Mastodawn

sekurak News Apr 12, 2024

Wprowadzenie do OWASP secureCodeBox

Mam wrażenie, że mało kto słyszał o open-source’owym projekcie secureCodeBox, spod znaku OWASP. W sumie to się nie dziwię, bo ja pierwszy raz usłyszałem o nim kilka miesięcy temu, kiedy aplikowałem na stanowisko związane z obszarem Application Security, które akurat miało w dodatkowych wymaganiach znajomość tego narzędzia. W rezultacie poznałem...

#Teksty #Kubernetes #OWASP #Scb #SecureCodeBox #Tutorial #Wordpress #Wpscan

https://sekurak.pl/wprowadzenie-do-owasp-securecodebox/

Wprowadzenie do OWASP secureCodeBox

Mam wrażenie, że mało kto słyszał o open-source’owym projekcie secureCodeBox, spod znaku OWASP. W sumie to się nie dziwię, bo ja pierwszy raz usłyszałem o nim kilka miesięcy temu, kiedy aplikowałem na stanowisko związane z obszarem Application Security, które akurat miało w dodatkowych wymaganiach znajomość tego narzędzia. W rezultacie poznałem...

Sekurak

Max Maass

Sep 4, 2023

Have you ever wondered how you can use the internal scripting engine of #OWASP #ZAP as part of your #Pentest / #RedTeam workflow?

When I tried using it to perform authenticated scans of an API, I found that there was very little documentation, so my colleague Rebecca and I decided to write up the process in the #secureCodeBox blog, with an example for implementing and configuring the #OIDC / #OAuth Client Credential flow. We also describe how the finished script can be integrated into your #secureCodeBox workflows. Give it a read here: https://www.securecodebox.io/blog/2023/09/01/automate-zap-with-authentication

Automate ZAP with Authentication | secureCodeBox

This post describes how to automate ZAP to authenticate against an API

Max Maass

Nov 10, 2022

Hi, I'm Max 👋. I work as a security specialist for iteratec, a German software company. My focus is on threat modeling, some light pentesting, and secure architectures, but I also love learning about bug bounty techniques, static code analysis, cryptography (the kind without the chains), and other security topics.

As part of my job, I'm also contributing to the OWASP secureCodeBox, an Open Source security scanner orchestration engine maintained by iteratec: https://github.com/securecodebox/securecodebox

I occasionally write about interesting bugs I encounter as part of my work. You can find my long-form writing on my blog: https://blog.maass.xyz/

Before moving to industry, I was a PhD student at @seemoo, where my research focus was on online security, privacy, and how to notify system operators about misconfigured and insecure systems. You can find my papers online, for free: https://scholar.google.com/citations?user=_InDEEgAAAAJ&hl=en

Looking forward to meeting all of you!

#introduction #newhere #owasp #secureCodeBox #pentesting #threatmodeling

GitHub - secureCodeBox/secureCodeBox: secureCodeBox (SCB) - continuous secure delivery out of the box

secureCodeBox (SCB) - continuous secure delivery out of the box - GitHub - secureCodeBox/secureCodeBox: secureCodeBox (SCB) - continuous secure delivery out of the box

GitHub