ircmaxell's Blog
0
Free
Wiring a Home Network Last year, my partner and I moved into a new (to us) house. One of the first things I needed to get done was to get our home network setup as we both were (still are) working from home due to COVID-19. This post will explore some of that process, some of the decisions I made along the way, what I learned, and some details on the end setup. Networking Wiring IT Home A PHP Compiler, aka The FFI Rabbit Hole It’s no secret that I’m into building toy compilers and programming languages. Today I’m introducing something that’s not a toy (I hope). Today, I’m introducing php-compiler (among many other projects). My hope is that these projects will grow from experimental status into fully production ready systems. PHP HHVM Open Source Compiler libjit libgccjit llvm Optimization Performance Recki-CT Protecting Against XSS In RAILS - JavaScript Contexts Recently my team was working to implement Brakeman in our CI processes to automatically scan our codebase for security vulnerabilities. Among a few other issues, it identified a handful of similar XSS vulnerabilities of a similar pattern: <script type="text/javascript"> var FOO = "<%= raw whatever %>"; ReactDOM.render(<Blah foo={window.FOO} />, document.getElementById('some_place')); </script> This is a pretty straight forward vulnerability, since passing untrusted data to a JavaScript context can lead to XSS.
FEATURES
The author has not provided features for this tool yet. If you are the author, please sign in or claim the tool to add features by clicking the icon above.
ALTERNATIVES
A cybersecurity news platform providing updates on threats, vulnerabilities, and breaches.
Free
Sysreptor offers a customizable reporting solution for penetration testing and red teaming.
Free
Sysreptor offers a customizable reporting solution for offensive security assessments.
Free
A subscription-based service offering ad-free access to cybersecurity news, podcasts, briefings, articles, and events.
Free
Sysreptor offers a customizable reporting solution for pentesters and red teamers to enhance security documentation.
Free
Infosec Resources provides extensive cybersecurity training and certifications to boost cybersecurity skills and careers.
Free
A technology-focused blog discussing innovations in painting and the importance of expert painters.
Free
Sysreptor provides a customizable security reporting solution for penetration testers and red teamers.
Free
PINNED
InfoSecHired
An AI-powered career platform that automates the creation of cybersecurity job application materials and provides company-specific insights for job seekers.
Commercial
Resources
Fabric Platform by BlackStork
Fabric Platform is a cybersecurity reporting solution that automates and standardizes report generation, offering a private-cloud platform, open-source tools, and community-supported templates.
Free
Security Operations
Mandos Brief Newsletter
Stay ahead in cybersecurity. Get the week's top cybersecurity news and insights in 8 minutes or less.
Free
Blogs and News
Wiz
Wiz Cloud Security Platform is a cloud-native security platform that enables security, dev, and devops to work together in a self-service model, detecting and preventing cloud security threats in real-time.
Commercial
Cloud Security
RoboShadow
A cybersecurity platform that offers vulnerability scanning, Windows Defender and 3rd party AV management, and MFA compliance reporting, among other features.
Commercial
Vulnerability Management
Adversa AI
Adversa AI is a cybersecurity company that provides solutions for securing and hardening machine learning, artificial intelligence, and large language models against adversarial attacks, privacy issues, and safety incidents across various industries.
Commercial
AI Security