State lawmakers turn to creative solutions in speaker fights
As Republican infighting debilitates Washington, some state legislatures have managed to launch sessions complicated by similar GOP partisan divides or razor-thin margins of party control with creative, if yet untested, solutions.
How to build your intuition in finding web app bugs?
Disclaimer: I’m not good in this and still learning, just want to share my experience.
I’ve noticed that there are so many questions in reddit asking how to start web pentest, how to be good in it, etc.
Short answer: Read, practice, repeat the process
Long answer:
The reason why I write the post here is I find that very difficult in real life to get someone to guide, help and show me tips and tricks. Instead, I had to learn it the hard way and find the answer by myself. So, I hope that by this little sharing I can help those who are struggling just like me. Remember, you’re not alone out there, this subreddit is very helpful. I’m glad I found this.
I used to try different vulnerable web apps such as DVWA, Mutillidae, WebGoat, and many more.
What I did wrong was I did not try hard to understand what the application does. Instead, when I stuck, I was quickly google for solution, and read about the walkthrough and solution for that challenge.
When I do more practice, I realize that in order to build intuition to find a real bug, I really need to map the application, click every single links available, try to really understand every single functions available (while sending all this requests to Burp so that I can analyze it later). Believe me, this part is very important.
Let’s take a look a Lab from Web Security Academy
https://portswigger.net/web-security/csrf/lab-no-defenses
I know this is particularly targeted against “CSRF vulnerability with no defenses”, but when you try it, try to use different payload as you’re on a real target where you don’t know what is the actual vulnerability.
Keep doing this and I believe you’ll getting better from day to day.
Once you find the solution, look at the walk-through, see what others do differently. You might be able to learn one or two tricks from there.
This is what I’ve been doing lately, and if there are more tips and tricks, e.g. how did you learn, feel free to share it especially on web app, api, or mobile pentest.
submitted by /u/w0lfcat
[link] [comments]
Russia’s claims it killed 600 Ukrainian soldiers in rocket strike is blown apart as Kyiv says it ‘didn’t kill a soul’
RUSSIA’S claims it killed 600 Ukrainian soldiers in a revenge attack have been rubbished by Kyiv.
Moscow said it had blasted two buildings temporarily housing 1,300 Ukrainian troops in the country’s eastern region Donetsk on Sunday.
A…
Biden STOLE From The American People Last Year!! #ANewConservativeAgeIsRising #DrSteveTurley #Turley #TurleyTalks #MaryPatriotNews [Video]
Join Dr. Steve and Troy Noonan LIVE on January 12th to learn how to be a BackPack Trader! https://www.backpacktrader.net/Event
Muslim Apologist Attempts to Prove Islam: Putting the Quran to the Scientific Test with Nadir Ahmed #BiblicalExegesis #ChristianApologetics #Islam #Muhammad #Polemics #ReasonedAnswers #MaryPatriotNews [Video]
I often ask Muslims “what is your best evidence that Islam is true?” I rarely get an answer. Enter Nadir Ahmed: the man willing to defend Islam when no one else is. Nadir is ready with his answer – the Quran is scientifically accurate – and he is ready to defend his claim live. I hope you’ll join Amir Khan and myself as we discuss science in the Quran and see Nadir’s beliefs hold up to scrutiny.Amir Khan on YouTube: https://www.youtube.com/channel/UCjihJIbM6-5KawMDak5D7kwNadir Ahmed on YouTube: https://www.youtube.com/@nadirahmed4224Read my vision/mission statement at http://ReasonedAnswers.comSupport me on Patreon: https://www.patreon.com/ReasonedAnswers or SubscribeStar: https://www.subscribestar.com/reasoned-answersFollow on Twitter: https://twitter.com/ReasonedAnswersLike on Facebook: https://www.facebook.com/pg/ReasonedAnswers/Feel free to email with any questions: thaddeus@reasonedanswers.com #QuranScience #ReasonsToRevert #NadirAhmed—-The video is licensed under the Create Commons Attribution-ShareAlike 4.0 (CC BY-SA 4.0) license. You may freely share and modify this video however you see fit provided you 1) give credit by linking back to the original and 2) release any modifications under the same license. Full legal details can be found at: https://creativecommons.org/licenses/by-sa/4.0/
Conservatives take aim at tenure for university professors
In several red states around the country, conservative officials say it’s time to reconsider tenure for university professors.
Edo kidnap: ‘Gunmen demanded N620m for abductees’ – Punch Newspapers
Edo kidnap: ‘Gunmen demanded N620m for abductees’ Punch NewspapersGunmen kidnap 32 people from southern Nigeria train station • FRANCE 24 English FRANCE 24 EnglishSouthern Nigeria gunman abducts passengers at train station &n…