Elar Lang
@elarlang
Followers
140
Following
75
Media
23
Statuses
95
Pentester, researcher, lecturer
Tallinn, Estonia
Joined July 2012
Also I have proposed related requirement on the topic to @OWASP_ASVS (not yet released v5.0, bleeding edge):.V3.4.6 Verify that cookie-based session tokens are only transferred in Set-Cookie and Cookie headers. but for Drupal the issue was a bit wider.
0
0
3
From July 2022, Drupal has released 9 Security Advisories for CORE, and I have caused 2 of them. Previously SA-CORE-2022-014, and now SA-CORE-2023-004:.
1
1
1
RT @clarifiedsec: After years of hearing questions like "Do you have any course that teaches how to make stuff more secure instead of only….
clarifiedsecurity.com
Service Hardening is a course about configuring services to reduce their attack surface
0
2
0
3
2
41
My keynote, called "Passion Driven Testing", for Nordic Testing Days 2022. I share my view on how to stay motivated. Contains some hacking demos. @nordictestdays #NTD2022
0
0
3
RT @OWASP_ASVS: Thanks to @clarifiedsec ( for being a Maintaining Supporter and allowing significant company time t….
0
5
0
Nordic Testing Days 2022 keynote "Passion Driven Testing", 2nd of June 9 AM. Get your laptop ready for the demo, see #PassionDrivenTesting #NTD #NTD2022 @nordictestdays
0
0
5
ASVS 5.0 in cooking.
The #OWASP ASVS project leaders are excited to announce our plan for the next major version of the standard. We are looking for your feedback NOW!. cc: @vanderaj @manicode @dcuthbert @JoshCGrossman @elarlang @owasp.
0
0
3
RT @OWASP_ASVS: ASVS 4.0.3 is now live! A huge thank you to @elarlang @JoshCGrossman @manicode @dcuthbert @owasped and countless other volu….
0
18
0
RT @clarifiedsec: Our team Catapult Sheep! 1st place @ CTF and 1st place @ scavenger hunt! #disobey2020
0
5
0
Enne kui nõuda, et parool peab olema pikk, peaks selle nõude ka lahti seletama. Hoopis olulisem on kasutajatele soovitada, et parool peab olema igas kasutatavas keskkonnas unikaalne. Parooli pikkus saab määravaks alles siis, kui midagi muud juba läks nihu.
Täna tähistame rahvusvahelise 112 päeva kõrval ka ühte digitaalset püha. Turvalise interneti päeva puhul võiksid viivu mõelda, kas su salasõna on piisavalt pikk? #küberturvalisus #cybersecurity
0
0
1
The @OWASP_ASVS 4.0 is done.
The @OWASP_ASVS 4.0 is done. Thank you to everyone who made it better, reviewed it, or contributed to it. We will be releasing it live on stage tomorrow at @nullcon. Thanks to @dcuthbert @manicode @JoshCGrossman @m8urnett and of course @owasp
0
0
2
CVE-2017-15715 - Apache HTTP Server - <FilesMatch> bypass with a trailing newline at the end of the file name. Full Disclosure in my blog
0
0
0
2 SQL injection vulnerabilities in dotCMS (CVE-2016-10007 and CVE-2016-10008 Full Disclosure).
0
0
0
Tested one piece of my Web Application Security training in different format - "Testing for XSS" @nordictestdays #NTD2017
0
0
0
