Mastodon

kingthorin_rmThe <a href="https://infosec.exchange/@zaproxy" class="u-url mention" rel="nofollow noopener" target="_blank">@zaproxy</a> team did some stuff in March 😎 You can get the details here:<a href="https://www.zaproxy.org/blog/2025-04-02-zap-updates-march-2025/" rel="nofollow noopener" translate="no" target="_blank">https://www.zaproxy.org/blog/2025-04-02-zap-updates-march-2025/</a><a href="https://infosec.exchange/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/WebAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAppSec</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a>

codenteamEven the strongest buildings (The ones that our guy John from last week build) face real-world threats—earthquakes, storms, or even intruders. That's why we stress-test them. In software, DAST simulates live attacks against your running application, exposing weaknesses before real attackers do. Because security isn’t just about strong materials or design—it’s about surviving the real world. Attack before you get attacked. <a href="https://mastodon.social/tags/DAST" class="mention hashtag" rel="tag">#DAST</a> <a href="https://mastodon.social/tags/AppSec" class="mention hashtag" rel="tag">#AppSec</a>

kingthorin_rmGiant set of <a href="https://infosec.exchange/tags/zaproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#zaproxy</a> add-on releases this morning. Including many fixes and improvements.<a href="https://infosec.exchange/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/WebAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAppSec</a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/WebAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAppSec</a>

Martin TodorovHere's my latest article on Medium titled "Why You Need To Bake Security Into Your CI/CD Pipelines".I hope you find it interesting! :)<a href="https://mastodon.social/tags/blackduck" class="mention hashtag" rel="tag">#blackduck</a> <a href="https://mastodon.social/tags/cicd" class="mention hashtag" rel="tag">#cicd</a> <a href="https://mastodon.social/tags/cyberark" class="mention hashtag" rel="tag">#cyberark</a> <a href="https://mastodon.social/tags/dast" class="mention hashtag" rel="tag">#dast</a> <a href="https://mastodon.social/tags/devops" class="mention hashtag" rel="tag">#devops</a> <a href="https://mastodon.social/tags/devsecops" class="mention hashtag" rel="tag">#devsecops</a> <a href="https://mastodon.social/tags/github" class="mention hashtag" rel="tag">#github</a> <a href="https://mastodon.social/tags/hashicorp" class="mention hashtag" rel="tag">#hashicorp</a> <a href="https://mastodon.social/tags/hashicorpvault" class="mention hashtag" rel="tag">#hashicorpvault</a> <a href="https://mastodon.social/tags/iac" class="mention hashtag" rel="tag">#iac</a> <a href="https://mastodon.social/tags/mendio" class="mention hashtag" rel="tag">#mendio</a> <a href="https://mastodon.social/tags/sast" class="mention hashtag" rel="tag">#sast</a> <a href="https://mastodon.social/tags/sca" class="mention hashtag" rel="tag">#sca</a> <a href="https://mastodon.social/tags/terraform" class="mention hashtag" rel="tag">#terraform</a> <a href="https://mastodon.social/tags/vault" class="mention hashtag" rel="tag">#vault</a> <a href="https://mastodon.social/tags/vcs" class="mention hashtag" rel="tag">#vcs</a><a href="https://medium.com/devops-by-nature/why-you-need-to-bake-security-into-your-ci-cd-pipelines-7c53a32d5c4d?sk=fe8f572583f8d49f192cf84644686db3" target="_blank" rel="nofollow noopener" translate="no">https://medium.com/devops-by-nature/why-you-need-to-bake-security-into-your-ci-cd-pipelines-7c53a32d5c4d?sk=fe8f572583f8d49f192cf84644686db3</a>

Manuel BisseyHave you ever tested Dynamic Application Security Testing <a href="https://cyberplace.social/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> part of Microsoft's Azure Edge & Platform? It can help you secure thousands of APIs, addressing challenges in endpoint discovery, authentication, and orchestration🛡️🔐 <a href="https://cyberplace.social/tags/becybersmart" class="mention hashtag" rel="nofollow noopener" target="_blank">#becybersmart</a><a href="https://msrc.microsoft.com/blog/2025/01/scaling-dynamic-application-security-testing-dast/" rel="nofollow noopener" translate="no" target="_blank">https://msrc.microsoft.com/blog/2025/01/scaling-dynamic-application-security-testing-dast/</a>

kingthorin_rmAccording to my VM update this morning <a href="https://infosec.exchange/@zaproxy" class="u-url mention" rel="nofollow noopener" target="_blank">@zaproxy</a> 2.16.0 is now available on <a href="https://infosec.exchange/@kalilinux" class="u-url mention" rel="nofollow noopener" target="_blank">@kalilinux</a> <a href="https://infosec.exchange/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> <a href="https://infosec.exchange/tags/PenTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTest</a> <a href="https://infosec.exchange/tags/WebAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAppSec</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeam</a> <a href="https://infosec.exchange/tags/PurpleTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#PurpleTeam</a>

TechSplicer🛡️ Security Scanner for Web Applications 🔒 Privacy-First Security Analysis 👩‍💻 Built by Developers, for Developers Try it now: <a href="https://webscan.dev" target="_blank" rel="nofollow noopener" translate="no">https://webscan.dev</a><a href="https://mastodon.social/tags/SecurityTools" class="mention hashtag" rel="tag">#SecurityTools</a> <a href="https://mastodon.social/tags/WebSec" class="mention hashtag" rel="tag">#WebSec</a> <a href="https://mastodon.social/tags/DAST" class="mention hashtag" rel="tag">#DAST</a>

HabrБазовая настройка SAST и DAST для django в gitlab cicd: как быстро внедрить решения по безопасностиПривет, меня зовут Егор и я Tech Lead в компании ИдаПроджект :) Занимаюсь стратегией, процессами и командами в направлении backend разработки. Сегодня расскажу вам о базовой настройке SAST и DAST для django в gitlab cicd. В разработке использование SAST (Static Application Security Testing) и DAST (Dynamic Application Security Testing) в последние годы стало уже стандартом. На эту тему есть уже довольно много материала на habr, но я хочу сконцентрироваться на быстром и базовом внедрении решения по безопасности в следующий стек технологий: Infrastructure: Docker, Docker Compose, GitLab, GitLab CI/CD Backend: Python, Django с использованием Poetry Frontend: Vue.js, Nuxt.js Погнали!<a href="https://habr.com/ru/companies/idaproject/articles/868060/" rel="nofollow noopener" translate="no" target="_blank">https://habr.com/ru/companies/idaproject/articles/868060/</a><a href="https://zhub.link/tags/sast" class="mention hashtag" rel="nofollow noopener" target="_blank">#sast</a> <a href="https://zhub.link/tags/dast" class="mention hashtag" rel="nofollow noopener" target="_blank">#dast</a> <a href="https://zhub.link/tags/django" class="mention hashtag" rel="nofollow noopener" target="_blank">#django</a> <a href="https://zhub.link/tags/gitlab" class="mention hashtag" rel="nofollow noopener" target="_blank">#gitlab</a>

HabrСмешивать, но не взбалтывать. Как мы добавили Sec между Dev и OpsПривет, Хабр! Меня зовут Натали Дуботолкова, я старший инженер по разработке безопасного программного обеспечения в Basis. Хочу рассказать о том, как мы задумались над интеграцией работы безопасников непосредственно в процесс разработки и к чему это привело, а также о том, какие методы и инструменты использовали в ходе интеграции и используем сейчас.<a href="https://habr.com/ru/companies/basis/articles/869648/" rel="nofollow noopener" translate="no" target="_blank">https://habr.com/ru/companies/basis/articles/869648/</a><a href="https://zhub.link/tags/devops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devops</a> <a href="https://zhub.link/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> <a href="https://zhub.link/tags/%D0%BF%D0%BE%D0%B8%D1%81%D0%BA_%D1%83%D1%8F%D0%B7%D0%B2%D0%B8%D0%BC%D0%BE%D1%81%D1%82%D0%B5%D0%B9" class="mention hashtag" rel="nofollow noopener" target="_blank">#поиск_уязвимостей</a> <a href="https://zhub.link/tags/%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%B0%D1%8F_%D1%80%D0%B0%D0%B7%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B0" class="mention hashtag" rel="nofollow noopener" target="_blank">#безопасная_разработка</a> <a href="https://zhub.link/tags/%D0%B8%D0%BD%D1%81%D1%82%D1%80%D1%83%D0%BC%D0%B5%D0%BD%D1%82%D1%8B_%D1%82%D0%B5%D1%81%D1%82%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D1%8F" class="mention hashtag" rel="nofollow noopener" target="_blank">#инструменты_тестирования</a> <a href="https://zhub.link/tags/sast" class="mention hashtag" rel="nofollow noopener" target="_blank">#sast</a> <a href="https://zhub.link/tags/dast" class="mention hashtag" rel="nofollow noopener" target="_blank">#dast</a> <a href="https://zhub.link/tags/fuzzing" class="mention hashtag" rel="nofollow noopener" target="_blank">#fuzzing</a> <a href="https://zhub.link/tags/%D0%BA%D0%BE%D0%BD%D1%82%D0%B5%D0%B9%D0%BD%D0%B5%D1%80%D1%8B" class="mention hashtag" rel="nofollow noopener" target="_blank">#контейнеры</a>

Tech Cybersecurity NieuwsMindgard beschermt bedrijven tegen ai-bedreigingen met innovatieve benadering <a href="https://www.trendingtech.news/trending-news/2024/12/50288/mindgard-beschermt-bedrijven-tegen-ai-bedreigingen-met-innovatieve-benadering" rel="nofollow noopener" translate="no" target="_blank">https://www.trendingtech.news/trending-news/2024/12/50288/mindgard-beschermt-bedrijven-tegen-ai-bedreigingen-met-innovatieve-benadering</a> <a href="https://mastodon.nl/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a>-beveiliging <a href="https://mastodon.nl/tags/Mindgard" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mindgard</a> <a href="https://mastodon.nl/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a>-AI <a href="https://mastodon.nl/tags/Lancaster" class="mention hashtag" rel="nofollow noopener" target="_blank">#Lancaster</a> University <a href="https://mastodon.nl/tags/financieringsronde" class="mention hashtag" rel="nofollow noopener" target="_blank">#financieringsronde</a> <a href="https://mastodon.nl/tags/Trending" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trending</a> <a href="https://mastodon.nl/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://mastodon.nl/tags/Nieuws" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nieuws</a>

kingthorin_rm<a href="https://infosec.exchange/tags/WebAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAppSec</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> <a href="https://infosec.exchange/tags/PenTest" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTest</a> <a href="https://infosec.exchange/tags/PurpleTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#PurpleTeam</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/zaproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#zaproxy</a>

kingthorin_rm<a href="https://www.zaproxy.org/blog/2024-11-11-powering-up-dast-with-zap-and-noir/" rel="nofollow noopener" translate="no" target="_blank">https://www.zaproxy.org/blog/2024-11-11-powering-up-dast-with-zap-and-noir/</a><a href="https://infosec.exchange/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> <a href="https://infosec.exchange/tags/zaproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#zaproxy</a>

ZAPWe have restarted the ZAP monthly blog posts: <a href="https://www.zaproxy.org/blog/2024-11-01-zap-updates-october-2024/" rel="nofollow noopener" translate="no" target="_blank">https://www.zaproxy.org/blog/2024-11-01-zap-updates-october-2024/</a> <a href="https://infosec.exchange/tags/zaproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#zaproxy</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/dast" class="mention hashtag" rel="nofollow noopener" target="_blank">#dast</a>

kingthorin_rmGet the latest on <a href="https://infosec.exchange/@zaproxy" class="u-url mention" rel="nofollow noopener" target="_blank">@zaproxy</a>'s future from <a href="https://infosec.exchange/@psiinon" class="u-url mention" rel="nofollow noopener" target="_blank">@psiinon</a> & Ori Bendet via <a href="https://bird.makeup/users/scmagazine" class="u-url mention" rel="nofollow noopener" target="_blank">@scmagazine</a> and Application Security Weekly podcast <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/WebAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAppSec</a> <a href="https://infosec.exchange/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> <a href="https://infosec.exchange/tags/PenTesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#PenTesting</a> <a href="https://infosec.exchange/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener" target="_blank">#DevSecOps</a> <a href="https://infosec.exchange/tags/RedTeam" class="mention hashtag" rel="nofollow noopener" target="_blank">#RedTeam</a><a href="https://www.scworld.com/podcast-segment/13268-the-future-of-zed-attack-proxy-simon-bennetts-ori-bendet-asw-302" rel="nofollow noopener" translate="no" target="_blank">https://www.scworld.com/podcast-segment/13268-the-future-of-zed-attack-proxy-simon-bennetts-ori-bendet-asw-302</a>

HabrВнедряем DevSecOps в процесс разработки. Часть 4. Этап Test-time Checks, обзор инструментовПривет! На связи Олег Казаков из Spectr . В предыдущей части статьи я рассказал о контроле безопасности артефактов сборки в процессе проверки на безопасность. Сегодня поговорим о следующем этапе DevSecOps — Test-time Checks. Узнать больше про DevSecOps<a href="https://habr.com/ru/companies/spectr/articles/836004/" rel="nofollow noopener" translate="no" target="_blank">https://habr.com/ru/companies/spectr/articles/836004/</a><a href="https://zhub.link/tags/devsecops" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops</a> <a href="https://zhub.link/tags/devsecops_services" class="mention hashtag" rel="nofollow noopener" target="_blank">#devsecops_services</a> <a href="https://zhub.link/tags/dast" class="mention hashtag" rel="nofollow noopener" target="_blank">#dast</a> <a href="https://zhub.link/tags/owasp_zap" class="mention hashtag" rel="nofollow noopener" target="_blank">#owasp_zap</a> <a href="https://zhub.link/tags/owasp" class="mention hashtag" rel="nofollow noopener" target="_blank">#owasp</a>

HabrРеализация сервиса сканирования на основе OWASP ZAPДля защиты цифровых активов организаций важно оперативно выявлять и устранять уязвимости. Инструменты оценки уязвимостей автоматизируют этот процесс, позволяя эффективно находить слабые места в системах и приложениях. Привет! Меня зовут Никита, я занимаюсь информационной безопасностью в RuStore. Сегодня расскажу о том, как мы создали свой сервис сканирования уязвимостей на базе OWASP ZAP, с какими трудностями столкнулись и какие подходы применили для их решения.<a href="https://habr.com/ru/companies/vk/articles/829030/" rel="nofollow noopener" translate="no" target="_blank">https://habr.com/ru/companies/vk/articles/829030/</a><a href="https://zhub.link/tags/zap" class="mention hashtag" rel="nofollow noopener" target="_blank">#zap</a> <a href="https://zhub.link/tags/dast" class="mention hashtag" rel="nofollow noopener" target="_blank">#dast</a> <a href="https://zhub.link/tags/%D1%81%D0%BA%D0%B0%D0%BD%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5_%D1%83%D1%8F%D0%B7%D0%B2%D0%B8%D0%BC%D0%BE%D1%81%D1%82%D0%B5%D0%B9" class="mention hashtag" rel="nofollow noopener" target="_blank">#сканирование_уязвимостей</a> <a href="https://zhub.link/tags/%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%BE%D1%81%D1%82%D1%8C" class="mention hashtag" rel="nofollow noopener" target="_blank">#безопасность</a> <a href="https://zhub.link/tags/%D0%B1%D0%B5%D0%B7%D0%BE%D0%BF%D0%B0%D1%81%D0%BD%D0%B0%D1%8F_%D1%80%D0%B0%D0%B7%D1%80%D0%B0%D0%B1%D0%BE%D1%82%D0%BA%D0%B0" class="mention hashtag" rel="nofollow noopener" target="_blank">#безопасная_разработка</a> <a href="https://zhub.link/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://zhub.link/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://zhub.link/tags/application_security" class="mention hashtag" rel="nofollow noopener" target="_blank">#application_security</a> <a href="https://zhub.link/tags/%D0%B4%D0%B8%D0%BD%D0%B0%D0%BC%D0%B8%D1%87%D0%B5%D1%81%D0%BA%D0%B8%D0%B9_%D0%B0%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7" class="mention hashtag" rel="nofollow noopener" target="_blank">#динамический_анализ</a>

ZAPDo you use DAST from one of the many companies which build on top of ZAP but do not support us? Please encourage them to support us now! <a href="https://www.zaproxy.org/third-party-services/" rel="nofollow noopener" translate="no" target="_blank">https://www.zaproxy.org/third-party-services/</a> <a href="https://infosec.exchange/tags/zaproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#zaproxy</a> <a href="https://infosec.exchange/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> <a href="https://infosec.exchange/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a>

kingthorin_rmNew <a href="https://infosec.exchange/@zaproxy" class="u-url mention" rel="nofollow noopener" target="_blank">@zaproxy</a> community tip provided by yours truly (hit the GitHub link below).<a href="https://infosec.exchange/tags/zaproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#zaproxy</a> <a href="https://infosec.exchange/tags/DAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#DAST</a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#AppSec</a> <a href="https://infosec.exchange/tags/WebAppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#WebAppSec</a><a href="https://github.com/zaproxy/community-scripts/tree/main/other/tips/selenium/edge" rel="nofollow noopener" translate="no" target="_blank">https://github.com/zaproxy/community-scripts/tree/main/other/tips/selenium/edge</a>

CSIDB.netA short guide on CNAPP: <a href="https://www.csidb.net/blog/post/12/" rel="nofollow noopener" translate="no" target="_blank">https://www.csidb.net/blog/post/12/</a><a href="https://infosec.exchange/tags/cnapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#cnapp</a> <a href="https://infosec.exchange/tags/ciem" class="mention hashtag" rel="nofollow noopener" target="_blank">#ciem</a> <a href="https://infosec.exchange/tags/cspm" class="mention hashtag" rel="nofollow noopener" target="_blank">#cspm</a> <a href="https://infosec.exchange/tags/sast" class="mention hashtag" rel="nofollow noopener" target="_blank">#sast</a> <a href="https://infosec.exchange/tags/dast" class="mention hashtag" rel="nofollow noopener" target="_blank">#dast</a>

ZAPZAP 2.15.0 is now available! Read all about it: <a href="https://www.zaproxy.org/blog/2024-05-07-zap-2-15-0/" rel="nofollow noopener" translate="no" target="_blank">https://www.zaproxy.org/blog/2024-05-07-zap-2-15-0/</a> <a href="https://infosec.exchange/tags/zaproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#zaproxy</a> <a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#appsec</a> <a href="https://infosec.exchange/tags/dast" class="mention hashtag" rel="nofollow noopener" target="_blank">#dast</a>

Recent searches

Search options

Administered by:

Server stats:

#DAST