#AppSec — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

Karan Preet Singh Sasan @sasan_karan · 1h

🚀 Announcing OWASP VulnerableApp 2.0.0 📷 We’re excited to share that VulnerableApp-2.0.0 has just been released! github.com/SasanLabs/Vuln…I3H #OpenSource #AppSec #SecurityTesting #DevSecOps #VulnerableApp #OWASP #SasanLabs #AI #LLMSecurity

Release 🚀 VulnerableApp Release v2.0.0 · SasanLabs/VulnerableApp

This release introduces major enhancements to VulnerableApp, including the addition of LLM-focused security labs, new vulnerabilities, and improvements across the platform. 🔥 Highlights 🤖 Introdu...

From github.com

SecretNotes/Pro @SecretNotesPro · 4h

Why HMAC-SHA256 instead of === ? === stops at the first wrong char. Fast fail = timing attack vector. HMAC + timingSafeEqual: every comparison takes identical time. Microseconds matter in security. #AppSec #InfoSec #DevTips

Audn AI @audn_ai · 4h

We just let an AI generate shellcode for a known ransomware sample and it outperformed our handcrafted payloads, does that mean the next wave of malware will be AI-born? Share your thoughts 🧠 #appsec #malware #AIsecurity

JTCrawford @JtCrawford · 5h

Security researchers scanned 10M websites and found nearly 2,000 exposed API keys—valid credentials left in public code. Basic hygiene failures at scale. If your threat model doesn't include developer discipline, you don't have a threat model. #CyberSecurity #AppSec

Audn AI @audn_ai · 6h

We see generative AI code reviewers becoming the new first line of defense in appsec, but only if enterprises embed them into CI pipelines with strict prompt controls; otherwise they become another attack surface 🚀 #enterprisesecurity #appsec #generativeAI

CVERiskPilot @cveriskpilot · 6h

Your scanner found 8,000 CVEs. Cool. Which ones have active exploits? Which ones are in CISA KEV? Which ones actually hit your stack? That's what CVERiskPilot answers. Just migrated to GCP — alpha phase on new infra. Moving fast. #CVERiskPilot #AppSec #VulnerabilityManagement

XHack @xhackio · 7h

Ever wonder why parameterized queries are your first line of defense against SQL injection? It's because they separate SQL code from user data, preventing attackers from manipulating your queries. Always use them over string concatenation! #appsec #OWASP #cybersecurity

Ofek Shaked @VibeCoderOfek · 7h

Replying to @VibeCoderOfek

Are you building Agentic workflows? How are you handling tool-layer security? Let's discuss in the replies. #AI #AppSec #AgenticSystems #SoftwareArchitecture

Xygeni @xygeni · 10h

Most tools look for CVEs, signatures, hashes. Modern malware doesn’t. It hides in deps, CI/CD, build scripts… and runs at runtime. 👉 No CVE. No alert Better question: What is this code doing when it runs? Read more →xygeni.io/blog/ai-powere…X #AppSec #DevSecOps #CyberSecurity

AI-Powered Malware Detection in SSCS | Xygeni

AI-powered malware detection stops ai malware through behavioral analysis and protects code, dependencies, and CI/CD pipelines.

From xygeni.io

Layerd AI @Layerd__AI · 11h

Your attack surface = everything exposed. Know it. Reduce it. #CyberSecurity #AppSec

edusum.com @edusumcom · 14h

Cracking the 312-95 Certification (CASE .NET) requires more than theory - practical application security skills matter. Structured prep + real-world scenarios can boost confidence and success. codeprojects.org/projects/webla… #ECCouncil #CASENET #AppSec #CyberSecurity

Eyal Estrin ☁️ @eyalestrin · 14h

Fake install logs in npm packages load RAT dlvr.it/TRlCr8 #appsec

Audn AI @audn_ai · 14h

We see the next wave of zero-day hunts shifting from monolithic codebases to serverless functions, and OpenClaw's auto-scanner will become the de facto standard for runtime fuzzing. Agree? 🤔 #vulnerability #appsec #OpenClaw

ZeroThreat.ai @ZeroThreat_ZT · 18h

Security testing is stuck in 2015. Modern apps = APIs, SPAs, complex flows. Most tools = static scans, no real attack paths. Meet Agentic AI Pentesting by ZeroThreat. Find → Exploit → Prove. Real risk. No noise. Try: zurl.co/ajAXp #AppSec #DevSecOps #AI

CVERiskPilot @cveriskpilot · 19h

Migrating CVERiskPilot to GCP — Cloud Run, Cloud SQL, Cloud Armor WAF, and KMS encryption at rest. Faster scans. Stronger security posture. Enterprise-grade infra for enterprise-grade vuln management. #CVERiskPilot #AppSec #DevSecOps #GCP

Arnold Mavhezha | Offensive Security @arnold_mavhezha · 22h

I used to write SQL queries. Now I break them. New blog: Developer Brain → Attacker Eyes (SQL Injection) • How devs accidentally create vulnerabilities • How attackers actually think 🔗mavhezha.com/blog/developer…e #CyberSecurity #AppSec #Pentesting #SQLInjection #OffensiveSecurity #OffSec

I Wrote This Bug. Then I Exploited It.

A developer's guide to SQL injection from both sides of the keyboard. Series: Developer Brain, Attacker Eyes.

From mavhezha.com

LandingRoles @landingroles · 1d

Airtable is hiring Product Security Engineer — Remote Up to $277K Build automated security frameworks for JS/TS apps, securing AI/ML integrations and multi-tenant architectures. Link in reply. #productsecurity #appsec #javascript

Jude👨🏾‍💻 @_yawanewuoh · 1d

💀How do APIs get hacked? #appsec #cybersecurityF

securelic @securelic · 1d

Don’t just scan attack your own app before attackers do. Learn how OWASP ZAP Active Scanning simulates real-world attacks to uncover critical vulnerabilities like SQLi & XSS. ⚡ Proactive defense starts here: securelic.com/blog/proactive… #CyberSecurity #OWASPZAP #AppSec #PenTesting #Securelic

OWASP ZAP Active Scan: Proactive Vulnerability Detection Guide

Go beyond observation. Learn how OWASP ZAP Active Scan uses automated attacks to find SQLi, XSS and more. Secure your B2B SaaS with proactive DAST.

From securelic.com

CVERiskPilot @cveriskpilot · 1d

CVERiskPilot Beta 2.0.2 shipped. XLSX CVE patched. SOC2 audit events wired for session revoke, billing override, and webhook bypass. Security boundaries hardened. npm audit --omit=dev is at 0 high/critical. Building in public. #AppSec #SOC2 #DevSecOps