🚀 Join Us for a Two-Day Intensive Training on Security Code Review in Paris! 🚀 Are you an Application Security Engineer, Code Reviewer, or Pentester looking to enhance your skills? This is your opportunity to dive deep into the world of security code review with expert guidance. 📅 Dates: October 7th and 8th 🕘 Time: 9 AM - 5 PM 📍 Location: Paris Limited seats available! Don’t miss out on this chance to improve your code review skills! 🔗 Register Now to secure your spot! https://lnkd.in/g3mRUcid #ApplicationSecurity #CodeReview #Pentesting #SecurityTraining #Paris #CyberSecurity #ProfessionalDevelopment
About us
PentesterLab is an easy and great way to learn penetration testing. PentesterLab provides free vulnerable systems that can be used to test and understand vulnerabilities. Our exercises are based on common vulnerabilities found in different systems. The issues are not emulated. We provide you real systems with real vulnerabilities. They are not just a bunch of vulnerabilities put together, they are built to teach you how to think like an attacker.
- Website
-
https://pentesterlab.com
External link for PentesterLab
- Industry
- Computer and Network Security
- Company size
- 2-10 employees
- Headquarters
- Melbourne
- Type
- Public Company
- Founded
- 2011
- Specialties
- Training, Penetration testing training, IT security training, Web security training, Penetration testing, and Code review
Locations
-
Primary
Get directions
Melbourne, AU
Employees at PentesterLab
Updates
-
We just released three new challenges as part of our Java Code Review Badge: https://lnkd.in/gxncvdKB
-
Articles worth reading discovered last week: # Windows Installer, Exploiting Custom Actions 🗞 https://lnkd.in/g7Z-2y2u # Encoding Differentials: Why Charset Matters 🗞 https://lnkd.in/gs3TM9Ph # Multi-sandwich attack with MongoDB 🗞 https://lnkd.in/gDZYF3hK # One shell to rule them all 🗞 https://lnkd.in/gfYACzfY # AppSec eZine 544 🗞 https://lnkd.in/gmDCYz-R # defparam/lemma 🗞 https://lnkd.in/gUyjKnHx # Introducing: TE.0 HTTP Request Smuggling 🗞 https://lnkd.in/gazb7GZD # Github Actions Exploitation: self-hosted runners 🗞 https://lnkd.in/gYqFDqZS #PentesterLabWeekly
Windows Installer, Exploiting Custom Actions
blog.doyensec.com
-
PentesterLab reposted this
I just published the dates for the first 2 in-person trainings in Ghent and Paris in late September and early October: https://lnkd.in/gYgjYpYk Training in English (Q&A in French and English). Lunch provided.
Subscribe to PentesterLab on Gumroad
pentesterlab.gumroad.com
-
The hardest part for pentesters transitioning into security code review is going back to the low level of confidence they had when starting as blackbox testers and starting all over again. A big part of becoming a good blackbox tester is learning to be uncomfortable until you finally become comfortable: you're more knowledgeable and you know you can figure it out with a high degree of confidence. Security code review is exactly the same. Here's the honest truth about this transition: It’s Hard: There’s no sugar-coating this. It's a challenging journey that demands patience and perseverance. It Takes Time: Just as it did with pentesting, mastering code review is a gradual process. Be Prepared to Feel Dumb Again: This is part of the learning curve. Check the comment to keep reading for Key Tips to make the Transition 👇
-
PentesterLab reposted this
Second cohort of PentesterLab Web Security Code Review Training starting in two hours! Let's go!
-
Articles worth reading discovered last week: # The case for burning counterterrorism operations 🗞 https://lnkd.in/g9gWtYEk # PlORMbing your prisma ORM with time-based attacks 🗞 https://lnkd.in/gThSm3Wm # Evernote RCE 🗞 https://lnkd.in/gKdt_5GF # AppSec eZine #543 🗞 https://lnkd.in/giDtQVr6 # Introducing a New Vulnerability Class: False File Immutability 🗞 https://lnkd.in/eSmYFnks It is now available on our blog too: https://lnkd.in/gfJJK_7R #PentesterLabWeekly
The case for burning counterterrorism operations
blog.kwiatkowski.fr
-
One effective way to accelerate your security code review or pentest is to understand what developers get for free! In this blog post, we'll see why this matters. Today, it's increasingly rare for developers to create applications without utilizing frameworks and libraries. These tools offer functionalities that are often more mature and reliable than custom-written code. For example, developers shouldn't usually have to write their own implementations for authentication, password storage, JWT, or SAML. These features are hard to write and hard to get right. The more developers rely on battle-tested code for these, the better. For security reviewers, this means you can probably increase your coverage by spending more time on the code that developers didn't get for free! This doesn't mean you shouldn't test these frameworks or libraries. Instead, it suggests that the code provided by these tools is generally of higher quality and security. Understanding what developers get for free can also help you identify common misuse. If you're experienced in code review or pentesting, you know that many frameworks and libraries do not always provide a high level of error-proofing, and developers often make similar mistakes. Keep reading... https://lnkd.in/gCYsnkQy
PentesterLab Blog: What Developers Get for Free
pentesterlab.com