Sam Stepanyan  ๐Ÿ˜

@securestep9@infosec.exchange
918 Followers
125 Following
468 Posts

https://twitter.com/securestep9

#OWASP London Chapter Leader(@OWASPLondon). Application Security (#AppSec) Architect & Consultant. OWASP Global Board Member. OWASP Nettacker Project co-leader. #CISSP

Bloghttps://medium.com/@securestep9
Sam Stepanyan  ๐Ÿ˜4h ago

Who needs developers? #GitHub has just announced that any open GitHub issues can now be assigned to an #AI Agent who will do all the work: ๐Ÿ˜ฎ

* Fix bugs
* Implement new features
* Improve test coverage
* Update documentation
* Address technical debt
๐Ÿ‘‡
https://docs.github.com/en/copilot/using-github-copilot/coding-agent/about-assigning-tasks-to-copilot

Sam Stepanyan  ๐Ÿ˜1d ago

#JWT: 'Attacking JWT using X509 Certificates': how an attacker could sign the JWT token with their own private key and modify the header value to specify their public key for signature verification:
#AppSec
#APIsecurity

https://trustedsec.com/blog/attacking-jwt-using-x509-certificates

Sam Stepanyan  ๐Ÿ˜Jun 11
#Nettacker: very pleased to see @helpnetsecurity publishing an article about our #OWASP Nettacker project!
๐Ÿ‘‡
https://www.helpnetsecurity.com/2025/06/11/owasp-nettacker-open-source-scanner/
OWASP Nettacker: Open-source scanner for recon and vulnerability assessment - Help Net Security

OWASP Nettacker is a free, open-source tool designed for network scanning, information gathering, and basic vulnerability assessment.

Help Net Security
Sam Stepanyan  ๐Ÿ˜Jun 9
#NPM: New Supply Chain #Malware Hits NPM and #PyPI Package Ecosystems. #ReactNative-Aria & #GlueStack packages with cumulative 1mln+ weekly downloads backdoored overnight - check your dependencies!
#SoftwareSupplyChainSecurity
๐Ÿ‘‡
https://thehackernews.com/2025/06/new-supply-chain-malware-operation-hits.html
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally

Supply chain attack infects 16 GlueStack npm packages used by 1M weekly users, enabling malware that steals data and controls systems.

The Hacker News
Sam Stepanyan  ๐Ÿ˜Jun 7

IDOR with unpredictable IDs are valid vulnerabilities - blog post by @rez0__

https://josephthacker.com/hacking/cybersecurity/2022/08/18/unpredictable-idors.html

IDORs with unpredictable IDs are valid vulnerabilities

A breakdown of why IDORs with unpredictable IDs are valid vulnerabilities.

Sam Stepanyan  ๐Ÿ˜Jun 3

#Chrome: #Google released a fresh Chrome 137 update to address 3 vulnerabilities, including a high-severity #zeroday CVE-2025-5419 exploited in the wild. Make sure to restart your Chrome TODAY to update it:

https://www.securityweek.com/google-researchers-find-new-chrome-zero-day/

Sam Stepanyan  ๐Ÿ˜Jun 1
Gareth Heyes May 31

DOM Explorer - a brilliant HTML hacking tool!

https://yeswehack.github.io/Dom-Explorer/

Dom-Explorer

Sam Stepanyan  ๐Ÿ˜May 31
Many thanks everyone who came to my talk on the OWASP Nettacker project at the #OWASP Global AppSec 2025 Conference in Barcelona!
Several attendees will be joining us to collaborate and contribute! ๐Ÿš€
๐Ÿ‘‰ https://github.com/OWASP/Nettacker
Sam Stepanyan  ๐Ÿ˜May 31
#Deloitte Data Breach: Alleged Leak of Source Code & GitHub Credentials that could potentially grant unauthorized access to Deloitteโ€™s internal development infrastructure, as well as source code from proprietary projects - now on the Darkweb
๐Ÿ‘‡
https://cybersecuritynews.com/deloitte-data-breach/
Sam Stepanyan  ๐Ÿ˜May 29
If you are attending the OWASP Global AppSec 2025 conference in Barcelona and if you are an OWASP member you can grab a challenge coin ๐Ÿช™ from the members lounge (room 111)!
You can also join OWASP as a member at the conference!
๐Ÿ‘‡