Published the writeup for the authenticated SQL injection vulnerability in Kanboard - CVE-2026-33058.

https://0dave.ch/posts/cve-2026-33058/
https://www.cve.org/CVERecord?id=CVE-2026-33058
https://github.com/kanboard/kanboard/security/advisories/GHSA-f62r-m4mr-2xhh

#webappsec #cve #sqli

I wrote a Blog post about combining ZAP with CyberChef.

#AppSec #WebAppSec #BugBountyTips

https://www.zaproxy.org/blog/2026-02-17-encoder-cyberchef-via-scripts/

@zaproxy Released add-ons today:

GraphQL ➡️ Fixes the optional integration with the Tech Detection add-on which had been failing.

OpenAPI ➡️ Re-enables Swagger Secret Detector Script Scan Rule, the JS Engine memory leak has been addressed.

#AppSec #DevSecOps #WebAppSec #BugBountyTips

Please go sign this 🇨🇦 Federal petition to establish a mandatory secure coding policy for the government of Canada:

https://www.ourcommons.ca/petitions/en/Petition/Details?Petition=e-7115

🍁

#SDLC #AppSec #WebAppSec

Stay connected.
Join me on heroic intelligence quests!

Do you feel a need to understand what is worthy of news personally and globally?

Map your life using top #security doctrines from the foundations up.
Let me introduce you to information gathering techniques from the overlap of research into Consciousness and Internet Technologies.

Included are selected map previews and trendy Cyber Security oriented deliverables from my specialization.

Welcome to the "Heroic Intelligence Map Guild" on Skool.

https://www.skool.com/deep-security-maps-lab-4515

#Mapping #Intelligence #Consciousness #Technology #ModernWestern #Skool #course #InfoSec #CyberSec #Alignment #WebAppSec #Vulnerability #RiskManagement #MindMap

First Tier courses available.

Hey Fediverse. Can you get @zaproxy to 15k ⭐️?

#OpenSource #DAST #AppSec #WebAppSec #ITSec #CyberSec #PenTest #BugBountyTips

Current Stars 14500

https://github.com/zaproxy/zaproxy

I completed the Web Security Academy lab:
2FA simple bypass

#authentication_bypass #WebAppSec
https://portswigger.net/web-security/authentication/multi-factor/lab-2fa-simple-bypass

I just completed the Web Security Academy lab:

Authentication bypass via OAuth implicit flow

#AuthenticationBypass #WebAppSec #Cybersecurity

https://portswigger.net/web-security/oauth/lab-oauth-authentication-bypass-via-oauth-implicit-flow

Ever found /backup.zip five minutes before your report was due?

Yeah - this one’s for you.

We just gave our URL Fuzzer a good refresh - cleaner look, more detailed specs, and faster results you can truly act on.

Because attackers love the stuff no one remembers to lock down:
🔒 /backup.zip
🔧 /admin-old/
📦 /staging/
…you get the idea.

Now it’s even easier to:
✅ Uncover unlinked or forgotten resources
✅ Spot exposed config files, DB dumps, and admin panels
✅ Cut through static and surface real exposure - fast

📎 Try the new experience 👉 https://pentest-tools.com/website-vulnerability-scanning/discover-hidden-directories-and-files

#offensivesecurity #webappsec #vulnerabilityassessment