Astra - Automated Security Testing For REST API's is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers or developers as an integral part of their process, so they can detect and patch vulnerabilities early during development cycle. Astra can automatically detect and test login & logout (Authentication API), so it's easy for anyone to integrate this into CICD pipeline. Astra can take API collection as an input so this can also be used for testing apis in standalone mode. SQL injection Cross site scripting Information Leakage Broken Authentication and session management CSRF (including Blind CSRF) Rate limit CORS misonfiguration (including CORS bypass techniques) JWT attack Coming soon XXE CSP misconfiguration Requirement Linux or MacOS Python 2.7 mongoDB Installation $ git clone https://github.com/flipkart-incubator/Astra $ cd Astra $ sudo pip install -r require...
المشاركات الشائعة من هذه المدونة
Intel Processors Now Allows Antivirus to Use Built-in GPUs for Malware Scanning Global chip-maker Intel on Tuesday announced two new technologies—Threat Detection Technology (TDT) and Security Essentials—that not only offer hardware-based built-in security features across Intel processors but also improve threat detection without compromising system performance. Intel's Threat Detection Technology (TDT) offers a new set of features that leverage hardware-level telemetry to help security products detect new classes of threats and exploits. It includes two main capabilities—Accelerated Memory Scanning and Advanced Platform Telemetry. Accelerated Memory Scanning allows antivirus programs to use Intel's integrated GPU to scan and detect memory-based malware attacks while reducing the impact on performance and power consumption. "Current scanning technologies can detect system memory-based cyber-attacks, but at...
hBlock - Improve Your Security And Privacy By Blocking Ads, Tracking And Malware Domains Improve your security and privacy by blocking ads, tracking and malware domains. What is this for? This POSIX-compliant shell script, designed for Unix-like systems, gets a list of domains that serve ads, tracking scripts and malware from multiple reputable sources and creates a hosts file that prevents your system from connecting to them. Is it safe to use? Absolutely, this script selects only the domain names for each source, so if a domain name is redirected to a rogue server your system will not be affected. In the worst scenario you can lose access to a legitimate domain name due a false positive, but you can reverse it by adding that domain to the whitelist. Installation curl -o /tmp/hblock 'https://raw.githubusercontent.com/zant95/hblock/v1.4.1/hblock' \ && echo '3da144b2f6cca9ab8e38ed06d05ca96f14ebe554b88eb29188...
تعليقات