#WebAppSec — Search

No JavaScript? That's cool, but you'll need to disable Turbo mode as it uses JavaScript in the client.

🚨 CVE-2025-41007: SQL ... Unauthenticated SQLi in Cuantis `/search.php` offers full database CRUD access - classic web app nightmare with 9.3 CVSS. #SQLinjection #webappsec. zerodaysignal.com/vulnerability/…2 #netsec #vulnerability #CVE #sysadmin #zeroday

KNOXSS @KN0X55 · Mar 17

#WebAppSec Rule #1337 Stripping things from the input is not a good idea when you have a WAF in between. #XSS #bypass

1.3K

kevin kubai @KubaiKevin · Mar 5

🔥 WAF just got easier New comprehensive guide covering: ✨ Core concepts 🔧 Practical examples ⚡ Performance tips 🎯 Best practices Dive in �kubaik.github.io/waf-web-shieldFETi4 #GreenTech #WebAppSec #techtrends #CloudNative #Cybersecurity

R M ⚡🇺🇦 @kingthorin_rm · Feb 17

I wrote a Blog post about combining ZAP with CyberChef. #AppSec #WebAppSec #BugBountyTips zaproxy.org/blog/2026-02-1…

Using ZAP's Encode/Decode/Hash Add-on with CyberChef via Encode/Decode Scripts

Combine the Encode/Decode/Hash add-on with CyberChef operations in ZAP Encode/Decode Scripts for flexible encoding, decoding, and hashing in your testing workflow.

From zaproxy.org

552

Vanildo Pedro @icex64 · Feb 17

Developers who understand attackers build better software. Code repositories, CI/CD pipelines, project tools. High-value targets. Misconfigurations lead to credential leaks, supply chain risk, and lateral movement. A new Surface drops tomorrow. #EmpireCyberLabs #webappsec

Vanildo Pedro @icex64 · Feb 9

Web application security still comes down to fundamentals. Web apps are part of most modern environments, so understanding how they work, why vulnerabilities exist, and how to follow a repeatable methodology matters more than tools. #webappsec #bugbounty #infosec

kevin kubai @KubaiKevin · Feb 7

⭐ Boost Security secrets nobody shares New comprehensive guide covering: ✨ Core concepts 🔧 Practical examples ⚡ Performance tips 🎯 Best practices Dive in 👇kubaik.github.io/boost-security…Gxeq #ZeroTrust #WebAppSec #developer #CloudNative #AITools

Empire Cybersecurity @empirecybersec · Feb 6

🚀 HomeHub Surface Lab is LIVE A complete smart home platform with vulnerabilities waiting to be found. 🎯 Beginner 🚩 14 flags ⭐ 1900 points ✅ FREE tier First bloods up for grabscyberlabs.empire-cybersecurity.com4YBl #EmpireCyberLabs #webappsec #TYRm

Vanildo Pedro @icex64 · Feb 6

🚀 HomeHub Surface Lab is LIVE Web application security training has arrived. A complete smart home platform. 🎯 Beginner 🚩 14 flags ⭐ 1900 points ✅ FREE tier First bloods up for grabs cyberlabs.empire-cybersecurity.comAUU6 #EmpireCyberLabs #webappsec #CSZJ

OWASP Web Security Testing Guide @owasp_wstg · Feb 3

Released today by the @zaproxy team #BugBountyTips #AppSec #WebAppSec #DevSecOps

747

Aditya Raj @adityar28126592 · Feb 3

When you spot X-XSS-Protection: 1, do you treat it as a blocker—or as a signal of legacy security thinking? Curious how others adjust their XSS methodology. #webappsec #bugbounty

Bug Bounty Center @BugBountyCenter · Feb 3

Working at what I love, regardless of criticism #BugBounty #WebAppSec

120