Thursday, November 28, 2024

Invicti's Web Application Security Blog Updates for 28 Nov 2024

View this email in your browser

Weekly Update – 28 Nov 2024


CWE Top 25 for 2024: XSS, SQLi, buffer overflows top the list


The 2024 CWE Top 25 is a list of the most dangerous software weaknesses that resulted in reported high-severity vulnerabilities in the period of mid-2023 to mid-2024. Despite some methodology changes since 2023, the same weaknesses still occupy the top three spots: cross-site scripting (XSS), buffer overflows, and SQL injection. Let's look at how the CWE Top 25 is compiled, what has changed since last year, and what the practical takeaways are for ensuring software security.

The post CWE Top 25 for 2024: XSS, SQLi, buffer overflows top the list appeared first on Invicti.


 

Brainstorm tool release: Optimizing web fuzzing with local LLMs


This article introduces brainstorm: a smarter web fuzzing tool that combines local LLM models and ffuf to optimize directory and file discovery.

The post Brainstorm tool release: Optimizing web fuzzing with local LLMs appeared first on Invicti.


 

How to prevent SQL injection


Despite being one of the oldest known web application attacks, SQL injections continue to feature in data breach headlines, from MOVEit Transfer to Zendesk and beyond. This article discusses ways of preventing SQL injection vulnerabilities to make sure incoming attack payloads can't get a foothold in your systems.

The post How to prevent SQL injection appeared first on Invicti.


 

More Recent Articles

How the BEAST attack works: Reading encrypted data without decryption
System prompt exposure: How AI image generators may leak sensitive instructions
Doubling down on components: SCA and Container Security on the Invicti platform
Cache bypass techniques for time-based SQL injection
Invicti Security Appoints Kevin Gallagher as President
Twitter
Facebook
LinkedIn
Website
Copyright © 2024 Invicti, All rights reserved.
You are receiving this email because you opted in as a Blog Subscribers.

                                                                        Invicti Security Corp
1000 N Lamar Blvd Suite 300, Austin, TX 78703, United States

Want to change how you receive these emails?
You can update your preferences or unsubscribe from this list

No comments:

Post a Comment

ILS NYC 2025: Early Bird rate ends in one week

The conference will be held on February 7th 2025 and we expect around 400 attendees, so register soon to attend ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ...