuitive security...

Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing

Is there a defined ecosystem, similar to what we encountered with the Internet of Things IoT, that can be charted out as it relates to smart city technology and its security implications? While evaluating IoT I struggled with defining what IoT is. I found that there were varying definitions out...

Exploit for SQL Injection in Zabbix

This repository is an open-source collection of vulnerable web applications and tools for security testing and education, maintained by phith0n. It is an offensive tool for web application security testing. The primary vulnerability targeted by this repository is not explicitly stated, but it...

GSD-2022-1007261 firmware: google: Test spinlock on panic path to avoid lockups

firmware: google: Test spinlock on panic path to avoid lockups This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.150 by commit...