The call for papers for NDC Security ends tomorrow. Come do your talk in Oslo: ndcsecurity.com/call-for-pap...

Reminder that the Call for Presentations for Sikkerhetsfestivalen (The Security Festival) is open. OWASP Oslo is hosting an AppSec track. Scroll down the page for English version:

sikkerhetsfestivalen.no/alle-nyheter...

The CFP for the developer conference NDC Oslo closes today. Security talks of course also very welcome.

ndcoslo.com/call-for-pap...

My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]

nastystereo.com/security/rai...

📡 OWASP Secure Headers Project: The "Response Headers" section has been updated with a series of very interesting blog posts about the "Cross-Origin-Embedder-Policy", "Cross-Origin-Opener-Policy" and "Cross-Origin-Resource-Policy" headers.

#appsec #appsecurity #oshp

📖 owasp.org/www-project-...

It wasnt my work. I was just sharing the article.

Breaking Down Multipart Parsers: File upload validation bypass TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass va...

Great read on bypassing upload filters:
blog.sicuranext.com/breaking-dow...

Best suggestion so far. Good find!

See AllowedAADCharacters here: learn.microsoft.com/en-us/azure/...

Does anybody know why Microsoft is blocking the string ".@" in passwords in Azure AD B2C custom policy examples? It's not that they are blocking the individual characters, but that exact combination.

Call for Papers - NDC Security 2025 | Security Conference for Software Developers NDC Security 2025 is a 4-Day Event for Software Developers with a focus on Security. 20-23 January 2025 - Radisson Blu Scandinavia Hotel.

The CFP for NDC Security in Oslo, Norway is about to run out! Submit your talk today!

ndc-security.com/call-for-pap...

hacker drake: you used to shell me on my call phone

Addition to headline «also I dont want to»

Someone figured out how to do this back in March it seems: systemweakness.com/new-prompt-i...

Oh well...

For people with more than one slack of varying importance, this grouping of the slacks is not a good design choice. I don't care if the least important slack has unreads. Now I have to click or hover to see which one it is.