This week, we’re excited to share a list of must-read research! These are some of the most fascinating findings we’ve come across in the past week, so don’t miss out—check them out!
🔒 Exploiting trust: Weaponizing permissive CORS configurations
If you are new to CORS testing, this article will give you a lot of things to check for: Exploiting trust: Weaponizing permissive CORS configurations.
🪲 Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409)
A great post from Project Discovery on the recent ruby-saml bypass and how to leverage nuclei to test for it: Ruby-SAML / GitLab Authentication Bypass (CVE-2024-45409).
📚 HTTP Parameter Pollution in 2024
I really like this kind of content, providing a lot of tiny details on one subject, this time on HTTP Parameter Pollution: HTTP Parameter Pollution in 2024.
🛠️ Differential fuzzing for cryptography
An article on differential fuzzing applied to crypto. A lot is covered, definitely worth a read: https://blog.quarkslab.com/differential-fuzzing-for-cryptography.html.
📚 AppSec eZine #555
AppSec eZine returns with the latest edition—check out issue #555.
