Hi, these are the notes I took while watching the “API Security 101” talk given by Andy Sadako on LevelUp 0x03 / 2019.
This talk covers the basics of API security testing for hackers.
More …Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 22 of February to 1 of March.
Top 10 Writing Mistakes in Cybersecurity and How You Can Avoid Them
One of the first things I was told as a junior pentester was that writing a report is the most important part of a pentest. The reason is that even if you find the craziest vulnerabilities, they’ll bring no value to the customer if you can’t explain them clearly enough. Information like risks, impacts, how the bug works, and how to fix it must be crystal clear so that the client and developers know why they must fix the bug and how.
The good news is that writing good reports is not a magical art, it can be taught. This webcast by SANS has great tips on this topic. These are 10 mistakes to avoid and what to do instead. They apply whether you write your reports in english or any other language.
This is a must-read resource if want to improve the quality of your reports.
More …
Hi, here’s a new episode of the Bug Hunter podcast!
You can now listen to it using the widget below or on the following platforms: Google Podcasts, Anchor, Spotify, Breaker, Pocket Casts and RadioPublic.
Apple podcasts (iTunes) is in the works. And if your favorite podcasting app is missing from this list, please let me know so I can add it.
Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding all links or commands mentioned in the audio.
Hey hackers! These are our favorite resources shared by pentesters and bug hunters last week.
This issue covers the week from 15 to 22 of February.
This is a great wiki on SQL injection for both beginners and advanced testers.
I’m always talking abount maintaining a personal knowledge base. If you need inspiration, this is a perfect example of one which is very well organized and includes most things you need to learn or remember for testing SQL injections:
Hi, I am so happy to finally launch this podcast. The idea behind it is to provide hackers with a unique mix of various topics: technical stuff like hacking Q&As and tool reviews, and non technical advice on productivity, personal growth…
You can listen to the first episode using the widget below or on https://anchor.fm/bughunter. I’m working on making it available on all major platforms like iTunes, Spotify, etc.
Also, if you prefer written text, you’ll find the whole transcript below. It’s also helpful for finding all links or commands mentioned in the audio.
