Groups
Conversations
All groups and messages
Send feedback to Google
Help
Training
Sign in
Groups
Technical - Application Security
Conversations
About
Technical - Application Security
Contact owners and managers
1–30 of 4032
Mark all as read
Report group
0 selected
Eyal Estrin
2:13 AM
Don't be like these 900+ websites and expose millions of passwords via Firebase
https://www.theregister.com/2024/03/18/google_firebase_cloud_security/ Eyal Estrin CISSP, CCSP, CISM,
unread,
Don't be like these 900+ websites and expose millions of passwords via Firebase
https://www.theregister.com/2024/03/18/google_firebase_cloud_security/ Eyal Estrin CISSP, CCSP, CISM,
2:13 AM
Eyal Estrin
Mar 18
NEW GOOGLE GEMINI CONTENT MANIPULATION VULNS FOUND - ATTACKERS CAN GAIN CONTROL OF USERS’ QUERIES AND LLM DATA OUTPUT - ENABLING PROFOUND MISUSE
https://hiddenlayer.com/research/new-google-gemini-content-manipulation-vulns-found/ Eyal Estrin
unread,
NEW GOOGLE GEMINI CONTENT MANIPULATION VULNS FOUND - ATTACKERS CAN GAIN CONTROL OF USERS’ QUERIES AND LLM DATA OUTPUT - ENABLING PROFOUND MISUSE
https://hiddenlayer.com/research/new-google-gemini-content-manipulation-vulns-found/ Eyal Estrin
Mar 18
Eyal Estrin
Mar 15
Vendoring: Why You Still Have Overlooked Security Holes
https://thenewstack.io/vendoring-why-you-still-have-overlooked-security-holes/ Eyal Estrin CISSP,
unread,
Vendoring: Why You Still Have Overlooked Security Holes
https://thenewstack.io/vendoring-why-you-still-have-overlooked-security-holes/ Eyal Estrin CISSP,
Mar 15
Eyal Estrin
Mar 15
The Economics of API Attacks and How Developers Can Stop Them
https://thenewstack.io/the-economics-of-api-attacks-and-how-developers-can-stop-them/ Eyal Estrin
unread,
The Economics of API Attacks and How Developers Can Stop Them
https://thenewstack.io/the-economics-of-api-attacks-and-how-developers-can-stop-them/ Eyal Estrin
Mar 15
Eyal Estrin
Mar 14
Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data
https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-
unread,
Security Flaws within ChatGPT Ecosystem Allowed Access to Accounts On Third-Party Websites and Sensitive Data
https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-
Mar 14
Eyal Estrin
Mar 14
CISA rolls out secure software attestation form
https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form https://
unread,
CISA rolls out secure software attestation form
https://www.cisa.gov/resources-tools/resources/secure-software-development-attestation-form https://
Mar 14
Eyal Estrin
Mar 10
Exploring the GitHub Advisory Database for fun and (no) profit
https://blog.aquia.us/blog/2024-02-27-gh-advisory-db/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,
unread,
Exploring the GitHub Advisory Database for fun and (no) profit
https://blog.aquia.us/blog/2024-02-27-gh-advisory-db/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,
Mar 10
Eyal Estrin
Mar 8
Immediate AI risks and tomorrow’s dangers
https://www.helpnetsecurity.com/2024/03/08/ai-attacks/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,
unread,
Immediate AI risks and tomorrow’s dangers
https://www.helpnetsecurity.com/2024/03/08/ai-attacks/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,
Mar 8
Eyal Estrin
Mar 8
A Practical Approach to SBOM in CI/CD
Part I — CycloneDX https://devsec-blog.com/2024/03/a-practical-approach-to-sbom-in-ci-cd-part-i-
unread,
A Practical Approach to SBOM in CI/CD
Part I — CycloneDX https://devsec-blog.com/2024/03/a-practical-approach-to-sbom-in-ci-cd-part-i-
Mar 8
Eyal Estrin
Mar 7
Southern Company Builds SBOM for Electric Power Substation
https://www.darkreading.com/ics-ot-security/southern-company-builds-a-power-substation-sbom Eyal
unread,
Southern Company Builds SBOM for Electric Power Substation
https://www.darkreading.com/ics-ot-security/southern-company-builds-a-power-substation-sbom Eyal
Mar 7
Eyal Estrin
Mar 7
Enhancing protection: Updates on Microsoft’s Secure Future Initiative
https://www.microsoft.com/en-us/security/blog/2024/03/06/enhancing-protection-updates-on-microsofts-
unread,
Enhancing protection: Updates on Microsoft’s Secure Future Initiative
https://www.microsoft.com/en-us/security/blog/2024/03/06/enhancing-protection-updates-on-microsofts-
Mar 7
Eyal Estrin
Mar 5
Keeping secrets out of public repositories
https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ Eyal Estrin CISSP, CCSP,
unread,
Keeping secrets out of public repositories
https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/ Eyal Estrin CISSP, CCSP,
Mar 5
Eyal Estrin
Mar 5
Secure by Design: Google’s Perspective on Memory Safety
https://security.googleblog.com/2024/03/secure-by-design-googles-perspective-on.html Eyal Estrin
unread,
Secure by Design: Google’s Perspective on Memory Safety
https://security.googleblog.com/2024/03/secure-by-design-googles-perspective-on.html Eyal Estrin
Mar 5
Eyal Estrin
Mar 4
We Hacked Google A.I. for $50,000
https://www.landh.tech/blog/20240304-google-hack-50000/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,
unread,
We Hacked Google A.I. for $50,000
https://www.landh.tech/blog/20240304-google-hack-50000/ Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE,
Mar 4
Eyal Estrin
Mar 2
Apple Gets an 'F' for Slicing Apples
https://objective-see.org/blog/blog_0x80.html Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog:
unread,
Apple Gets an 'F' for Slicing Apples
https://objective-see.org/blog/blog_0x80.html Eyal Estrin CISSP, CCSP, CISM, CISA, CDPSE, CCSK Blog:
Mar 2
Eyal Estrin
Mar 1
5 Risks of Outsourcing Development and How to Avoid Them
https://thenewstack.io/5-risks-of-outsourcing-development-and-how-to-avoid-them/ Eyal Estrin CISSP,
unread,
5 Risks of Outsourcing Development and How to Avoid Them
https://thenewstack.io/5-risks-of-outsourcing-development-and-how-to-avoid-them/ Eyal Estrin CISSP,
Mar 1
Eyal Estrin
Mar 1
A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns
https://securityaffairs.com/159782/hacking/zero-click-facebook-account-takeover.html Eyal Estrin
unread,
A critical vulnerability in Facebook could have allowed threat actors to hijack any Facebook account, researcher warns
https://securityaffairs.com/159782/hacking/zero-click-facebook-account-takeover.html Eyal Estrin
Mar 1
Eyal Estrin
Mar 1
Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024
https://www.imperva.com/blog/state-of-api-security-in-2024/ Eyal Estrin CISSP, CCSP, CISM, CISA,
unread,
Latest Research Reveals Rise in API Attacks in 2023, Putting Businesses at Risk in 2024
https://www.imperva.com/blog/state-of-api-security-in-2024/ Eyal Estrin CISSP, CCSP, CISM, CISA,
Mar 1
Eyal Estrin
Mar 1
GitHub besieged by millions of malicious repositories in ongoing attack
https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-
unread,
GitHub besieged by millions of malicious repositories in ongoing attack
https://arstechnica.com/security/2024/02/github-besieged-by-millions-of-malicious-repositories-in-
Mar 1
Eyal Estrin
Mar 1
Shifting Security Down Early
https://medium.com/google-cloud/shifting-security-down-early-1a42169d05a5 Eyal Estrin CISSP, CCSP,
unread,
Shifting Security Down Early
https://medium.com/google-cloud/shifting-security-down-early-1a42169d05a5 Eyal Estrin CISSP, CCSP,
Mar 1
Eyal Estrin
Mar 1
2024 Open Source Security and Risk Analysis Report
https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report.html Eyal Estrin
unread,
2024 Open Source Security and Risk Analysis Report
https://www.synopsys.com/blogs/software-security/open-source-trends-ossra-report.html Eyal Estrin
Mar 1
Eyal Estrin
Feb 28
White House urges devs to switch to memory-safe programming languages
https://www.bleepingcomputer.com/news/security/white-house-urges-devs-to-switch-to-memory-safe-
unread,
White House urges devs to switch to memory-safe programming languages
https://www.bleepingcomputer.com/news/security/white-house-urges-devs-to-switch-to-memory-safe-
Feb 28
Eyal Estrin
Feb 24
Navigating the API Minefield: Top Security Risks and How to Defuse Them
https://thecyberexpress.com/api-security-and-artificial-intelligence/ Eyal Estrin CISSP, CCSP, CISM,
unread,
Navigating the API Minefield: Top Security Risks and How to Defuse Them
https://thecyberexpress.com/api-security-and-artificial-intelligence/ Eyal Estrin CISSP, CCSP, CISM,
Feb 24
Eyal Estrin
Feb 21
Migo - a Redis Miner with Novel System Weakening Techniques
https://www.cadosecurity.com/migo-a-redis-miner-with-novel-system-weakening-techniques/ Eyal Estrin
unread,
Migo - a Redis Miner with Novel System Weakening Techniques
https://www.cadosecurity.com/migo-a-redis-miner-with-novel-system-weakening-techniques/ Eyal Estrin
Feb 21
Eyal Estrin
Feb 20
PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound
https://www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf Eyal Estrin CISSP, CCSP, CISM,
unread,
PrintListener: Uncovering the Vulnerability of Fingerprint Authentication via the Finger Friction Sound
https://www.ndss-symposium.org/wp-content/uploads/2024-618-paper.pdf Eyal Estrin CISSP, CCSP, CISM,
Feb 20
Eyal Estrin
Feb 16
Crowdstrike - 2024 State of Application Security Report
https://go.crowdstrike.com/rs/281-OBQ-266/images/report-2024-state-of-app-security-report.pdf Eyal
unread,
Crowdstrike - 2024 State of Application Security Report
https://go.crowdstrike.com/rs/281-OBQ-266/images/report-2024-state-of-app-security-report.pdf Eyal
Feb 16
Eyal Estrin
Feb 16
ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING
https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking
unread,
ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING
https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking
Feb 16
Eyal Estrin
Feb 15
Enterprise Strategy Group Research Reveals 91 Percent of Organizations Have Experienced a Software Supply Chain Incident in Past 12 Months
https://www.datatheorem.com/news/2024/esg-reveals-91-percent-of-orgs-reported-software-supply-chain-
unread,
Enterprise Strategy Group Research Reveals 91 Percent of Organizations Have Experienced a Software Supply Chain Incident in Past 12 Months
https://www.datatheorem.com/news/2024/esg-reveals-91-percent-of-orgs-reported-software-supply-chain-
Feb 15
Eyal Estrin
Feb 15
Fixing security vulnerabilities with AI
https://github.blog/2024-02-14-fixing-security-vulnerabilities-with-ai/ Eyal Estrin CISSP, CCSP, CISM
unread,
Fixing security vulnerabilities with AI
https://github.blog/2024-02-14-fixing-security-vulnerabilities-with-ai/ Eyal Estrin CISSP, CCSP, CISM
Feb 15
Eyal Estrin
Feb 15
Addressing the Threat of Security Debt: Unveiling the State of Software Security 2024
https://www.veracode.com/blog/research/addressing-threat-security-debt-unveiling-state-software-
unread,
Addressing the Threat of Security Debt: Unveiling the State of Software Security 2024
https://www.veracode.com/blog/research/addressing-threat-security-debt-unveiling-state-software-
Feb 15