halil deniz2h ago

What is Web Security and Web Penetration Testing Tools

In this article, I cover essential web penetration testing tools and how they fit into different stages of the assessment process.
https://denizhalil.com/2024/12/19/web-penetration-testing-tools/

#CyberSecurity #WebSecurity #Pentesting #BurpSuite #Nmap #SQLMap #BugBounty #RedTeam #InfoSec #EthicalHacking #SecurityTools #DenizHalil

leHACK17h ago

๐Ÿ‡ฌ๐Ÿ‡ง
YesWeHack joins leHACK 2026 as a Diamond sponsor. Bug bounty, Autonomous Pentest, Continuous Pentesting, exposure management. Powered by 135,000+ ethical hackers. EU-hosted, ISO 27001 certified.

โ€”โ€”โ€”

๐Ÿ‡ซ๐Ÿ‡ท
YesWeHack est sponsor Diamond de leHACK 2026. Bug bounty, Autonomous Pentest, Continuous Pentesting, gestion de l'exposition. Plus de 135 000 hackers รฉthiques. Infrastructure EU, certifiรฉe ISO 27001.
#leHACK #BugBounty #EthicalHacking

โ  โ ต avuko1d ago

Three main takeaways:

  • triage was always the friction point (Iโ€™d argue it is the first friction point. Fixing it is the second one)

  • Welcome to the #vulnslopalypse (yes, still using this hashtag :P)

  • People matter. Always will.

    • https://clawd.it/posts/14-to-kara-alex-and-michiel-your-researchers-are-leaving/

    #infosec #cyberSecurity #bugbounty

    To Kara, Alex, and Michiel โ€” Your Researchers Are Leaving

    Bug bounty platforms never humanized researchers or triage. Now theyโ€™re drowning in AI slop and wondering why their best people are leaving.

    clawd.it
    AmmarSpaces1d ago

    https://clawd.it/posts/14-to-kara-alex-and-michiel-your-researchers-are-leaving/

    The downfall of bug bounty platform?

    #cybersecurity #infosec #bugbounty

    To Kara, Alex, and Michiel โ€” Your Researchers Are Leaving

    Bug bounty platforms never humanized researchers or triage. Now theyโ€™re drowning in AI slop and wondering why their best people are leaving.

    clawd.it
    Kevin Riggle2d ago

    "Members of the #cybersecurity community who otherwise did not have a favorable perception of Uber were publicly coming to our defense." Melanie Ensign @Wednesday on an unexpected twist in a holiday #bugbounty dispute. #incidentmanagement #CriticalPointWarStories

    https://youtu.be/8Ltyei5e1UI

    Bug Bounty, Incident Management - Melanie Ensign - They Called Her Christmas Day - w/ Kevin Riggle

    YouTube
    AI_BEAR_NEWS3d ago

    ๐Ÿค– LIA: i bug bounty diventano una guerra

    Gli agenti IA trovano 3x piu vulnerabilita. Google potrebbe pagare 10x di piu in bounty.
    Ma anche i cattivi usano lIA. Curl ha chiuso il programma. Linus: Linux e ingestibile.

    Fonte: Wired

    Segui per il prossimo

    #IA #Cybersecurity #BugBounty ๐Ÿ”’ ๐Ÿ› โš”๏ธ

    Kevin Riggle3d ago

    When a tech reporter calls on Christmas Day, you know it's not for caroling. Melanie Ensign @Wednesday shares how Uber's well-run #bugbounty program saved the day (and the holiday). #incidentresponse #infosec #CriticalPointWarStories

    https://youtu.be/8Ltyei5e1UI

    Bug Bounty, Incident Management - Melanie Ensign - They Called Her Christmas Day - w/ Kevin Riggle

    YouTube
    sayzard4d ago

    I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty

    ํ•œ ๋ณด์•ˆ ์—ฐ๊ตฌ์›์ด AWS HTTP API์˜ ๊ฒฝ๋กœ ๋งค์นญ ์ทจ์•ฝ์ ์„ ๋ฐœ๊ฒฌํ•ด, ๊ฒฝ๋กœ ๋์— ์Šฌ๋ž˜์‹œ๋ฅผ ๋ถ™์ด๋Š” ๊ฒƒ๋งŒ์œผ๋กœ ์ธ์ฆ์„ ์šฐํšŒํ•ด ๋ฏผ๊ฐํ•œ API ๋ฐ์ดํ„ฐ์— ์ ‘๊ทผํ•˜๊ณ  ์†ก๊ธˆ ๊ธฐ๋Šฅ์„ ์•…์šฉํ•  ์ˆ˜ ์žˆ์Œ์„ ์ฆ๋ช…ํ–ˆ๋‹ค. ์ด ๋ฌธ์ œ๋Š” HTTP API์˜ ํƒ์š•์  ๊ฒฝ๋กœ ๋งค์นญ๊ณผ ์ธ์ฆ ์ปจํ…์ŠคํŠธ๊ฐ€ ๊ฒฝ๋กœ ์žฌ์ž‘์„ฑ ๊ณผ์ •์—์„œ ์†์‹ค๋˜๋Š” ์„ค๊ณ„ ๊ฒฐํ•จ์—์„œ ๋น„๋กฏ๋˜์—ˆ์œผ๋ฉฐ, ํ”ผํ•ด ๊ธฐ์—…์€ REST API๋กœ ์ „ํ™˜ํ•˜๊ณ  Lambda ํ•จ์ˆ˜์—์„œ ์‚ฌ์šฉ์ž ๊ฒ€์ฆ์„ ๊ฐ•ํ™”ํ•ด ์ฆ‰์‹œ ๋Œ€์‘ํ–ˆ๋‹ค. ์—ฐ๊ตฌ์›์€ ์ด ์ทจ์•ฝ์ ์œผ๋กœ 1๋งŒ 2์ฒœ ๋‹ฌ๋Ÿฌ์˜ ๋ฒ„๊ทธ ๋ฐ”์šดํ‹ฐ๋ฅผ ๋ฐ›์•˜๋‹ค.

    https://guptalog.free.nf/2026/04/10/i-bypassed-aws-api-gateway-auth-with-a-trailing-slash-got-12k-bounty/

    #aws #api #security #authentication #bugbounty

    sayzard4d ago

    I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty

    ํ•œ ๋ณด์•ˆ ์—ฐ๊ตฌ์›์ด AWS HTTP API Gateway์˜ ๊ฒฝ๋กœ ๋งค์นญ ์ทจ์•ฝ์ ์„ ๋ฐœ๊ฒฌํ•ด JWT ์ธ์ฆ์„ ์šฐํšŒํ•˜๊ณ  ๊ณ„์ขŒ ์ •๋ณด ๋ฐ ์†ก๊ธˆ ๊ธฐ๋Šฅ์— ๋ฌด๋‹จ ์ ‘๊ทผํ•  ์ˆ˜ ์žˆ์Œ์„ ์ฆ๋ช…ํ–ˆ๋‹ค. ๋ฌธ์ œ๋Š” HTTP API์˜ ํƒ์š•์  ๊ฒฝ๋กœ ๋งค์นญ๊ณผ ๊ฒฝ๋กœ ์žฌ์ž‘์„ฑ ๊ณผ์ •์—์„œ ์ธ์ฆ ์ปจํ…์ŠคํŠธ๊ฐ€ ์†์‹ค๋˜์–ด ๋ฐœ์ƒํ–ˆ์œผ๋ฉฐ, ํ•ด๋‹น ํ•€ํ…Œํฌ ์—…์ฒด๋Š” REST API๋กœ ์ „ํ™˜ํ•˜๊ณ  Lambda ํ•จ์ˆ˜ ๋‚ด์—์„œ ์‚ฌ์šฉ์ž ๊ฒ€์ฆ์„ ๊ฐ•ํ™”ํ•ด ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ–ˆ๋‹ค. ์ด ์ทจ์•ฝ์ ์œผ๋กœ ์—ฐ๊ตฌ์›์€ 12,000๋‹ฌ๋Ÿฌ์˜ ๋ฒ„๊ทธ ๋ฐ”์šดํ‹ฐ๋ฅผ ๋ฐ›์•˜๋‹ค.

    https://theguptalog.blogspot.com/2026/04/i-bypassed-aws-api-gateway-auth-with.html

    #aws #api #security #authentication #bugbounty

    I bypassed AWS API Gateway auth with a trailing slash. Got $12K bounty.

    I was poking at a fintechโ€™s mobile API and noticed something that made no sense. GET /v1/accounts returned 401. GET /v1/accounts/ returned...

    Sam Stepanyan  ๐Ÿ˜4d ago
    $148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
    #CloudSecurity #BugBountyTips
    ๐Ÿ‘‡
    https://brutecat.com/articles/google-cloud-rce/
    StubZero: $148,337 RCE in Google Cloud Production

    A chance Discord message, two missing pieces, and one hour before the window closed: From info leak to RCE on Google Cloud. Three months later, it happened again.