#websecurity

@razi93.bsky.social

7 hours ago

Protect your website content
Right Click Ban & Content Protection secures your data.

Use coupon code FLASH
pathhan.short.gy/culI1o

#WordPress #ContentProtection #WordPressPlugin #WebSecurity #WebsiteProtection

EKON | Die Entwickler Konferenz für Delphi

@ekon-konferenz.bsky.social

12 hours ago

Modul WEBSEC – Web Security in der Softwarearchitektur Das iSAQB®-Modul WEBSEC vertieft Sicherheitsaspekte in der Softwarearchitektur – mit Threat Modeling, Kryptographie und Schutz vor typischen Webangriffen.

Willst du Web-Apps wirklich sicher machen❓

Modul WEBSEC: Sicherheitsgrundlagen anwenden
✓ Angriffsvektoren erkennen
✓ OWASP Top 10 umsetzen
✓ Strategien für Web- & Embedded-Systeme

18.–20. Mai 2026 | München
👉 https://f.mtr.cool/wymrhbcgxg

#WebSecurity #OWASP

Offensive Sequence

@offseq.bsky.social

1 day ago

CVE-2026-34989: CWE-79: Improper Neutralization of Input During Web Page Generat CI4MS versions before 31.0.0.0 fail to neutralize user input properly when users update their profile names, leading to stored cross-site scripting (CWE-79). Malicious JavaScript injected into profile names is stored on the server and later

ci4-cms-erp ci4ms <31.0.0.0 faces CRITICAL stored XSS (CVSS 9.4)! Attackers can run JS via profile name fields. Upgrade to 31.0.0.0+ for protection. radar.offseq.com/threat/cve-2026-34989-cw... #OffSeq #XSS #WebSecurity

Aleksei Aleinikov

@aleksei-aleinikov.bsky.social

1 day ago

Why Your Redirects Are Vulnerable — and How to Fix Them in 2025 Three redirect rules that save me hours of debugging.

Most redirect bugs are not navigation bugs.

They’re trust bugs.

Never redirect raw input.
Validate the URL.
Block unsafe schemes.
Allowlist domains.
Choose assign vs replace on purpose.

javascript.plainenglish.io/why-your-red...

#JavaScript #WebSecurity #Frontend #WebDevelopment #XSS

BASTA!

@bastacon.bsky.social

1 day ago

Web Security Camp – Praxis-Workshop zur Absicherung von Webanwendungen Praxisnahes 2-Tages-Training mit Martina Kraus: Lerne Webanwendungen sicher zu machen mit OAuth2, CSP, HTTP-Security-Headern, API-Schutz und OWASP Top 10 – inkl. Hands-on-Übungen.

🚀 Webapps sind nur so stark wie ihre Security.

Im Web Security Camp zeigt Dir @martinakraus11.bsky.social, wie Du echte Angriffe verhinderst & sichere Systeme baust.

🔐 Auth & APIs absichern
🛡️ Bedrohungen verstehen

🔗 https://it-security-summit.com/web-security-camp/

#WebSecurity #bastacon

Software Architecture Summit

@softwarearchsummit.bsky.social

1 day ago

Modul WEBSEC – Web Security in der Softwarearchitektur Das iSAQB®-Modul WEBSEC vertieft Sicherheitsaspekte in der Softwarearchitektur – mit Threat Modeling, Kryptographie und Schutz vor typischen Webangriffen.

🔒Kennst du die Sicherheitslücken deiner Webanwendungen?

Im Modul WEBSEC – lernst du, Angriffe zu erkennen & Websysteme zu schützen.

Security-by-Design, Authentifizierung & Schutzmechanismen inklusive.

💡Jetzt absichern:
https://f.mtr.cool/uapvqzowtl

#WebSecurity

Script Data Insights

@scriptdatainsights.bsky.social

1 day ago

Your DB is screaming for help. Stop trusting user input. 💀

📃 scriptdatainsights.blogspot.com/2026/04/sql-...
🎞️ youtube.com/shorts/oCpmg...
🛒 scriptdatainsights.gumroad.com/l/april-skil...

#CyberSecurity #SoftwareEngineering #SQL #Backend #CodingLife #WebSecurity

CyberTaters

@potato.software

2 days ago

CORS Misconfiguration is one of the most overlooked web security vulnerabilities yet attackers can use it to steal sensitive data from users without permission.

Learn how it works, how mashers exploit it, and how developers can fix it in 2026.
#WebSecurity #CORS #BugBounty #PotatoAwareness #potato

Cyber Samir

@cybersamir.bsky.social

2 days ago

CORS Misconfiguration Explained (2026) – Exploitation & Prevention Guide What is CORS Misconfiguration? Exploitation, Risks &amp; Prevention Guide (2026) Imagine this: a developer at a fintech startup launches a new API endpoint. To speed up testing, they configure the server to accept requests from any origin. They push to production, move on, and forget about it. Six months later, a threat actor discovers that endpoint, crafts a malicious webpage, tricks authenticated users into visiting it, and silently siphons account data all because of one misconfigured HTTP header.

CORS Misconfiguration is one of the most overlooked web security vulnerabilities yet attackers can use it to steal sensitive data from users without permission.

Learn how it works, how hackers exploit it, and how developers can fix it in 2026.
#WebSecurity #CORS #BugBounty #CyberAwareness #cyber

BSides Tokyo

@bsides.tokyo

2 days ago

BSides Tokyo 2026 Speaker

[BSides Tokyo 2026 Speaker Reveal]
Taiga Shirakura: "Simple Request Blind Spots"

"Simple Request" is a modern CSRF defense, but even major web frameworks missed these hidden pitfalls...

🔗 Details: bsides.tokyo/en/2026/n03/
🎟️ Tickets: peatix.com/event/4825609/

#BSidesTokyo #WebSecurity #CSRF

WebPerformance Report

@webperfreport.bsky.social

3 days ago

Three WebPerformance Report email examples showing web performance, accessibility, and security reports on a colorful gradient background.

🎉 WebPerformance Report Week #14 is out! ✅
Join our growing community and subscribe today:
⚡ Web Performance Report: webperformancereport.com
🛡️ HTTP Security Report: webperformancereport.com/httpo/
♿ A11ty Report: webperformancereport.com/wave/
#webperf #websecurity #accessibility #a11ty #ai

iRexta

@irexta.bsky.social

5 days ago

Comprehensive guide on HTTP security headers for server hardening and enhanced web security.

Is your server "Grade F" secure? Default Nginx/Apache setups are wide open to XSS & Clickjacking.

Learn how to implement the "Big 6" Security Headers (HSTS, CSP, etc.) to reach Grade A+ instantly.

Full Guide for @iRexta:
www.irexta.com/tutorials/ul...

#iRexta #CyberSecurity #SysAdmin #WebSecurity

Duende Software

@duendesoftware.com

6 days ago

Content Security Policy Reporting with IdentityServer In this third installment of our mini-series on Content Security Policy (CSP), we dive into a critical security practice: detecting when a policy violation has occurred. Having a strict CSP is great,…

Looking to lock down your web app? 🔒 Don't just set a #CSP, learn how to monitor it! Our new video dives into Content Security Policy Reporting using report-uri, report-to, and friends.

Know when a violation occurs: youtu.be/apoRlEq5PAs

#WebSecurity #dotnet #CSP #InfoSec

Programming n' Language

@pnlcommunity.bsky.social

6 days ago

Break down by countries, Mexico, Unite States, Singapore are in the top. Traffic are fairly distributed. How do you think?

#webdev #websecurity #ddos #buildinpublic

Jerome Etienne

@jerome-etienne.bsky.social

1 week ago

Introducing EmDash — the spiritual successor to WordPress that solves plugin security Today we are launching the beta of EmDash, a full-stack serverless JavaScript CMS built on Astro 6.0. It combines the features of a traditional CMS with modern security, running plugins in sandboxed Worker isolates.

🚀 HN: Cloudflare launches EmDash – a new, modern alternative to WordPress focused on plugin security 🔒 and scalability! Discover the future of safer, open web publishing: #HN #WordPress #WebSecurity #OpenSource #Cloudflare

Klickhere Web Solutions

@klickhere.bsky.social

1 week ago

Website Security Essentials for 2026 Protect your business website in 2026 with these essential security tips. From SSL certificates to backups and firewalls, we make website security simple and stress-free.

🔐 Website security in 2026 doesn't have to be complicated.

Our latest guide covers 10 practical steps every small business owner should take. Plain English, no fluff.

👉 link.klickhere.com/website-secu...

#WebSecurity #SmallBiz #CyberSecurity #WebDesign #OpenWeb

RootNationEN

@rootnationen.bsky.social

1 week ago

The End of CAPTCHAs? How Trafficmind Bot Protection Works For more than twenty years, CAPTCHAs have served as the default countermeasure against automated web traffic. Although this challenge-response mechanism was reasonably effective in the early internet era, it has now become nothing more than a hassle for legitimate users. Touchscreen browsing, privacy-focused browsers, and VPN usage frequently trigger repeated verification loops that interrupt the […] Post The End of CAPTCHAs? How Trafficmind Bot Protection Works at Root-Nation.com.

The End of CAPTCHAs? How Trafficmind Bot Protection Works #CAPTCHA #BotProtection #WebSecurity #Trafficmind #CyberSecurity

Programming n' Language

@pnlcommunity.bsky.social

1 week ago

Wrote a simple blog post about this incident:
pnl.dev/topic/1091/p...

#webdev #websecurity #devlog

Martino Quintas

@estaim85.bsky.social

1 week ago

Every package you install runs code with your secrets in reach chat-to.dev/post?id=RVJv... #programming #hacker #websecurity #developers #technology

Offensive Sequence

@offseq.bsky.social

1 week ago

CVE-2026-34558: CWE-79: Improper Neutralization of Input During Web Page Generat CVE-2026-34558 is a stored DOM-based Cross-Site Scripting (XSS) vulnerability identified in ci4ms, a CMS built on the CodeIgniter 4 framework. The vulnerability exists in versions prior to 0.31.0.0 within the Methods Management functionalit

Critical XSS in ci4ms (<0.31.0.0): attackers can store malicious JS in admin UI, exposing sensitive data. Upgrade to 0.31.0.0+ now! 🔒 radar.offseq.com/threat/cve-2026-34558-cw... #OffSeq #XSS #WebSecurity

Programming n' Language

@pnlcommunity.bsky.social

1 week ago

🤪 Wake up at 6 to find the website under extreme stress. Spent an hour configuring rules on Cloudflare, the Under Attack mode saved the day! What a time to we are living in!
Are most traffic from AI bots these days?

#webdev #indiedev #websecurity #ddosed #buildinpublic

Nox - CtrlAltPlay

@nonoxprime.bsky.social

1 week ago

Attaque DDoS : comprendre, identifier et se protéger efficacement

Les attaques DDoS peuvent mettre un site KO en quelques minutes ⚠️
Comprendre, détecter et se protéger est devenu essentiel en 2026.

👉 Guide complet à découvrir sur CtrlAltPlay

#CyberSecurity #DDoS #Cyberattaque #Infosec #WebSecurity #DevOps

WebPerformance Report

@webperfreport.bsky.social

1 week ago

Three WebPerformance Report email examples showing web performance, accessibility, and security reports on a colorful gradient background.

🎉 WebPerformance Report Week #13 is out! ✅
Join our growing community and subscribe today:
⚡ Web Performance Report: webperformancereport.com
🛡️ HTTP Security Report: webperformancereport.com/httpo/
♿ A11ty Report: webperformancereport.com/wave/
#webperf #websecurity #accessibility #a11ty #ai

OpsMatters

@opsmatters.com

1 week ago

Detectify Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including OWASP Top 10, and can be used on both staging and production environments.

The latest update for #Detectify includes "Introducing #GraphQL Support for API Scanning" and "Introducing IP Range Scanning: continuous Surface #Monitoring for your entire network".

#cybersecurity #webvulnerabilities #websecurity https://opsmtrs.com/33CTOVX

The Drop Times

@thedroptimes.bsky.social

1 week ago

Maintenance update improves stability and Drupal 12 readiness

File Upload Secure Validator 2.2.1 improves CI stability.
Adds Drupal 11 support and prepares for Drupal 12.
Focus: testing, deprecations, and maintainability.

🔗 https://bit.ly/41gmvWJ

#Drupal #OpenSource #WebSecurity #DrupalModules

CyberMaterial

@cybermaterial.bsky.social

1 week ago

WebRTC Skimmer Bypasses CSP Defenses
Read More: buff.ly/bomNg9P

#WebRTCSkimmer #PaymentSkimmer #Magecart #WebSecurity #CSPbypass #EcommerceSecurity #DataExfiltration #ThreatResearch

The Drop Times

@thedroptimes.bsky.social

1 week ago

Codex Security Complements but Does Not Replace SAST in WordPress and Drupal CI Codex Security is being seen by some teams as a replacement for static analysis, but its design suggests a different role. In an article by Victor Jimenez, the system is positioned as a complementary layer focused on validation and patching rather th...

Codex Security complements but doesn’t replace SAST in Drupal CI.
Focuses on threat modelling and validation, not deterministic checks.
Layered security pipelines remain essential.

🔗 https://bit.ly/4bN1845

#Drupal #WebSecurity #DevOps #OpenSource

Jay

@jay52-tx.bsky.social

1 week ago

Goodbye innerHTML, Hello setHTML: Stronger XSS Protection in Firefox 148 – Mozilla Hacks - the Web developer blog Cross-site scripting (XSS) remains one of the most prevalent vulnerabilities on the web. The new standardized Sanitizer API provides a straightforward way for web developers to sanitize untrusted…

Goodbye innerHTML, Hello setHTML for Stronger XSS Protection || #JavaScript #WebDev #WebSecurity mzl.la/4dCPw67

The Drop Times

@thedroptimes.bsky.social

2 weeks ago

Session on continuous software supply chain risk monitoring

amazee.io @amazeeio.bsky.social to host a webinar on Dependency-Track and SBOM monitoring.

Covers EPSS, VEX, and CI/CD policy gates for continuous vulnerability tracking.

Focus: real-time dependency risk visibility.

🔗 https://bit.ly/4t9lLyl

#Drupal #WebSecurity #DevOps #OpenSource

OpsMatters

@opsmatters.com

2 weeks ago

Detectify Detectify is a web security scanner that performs fully automated tests to identify security issues on your website. It tests your website for over 1000 vulnerabilities, including OWASP Top 10, and can be used on both staging and production environments.

The latest update for #Detectify includes "Introducing IP Range Scanning: continuous Surface #Monitoring for your entire network" and "Baking accessibility into our product foundation".

#cybersecurity #webvulnerabilities #websecurity https://opsmtrs.com/33CTOVX