Reiners
@FluxReiners
Followers
3K
Following
622
Media
9
Statuses
941
Web Application Security, RIPS Code Analysis https://t.co/gZGKueNEMn
Joined May 2010
๐โ ๏ธ Data in danger! We found an XSS vulnerability in Grafana with the help of SonarQube. Learn about the details in our latest blog post: https://t.co/CJf1flodpw
#appsec #security #vulnerability
sonarsource.com
Learn how SonarQube detected a Cross-Site Scripting (XSS) vulnerability in Grafana, a popular open-source data observability platform.
0
9
37
๐ Using polyglot file and RXSS to achieve one-click RCE on a Voyager instance. Read more about how SonarQube Cloud detected CVE-2024-55417 in our latest blog post: https://t.co/U9MfSxBuJI
#appsec #security #vulnerability
0
15
46
Exciting news! Sonar has entered a definitive agreement to acquire open source software supply chain security provider @Tidelift. Together, we'll work to enhance the security & resilience of open source. More: https://t.co/Yvoz5lR8sk
#devsecops #SLDC #SSDF #softwaresupplychain
0
4
11
CVE-2024-35219: Arbitrary File Read and Delete in OpenAPI Generator Check out our latest blog post, in which we explain how @SonarCloud unveiled the complex taint flow behind this critical vulnerability in OpenAPI Generator: https://t.co/hcVPdprq2c
#security #vulnerability
sonarsource.com
This blog post explains how taint analysis tracks all data flows in an applicationโs source code to unveil deeply hidden vulnerabilities and showcases a critical vulnerability in the OpenAPI Genera...
0
15
37
This talk was nothing short of amazing. The content and the delivery were both amazing.
Having trouble exploiting a file write vulnerability? Don't miss our @hexacon_fr talk to learn more about unconventional attack surfaces that can turn a file write into code execution โ even in hardened environments! We'll follow up with a related blog post later. #HEXACON2024
0
3
44
โ๏ธ Introducing AI Code Assurance and AI CodeFix for SonarQube and SonarCloud AI Code Assurance supports the safe and effective use of GenAI coding assistants while AI CodeFix leverages AI to generate resolutions for bugs with one click! Read here ๐ https://t.co/iH0oaxenhy
0
7
14
We won justCTF finals!!! ๐ฅณ๐ Thank you so much @justCatTheFish for the awesome event in Krakow. See you next year ๐๐
#justCTF24 finals ended! Congrats to the top 3 teams: ๐ฅ@fluxfingers ๐ฅ@ECSC_TeamFrance ๐ฅ@thehackerscrew1 31 teams captured 301 flags ๐ฅ Thanks to our sponsors: @trailofbits @osec_io @TechlandGames @Orange_Polska @burp_Suite @SECFORCE_LTD @HexRaysSA @intigriti @Artixen1 ๐
2
9
62
A shoutout to @Sonar_Research for this awesome visualizer. @4ng3lhacker and I used it extensively during our @BugBountyDEFCON workshop on Sunday when we discussed UTF-8 decoding issues!
Have you ever had the feeling of not fully understanding how UTF-8 works? Take a look at our UTF-8 visualizer, which allows you to play around with UTF-8 on a bit level: https://t.co/I0URHMrSWq
1
6
18
Join us at OWASP SF for our talk, "Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail" to discover why client-side sanitization is crucial for a secure web. Can't make it? Stay tuned for our upcoming blog post. #OWASP #GlobalAppSecSanFran
0
8
28
Critical Roundcube XSS technical details: Desanitization, unsafe Content-Types, CSS exfiltration, and a Service Worker come together to persistently leak emails from a victim's browser. Read about it here: https://t.co/fOa2l0ujwV (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)
1
53
110
Join Paul Gerste of @Sonar_Research for a @defcon talk that explores smuggling attacks against database wire protocols! He will delve into the ongoing concern of SQL injections by demonstrating how attackers can inject entire (No)SQL statements into database connections.
0
9
33
Critical XSS in Roundcube webmailโ A victim only has to view a malicious email. As reported by @ESETresearch, APTs have exploited similar vulns in the past to steal government emails. Our announcement: https://t.co/fOa2l0ujwV (CVE-2024-42008, CVE-2024-42009, CVE-2024-42010)
0
24
99
In this blog, @Sonar_Research investigates some potential code issues behind the recent CrowdStrike outage, highlighting that while security is highly prioritized, reliability and maintainability issues are frequently overlooked Full story ๐ https://t.co/SHj1vSOgE9
0
5
8
๐ฅ XSS on any website with missing charset information? ๐ณ Attackers may leverage the ISO-2022-JP character encoding to inject arbitrary JavaScript code into a website. Read more in our latest blog post: https://t.co/Ji3V0fK5b6
#appsec #security #vulnerability
7
210
617
โ ๏ธ Unpatched RCE vulnerabilities in Gogs โ ๏ธ We discovered 4 critical vulnerabilities in the code hosting solution Gogs! Read the details and learn how to protect yourself: https://t.co/E3GBT05ZWH
#appsec #security #vulnerability #golang
sonarsource.com
We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.
0
16
44
๐๏ธ From File Delete to RCE ๐ฅ In part 2 of our Gogs series, we revisit how attackers can use weak primitives for a big impact! These vulnerabilities are still unpatched; don't miss the details: https://t.co/hO831jShTG
#appsec #security #vulnerability #golang
sonarsource.com
Learn about critical code vulnerabilities we discovered in Gogs, a source code hosting solution. This follow-up covers how less severe flaws can still have a critical impact.
0
13
38
SQLi via... binary protocol smuggling?! This upcoming #defcon32 talk from @pspaul95 & @Sonar_Research sounds awesome! https://t.co/wW018bxT6t
9
82
487
๐ฎRe-moo-te Code Execution in mailcow! Dive into our analysis of two vulnerabilities we found in the mail suite mailcow. Learn how attackers can go from XSS to RCE, and why it's important to sanitize your error messages: https://t.co/V8XXvkmGpK
#appsec #security #vulnerability
sonarsource.com
Our research team discovered two vulnerabilities in mailcow, an email server solution. Attackers could compromise an instance, impersonate users, and steal emails.
1
23
53
Since I'm 6 drinks in for 20 bucks, let me tell you all about the story of how the first Microsoft Office 2007 vulnerability was discovered, or how it wasn't. This was a story I was gonna save for a book but fuck it, I ain't gonna write it anyways.
246
2K
25K
As models are advanced, we must continue to not stoke fear: AI that is not sentient cannot replace human creativity. It can only help deliver it. We are in the age of Copilots, not commanders. And we will be for some time.
6
15
89