Search
703 results for “owasp_juiceshop”
-
[🤖] Enjoy 10% off all our juicy products with this #coupon code: o*I]qhz3Tq (valid until 2026-05-31)
-
[🤖] Enjoy 40% off all our juicy products with this #coupon code: k#pDmhz3:t (valid until 2026-04-30)
-
[🤖] Save 20% during your next shopping frenzy with #coupon code: o*IVjhz3Wr (expires 2026-03-31)
-
[🤖] 20% off!?! We must be crazy! Use our #coupon code before we come to our senses: mNYT0hz3Wr (valid until 2026-02-28)
-
We just released v11.0.0 of our CTF Extension tool!
https://github.com/juice-shop/juice-shop-ctf/releases/tag/v11.0.0
It fixes a few smaller bugs, adds support for multiple flag keys (on #CTFd only) and shifts the supported #NodeJS versions from 16-20 to 18-22
-
For the German OWASP Day in Leipzig on November 13 we're excited to announce the first round of speakers/ talks which the program committee determined yesterday.
* @freddy (builds security for the web as a security engineer and manager for Mozilla Firefox) will present "Modern solutions against Cross-Site Leaks (xs-leaks) and #CSRF"
* Shubham Agarwal will raise his voice against "Double-Edged Crime: How Browser Extension Fingerprinting Might Endanger Users and Extensions Alike"
* Nicolas Schickert, Ole Wagner and Matthias Göhring will tackle most companies problem child "#SAP from an Attacker’s Perspective – Common Vulnerabilities and Pitfalls"
* @bkimminich is celebrating the "OWASP Juice Shop 10th anniversary" . There'll be also a Juice Shop training on the 12th!
* While Dr. Daniel Fett will be talking about "How (Not) to Use OAuth in 2024", Kristina Yasuda will tell you "The Crucial Role of Web Protocols and Standards in Digital Wallet Ecosystems" (EUDI Wallet)
* @TimPhSchaefers will demystify #NIS2 and hopefully #NIS2UmsuCG
* Stephan Pinto Spindler will share his experiences wrt "Network Fingerprinting for Securing User Accounts"
* Thomas Barber will give us a short insights into project #foxhound, a taint tracking project using a patched firefox .
More to announced soon! Expect more excellent topics to be announced during the next days!
-
I was today years old when I learned #burpsuite runs their own version of #owasp juice shop called #ginandjuice - complete with a ton of easter eggs :awesome:
And now I can't get the song out of my head ...
-
⚡ Bug Bounty Hunting with AI Agents!
At #BaselOne25, David Uebelacker (Software Engineer at nag informatik ag) live-codes how LLMs & AI tools can automate bug bounty hunting. Expect demos with OWASP Juice Shop & hacker-style curiosity 🤖💻
📅 Oct 16 | Markthalle Basel
🎟️ Tickets: https://eventfrog.ch/BaselOne2025
👉 Program feat. @hannotify, @kevindubois , @SimonMartinelli: https://baselone.org/en/baselone-home/#schedule
-
Некоторые аспекты позитивной и негативной моделей платформы «Вебмониторэкс»
Каждый новый специалист нашей практики Защиты приложений проходит нечто среднее между посвящением и стажировкой. Обычно в рамках задачи нужно развернуть уязвимое приложение, WAF одного из наших фокусных партнеров, а потом найти конкретную уязвимость, проэксплуатировать ее, посмотреть что видно на WAF в режиме мониторинга, а затем настроить WAF, чтобы он начал обнаруживать и блокировать данную уязвимость. Конечно, уязвимости при этом выбираются не такие, чтобы сразу по сигнатуре можно было бы ее обнаружить. В этой статье младший системный инженер “К2 Кибербезопасность” Даниил Золотарев поделится задачей, которая выпала ему. В ходе работы Даниилу пришлось защищать Juice Shop средствами платформы «Вебмониторэкс» и столкнуться с некоторыми аспектами негативной и позитивной моделей данного WAF. Далее мы рассмотрим примеры создания пользовательских правил, для блокировки атак Improper Input Validation (Неправильная проверка ввода). Таким образом наглядно продемонстрируем одну из ключевых возможностей WAF – закрытие дыр приложения в проде до фикса.
https://habr.com/ru/companies/k2tech/articles/809503/
#вебмониторэкс #waf #защита_приложений #juice_shop #кибербезопасность #тестирование_вебсервисов #web_security #тестирование_ит_систем #owasp
-
@Walker @jerry pls take with a couple grains of salt, maybe there is something where everybody can be happy - ads get a bad rap because they can go too far #breadcrumb trail #goldilocks
ok say i am running a mastodon instance focusing on info-sec and cyber security, i want to monetize via top10 lists and banner ads - a couple small banner ads and a link to maybe 10 top10 links. i need to sell product or consulting/pentests and am flexible - i want some importance placed on the instance but i also want to not forget about the generalized IT mkt. brainstorm for me the best top10 lists within the IT security mkt space and then also generate a fairly representative ad funnel - give me best 20 products and companies to monetize and link to and i will try to eek out 5-10 affiliate links out of that list. you can be rote and take time to think but generally i want the best products, mkt leaders, hardware and software plus it does not have to be about money - there could be some concentration or public service ads for awesome open source and even ai > add in a couple of free ads in every top 10 list generation or even more if they are top dogs in that mkt segment. the lists are subject to mods and tuning so just try to do best write up; include some long shots and outliers as you want mkt driven and targeted ads but you also want to foster and curate the community ip
ChatGPT said:Great mission — sounds like you’re building a mix of a professional resource hub, niche social network, and ethical monetization model. Below is a detailed brainstorm divided into two parts:
🔟 Top 10 Lists for the Infosec & IT MarketThese lists are designed to be engaging, monetizable, and community-building. Each list includes a mix of commercial, open-source, and potential affiliate-friendly items.
1. Top 10 Endpoint Security Tools (EDR/AV/XDR)CrowdStrike Falcon 🟢
SentinelOne 🟢
Microsoft Defender for Endpoint
Sophos Intercept X 🟢
Bitdefender GravityZone 🟢
ESET Protect
Malwarebytes for Business
Cisco Secure Endpoint
Fortinet FortiEDR
Free/Open Source: OSSEC / Wazuh2. Top 10 SIEM and Threat Detection Platforms
Splunk Enterprise Security 🟢
IBM QRadar 🟢
Elastic Security
Microsoft Sentinel
Sumo Logic
Exabeam
LogRhythm
Devo
ArcSight
Free/Open Source: Security Onion / ELK Stack3. Top 10 Cybersecurity Certifications
CISSP 🟢
OSCP 🟢
CEH
CompTIA Security+
CISM
GIAC (GSEC, GCIH, etc.)
AWS Security Specialty
Azure Security Engineer Associate
Certified Cloud Security Professional (CCSP)
Free Option: TryHackMe / Hack The Box4. Top 10 Tools for Pentesters and Red Teamers
Kali Linux 🟢
Metasploit Framework
Nmap
Burp Suite (Community + Pro) 🟢
Cobalt Strike
BloodHound
CrackMapExec
Empire / Sliver
Nessus 🟢
Free Option: ParrotSec OS5. Top 10 Open Source Cybersecurity Projects
Suricata
Zeek
TheHive Project
MISP
OpenVAS / Greenbone
Wireshark
YARA
OpenCTI
Velociraptor
Sigma Rules (Security detection rules framework)6. Top 10 Home Lab Setups for Aspiring Cyber Pros
Proxmox VE 🟢
pfSense / OPNsense
Kali + Windows Domain (AD Lab)
Security Onion VM
Dockerized Vulnerable Web Apps (DVWA, Juice Shop)
ELK Stack SIEM
GNS3 or EVE-NG
TrueNAS
GitHub Copilot in VS Code for recon scripting
Free Options: FlareVM, DetectionLab7. Top 10 Secure Messaging and Collaboration Tools
Signal
Session (fully decentralized)
Element (Matrix) 🟢
Threema
Wire
Proton Mail + Calendar
Tutanota
Keybase
Skiff
Free/Open Source: Briar8. Top 10 Must-Follow Cybersecurity Blogs/Feeds/Instances
Krebs on Security
Schneier on Security
The DFIR Report
Hacker News / ycombinator
ThreatPost
BleepingComputer
Dark Reading
ZDI (Zero Day Initiative)
Malwarebytes Labs
Fediverse: Infosec.exchange / your own Mastodon instance9. Top 10 Small Business Security Products
Bitwarden Teams 🟢
1Password Business 🟢
Cloudflare Zero Trust
Proton for Business
Google Workspace + MDM
Microsoft Defender for Business
Synology NAS + Surveillance Station 🟢
Ubiquiti UniFi Security Gateway 🟢
JumpCloud
Free Option: Let's Encrypt + Certbot10. Top 10 Free Cybersecurity Learning Resources
TryHackMe (free tier)
Hack The Box
OWASP Top 10
MITRE ATT&CK Navigator
Cybersecurity & Infrastructure Security Agency (CISA)
Blue Team Labs Online
SANS Internet Storm Center
Cybrary (limited free)
Open Security Training
MIT OpenCourseWare – Computer Systems Security🔁 Monetization Funnel
🎯 Audience Targeting StrategyPrimary: Infosec practitioners, aspiring pentesters, home labbers, blue teamers
Secondary: General IT admins, SMBs, devs interested in app security, hobbyists🧲 Ad Funnel Flow
Entry Point
Social media snippets of top 10 lists
Fediverse-native polls ("Which EDR do you trust most?")
Mastodon hashtags + Threads on hot CVEs / BreachesClickthrough to Lists
Top 10 List Page with:
Brief overview
1–2 affiliate links per tool
1–2 “free tools we love” shoutouts
Banner ad (in-content or sidebar) to your consulting servicesSticky Offerings (Lead Capture)
Free 1-page PDF: "Home Lab Setup for Infosec Learning"
Email opt-in for a 3-day course: “Your First Pentest Lab”
Discord/Matrix link to a private communityConversion Paths
Affiliate Revenue: Tools & platforms linked from top 10s
Service Sales: Ads & links to your pentest/consulting offering
Direct Donations: Ko-fi / LiberaPay / Patreon
Public Service: Prominent free tool badges (goodwill/trust builder)🔗 Top 20 Products and Companies to Monetize or Feature (Affiliate/Paid Ad Potential)
🟢 Likely Affiliate or Partner ProgramsCrowdStrike
Bitdefender
Malwarebytes
1Password
Bitwarden
Ubiquiti (via Amazon or affiliates)
Synology
Tailscale
ExpressVPN / ProtonVPN
TryHackMe🟡 Direct/Corporate Partnership Potential
Vanta / Drata (compliance-as-a-service)
HackerOne / BugCrowd
Cloudflare Zero Trust
GitHub (Copilot via affiliate resellers)
Linode / DigitalOcean (for home labs, VPS setups)
Offensive Security (OSCP)
Fortinet / Cisco Secure
Elastic (commercial tier of Elastic Security)🔵 Must-Feature Free / OSS Tools (for street cred)
Wazuh
MISP / TheHive Project / OWASP projectsWould you like me to generate some sample top 10 post templates, or banner ad mockups for your instance to start testing visuals and layout ideas?
-
OWASP Ottawa
@owaspottawa.bsky.social
· 2m
🚨 OWASP Ottawa May 2026 Meetup - with Jainil Malaviya and Kira EvansKira will speak about the power of volunteering, building connections, and taking action with the Ada Sisterhood.
Jainil Malaviya how a malware analyst would approach the self-replicating worm called Shai-Hulud
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
📅 Date: May 20, 2026
⏰ Time: 6:00 PM EST - Arrival, networking, & pizza! 🍕
6:30 PM EST - Technical Talks#OWASP #Ottawa #Cybersecurity #Malware #InfoSec #AppSec #Tech
-
OWASP Ottawa
@owaspottawa.bsky.social
· 2m
🚨 OWASP Ottawa May 2026 Meetup - with Jainil Malaviya and Kira EvansKira will speak about the power of volunteering, building connections, and taking action with the Ada Sisterhood.
Jainil Malaviya how a malware analyst would approach the self-replicating worm called Shai-Hulud
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
📅 Date: May 20, 2026
⏰ Time: 6:00 PM EST - Arrival, networking, & pizza! 🍕
6:30 PM EST - Technical Talks#OWASP #Ottawa #Cybersecurity #Malware #InfoSec #AppSec #Tech
-
OWASP Ottawa
@owaspottawa.bsky.social
· 2m
🚨 OWASP Ottawa May 2026 Meetup - with Jainil Malaviya and Kira EvansKira will speak about the power of volunteering, building connections, and taking action with the Ada Sisterhood.
Jainil Malaviya how a malware analyst would approach the self-replicating worm called Shai-Hulud
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
📅 Date: May 20, 2026
⏰ Time: 6:00 PM EST - Arrival, networking, & pizza! 🍕
6:30 PM EST - Technical Talks#OWASP #Ottawa #Cybersecurity #Malware #InfoSec #AppSec #Tech
-
OWASP Ottawa
@owaspottawa.bsky.social
· 2m
🚨 OWASP Ottawa May 2026 Meetup - with Jainil Malaviya and Kira EvansKira will speak about the power of volunteering, building connections, and taking action with the Ada Sisterhood.
Jainil Malaviya how a malware analyst would approach the self-replicating worm called Shai-Hulud
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
📅 Date: May 20, 2026
⏰ Time: 6:00 PM EST - Arrival, networking, & pizza! 🍕
6:30 PM EST - Technical Talks#OWASP #Ottawa #Cybersecurity #Malware #InfoSec #AppSec #Tech
-
OWASP Ottawa
@owaspottawa.bsky.social
· 2m
🚨 OWASP Ottawa May 2026 Meetup - with Jainil Malaviya and Kira EvansKira will speak about the power of volunteering, building connections, and taking action with the Ada Sisterhood.
Jainil Malaviya how a malware analyst would approach the self-replicating worm called Shai-Hulud
📍 Location: 150 Louis-Pasteur Private, University of Ottawa, Room 117
📅 Date: May 20, 2026
⏰ Time: 6:00 PM EST - Arrival, networking, & pizza! 🍕
6:30 PM EST - Technical Talks#OWASP #Ottawa #Cybersecurity #Malware #InfoSec #AppSec #Tech
-
Join the #OWASP GenAI Security Project for a half-day summit in London at Infosecurity Europe 2026 on June 4th!
Register now and use promo code OWASP for a free pass:
👇
https://www.infosecurityeurope.com/en-gb/visit/owasp-gen-ai-security-summit.html -
Join the #OWASP GenAI Security Project for a half-day summit in London at Infosecurity Europe 2026 on June 4th!
Register now and use promo code OWASP for a free pass:
👇
https://www.infosecurityeurope.com/en-gb/visit/owasp-gen-ai-security-summit.html -
Join the #OWASP GenAI Security Project for a half-day summit in London at Infosecurity Europe 2026 on June 4th!
Register now and use promo code OWASP for a free pass:
👇
https://www.infosecurityeurope.com/en-gb/visit/owasp-gen-ai-security-summit.html -
Join the #OWASP GenAI Security Project for a half-day summit in London at Infosecurity Europe 2026 on June 4th!
Register now and use promo code OWASP for a free pass:
👇
https://www.infosecurityeurope.com/en-gb/visit/owasp-gen-ai-security-summit.html -
I’m so excited to be teaching at OWASP Global AppSec EU 2026 in Vienna, June 22–26!
I’m delivering a 1-day training: “API Security: Hands-On Secure API Design and Hardening.”
If you want practical, developer-friendly techniques you can use immediately, you’ll love this.Registration here: https://twp.ai/NTbMK7
More information on my session here: https://twp.ai/E6Grvz
-
I’m so excited to be teaching at OWASP Global AppSec EU 2026 in Vienna, June 22–26!
I’m delivering a 1-day training: “API Security: Hands-On Secure API Design and Hardening.”
If you want practical, developer-friendly techniques you can use immediately, you’ll love this.Registration here: https://twp.ai/NTbMK7
More information on my session here: https://twp.ai/E6Grvz
-
I’m so excited to be teaching at OWASP Global AppSec EU 2026 in Vienna, June 22–26!
I’m delivering a 1-day training: “API Security: Hands-On Secure API Design and Hardening.”
If you want practical, developer-friendly techniques you can use immediately, you’ll love this.Registration here: https://twp.ai/NTbMK7
More information on my session here: https://twp.ai/E6Grvz
-
I’m so excited to be teaching at OWASP Global AppSec EU 2026 in Vienna, June 22–26!
I’m delivering a 1-day training: “API Security: Hands-On Secure API Design and Hardening.”
If you want practical, developer-friendly techniques you can use immediately, you’ll love this.Registration here: https://twp.ai/NTbMK7
More information on my session here: https://twp.ai/E6Grvz
-
Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.
If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:
https://cybersecgames.com/pages/owasp-cornucopia-threat-modeling-collection
@owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec
2/2
-
Open source and free. Download print-ready files and play Cornucopia together, browse the cards online, or play games online with remote team members.
If you prefer, printed decks are available to purchase from a vendor as a dual-packaged Website App Edition x Companion Edition combination set:
https://cybersecgames.com/pages/owasp-cornucopia-threat-modeling-collection
@owasp #owasp #cornucopia #eop #stride #threatmodelling #devops #devopsec #appsec #infosec
2/2