🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

The OWASP ASVS Project 4.0 is done.

"CVE-2018-18809 Path traversal in Tibco JasperSoft" #fulldisclosure in my blog security.elarlang.eu/cve-2018-18809…

Enne kui nõuda, et parool peab olema pikk, peaks selle nõude ka lahti seletama. Hoopis olulisem on kasutajatele soovitada, et parool peab olema igas kasutatavas keskkonnas unikaalne. Parooli pikkus saab määravaks alles siis, kui midagi muud juba läks nihu.

Our team Catapult Sheep! 1st place @ CTF and 1st place @ scavenger hunt! #disobey2020

ASVS 4.0.3 is now live! A huge thank you to Elar Lang Josh Grossman 👻 (tghosth) Jim Manico from Manicode Security Daniel Cuthbert Andrew van der Stock, OWASP ED and countless other volunteers who made this release happen. github.com/OWASP/ASVS/raw…

In case you are interested what is happening in #Ukraine then you can follow (and share) my list of sources: x.com/i/lists/149691…

ASVS 5.0 in cooking

Nordic Testing Days 2022 keynote "Passion Driven Testing", 2nd of June 9 AM. Get your laptop ready for the demo, see ntd.elarlang.eu #PassionDrivenTesting #NTD #NTD2022 Nordic Testing Days

Thanks to Clarified Security (clarifiedsecurity.com) for being a Maintaining Supporter and allowing significant company time to be used for the OWASP® Foundation ASVS project! For details on all supporters and how you can support the OWASP ASVS Project project, see: owasp.org/www-project-ap…

My keynote, called "Passion Driven Testing", for Nordic Testing Days 2022 youtube.com/watch?v=jfrdaa… I share my view on how to stay motivated. Contains some hacking demos. Nordic Testing Days #NTD2022

During one pen-test case, I figured out a nice feature from Drupal core. Now, 2 months later, there is Drupal Security Announcement SA-CORE-2022-014 with Security risk: Critical. drupal.org/sa-core-2022-0…

Watching WRC All-Live next to working vulcano in Iceland. Becs Williams Julian Porter #WRC

After years of hearing questions like "Do you have any course that teaches how to make stuff more secure instead of only breaking it?" we finally have a course about configuring services to reduce their attack surface! clarifiedsecurity.com/service-harden…

Reflected XSS in cert.org. Request URI is still user input. security.elarlang.eu/reflected-xss-…

SQL injection in Joomla extension DT Register security.elarlang.eu/sql-injection-…

Tested one piece of my Web Application Security training in different format - "Testing for XSS" Nordic Testing Days #NTD2017 x.com/nordictestdays…

2 SQL injection vulnerabilities in dotCMS (CVE-2016-10007 and CVE-2016-10008 Full Disclosure). security.elarlang.eu/cve-2016-10007…

CVE-2017-15715 - Apache HTTP Server - <FilesMatch> bypass with a trailing newline at the end of the file name. Full Disclosure in my blog security.elarlang.eu/cve-2017-15715…