An Intro to Fuzzing (AKA Fuzz Testing) What is Fuzzing?Fuzzing, also known as fuzz testing, is a technique that allows developers and se... 2021-9-28 15:0:0 | 阅读: 6 | 收藏 | bishopfox.com - bishopfox.com fuzzer fuzzers harness dumb developer

IAM Vulnerable - Assessing the AWS Assessment Tools In my previous post, I introduced IAM Vulnerable, walked through how to set it up in a playground AW... 2021-9-23 15:0:0 | 阅读: 4 | 收藏 | bishopfox.com - bishopfox.com privesc deny 3awspxv1 notaction

IAM Vulnerable - An AWS IAM Privilege Escalation Playground If you are ever in a position where you need to assess the security of an AWS environment, one of th... 2021-9-9 15:0:0 | 阅读: 7 | 收藏 | bishopfox.com - bishopfox.com arn privesc ec2 privesc1

You're Doing IoT RNG There’s a crack in the foundation of Internet of Things (IoT) security, one that affects 35 billion... 2021-8-5 15:0:0 | 阅读: 4 | 收藏 | bishopfox.com - bishopfox.com rng hardware hal entropy csprng

LEXSS: Bypassing Lexical Parsing Security Controls TL;DR By using special HTML tags that leverage HTML parsing logic, it is possible to achieve cross... 2021-6-22 15:0:0 | 阅读: 4 | 收藏 | bishopfox.com - bishopfox.com lexical sanitizing tinymce tokenizer textarea

An Exploration of JSON Interoperability Vulnerabilities TL;DR The same JSON document can be parsed with different values across microservices, leading to... 2021-2-25 16:0:0 | 阅读: 6 | 收藏 | bishopfox.com - bishopfox.com parsers superadmin qty json5

Bad Pods: Kubernetes Pod Privilege Escalation What are the risks associated with overly permissive pod creation in Kubernetes? The answer varies... 2021-1-19 16:0:0 | 阅读: 14 | 收藏 | bishopfox.com - bishopfox.com kubernetes pods privileged security manifests

Lessons Learned on Brute-forcing RMI-IIOP With RMIScout I'm excited to announce some new features that have been added to RMIScout. RMIScout is a tool to pe... 2020-12-8 16:0:0 | 阅读: 4 | 收藏 | bishopfox.com - bishopfox.com rmiscout corba omg iiop

Design Considerations for Secure GraphQL APIs In this article, we are going to discuss a variety of security risks to GraphQL deployments and migr... 2020-9-28 15:0:0 | 阅读: 5 | 收藏 | bishopfox.com - bishopfox.com scalars security caching limiting

Design Considerations for Secure Cloud Deployment Whether you are migrating an on-premise deployment to a cloud provider tasked with deploying a new c... 2020-9-15 15:0:0 | 阅读: 6 | 收藏 | bishopfox.com - bishopfox.com cloud security kubernetes choosing iac