This week we added 290 new resources across 22 topics on appsec.fyi.

Trending this week: IDOR, AI, Fuzzing, XXE, Burp Suite

---

Term of the week: SLSA (Supply-chain Levels for Software Artifacts)

A security framework with four levels of increasing assurance for software build integrity. Focuses on provenance — being able to prove that a binary was built from specific source code by a specific build system. Pairs with SBOM and Sigstore. You can get to SLSA Level 2 in an afternoon.

Browse the full glossary

---

XSS (+21)

• Browser-Based Attacks in 2026: What Every Startup Needs to Know Browser-Based Attacks in 2026: What Every Startup Needs to Know

• CVE-2025-1647: Bootstrap 3 XSS Vulnerability via DOM Clobbering CVE-2025-1647: Bootstrap 3 XSS Vulnerability via DOM Clobbering

• CVE-2026-32629: phpMyFAQ XSS Vulnerability CVE-2026-32629: phpMyFAQ XSS Vulnerability

• Cross-site leaks (XS-Leaks) - Security - MDN Web Docs Cross-site leaks (XS-Leaks) - Security - MDN Web Docs

• Site-DOM-XSS using Cookie Injection: The AI Hackers are Coming Site-DOM-XSS using Cookie Injection: The AI Hackers are Coming

• Awesome Bug Bounty Writeups - Curated List by Bug Type Awesome Bug Bounty Writeups - Curated List by Bug Type

• XSS Exploit Payloads - DOM, Reflected, Stored, and WAF Bypass XSS Exploit Payloads - DOM, Reflected, Stored, and WAF Bypass

• Stored XSS Vulnerability WAF Bypass Writeup Stored XSS Vulnerability WAF Bypass Writeup

• Reflected XSS with WAF Bypass — A Creative Payload That Worked Reflected XSS with WAF Bypass — A Creative Payload That Worked

• Learn about Cross Site Scripting (XSS) | BugBountyHunter.com Learn about Cross Site Scripting (XSS) | BugBountyHunter.com

• DOM-Based XSS in Single Page Applications (SPAs): A Complete Guide DOM-Based XSS in Single Page Applications (SPAs): A Complete Guide

• The Ultimate Guide to Finding and Escalating XSS Bugs | Bugcrowd The Ultimate Guide to Finding and Escalating XSS Bugs | Bugcrowd

• How a Cross-Site Scripting Vulnerability Led to Account Takeover | HackerOne How a Cross-Site Scripting Vulnerability Led to Account Takeover | HackerOne

• XSS Attacks & Exploitation: The Ultimate Guide | YesWeHack XSS Attacks & Exploitation: The Ultimate Guide | YesWeHack

• Cross-Site Scripting (XSS) Cheat Sheet - 2026 Edition | PortSwigger Cross-Site Scripting (XSS) Cheat Sheet - 2026 Edition | PortSwigger

• CISA Warns of Zimbra SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks CISA Warns of Zimbra, SharePoint Flaw Exploits; Cisco Zero-Day Hit in Ransomware Attacks https://ift.tt/vwg96OZ

• ShadowPrompt: Zero-Click Prompt Injection Chain in Anthropics Claude Chrome Extension ShadowPrompt: Zero-Click Prompt Injection Chain in Anthropic’s Claude Chrome Extension https://ift.tt/LQkpR3n

• Jira Account Takeover Jira Account Takeover https://ift.tt/wtHJ6Lm

• Vulnerabilities in Bludit software Vulnerabilities in Bludit software https://ift.tt/xf0FONS

• Stored XSS Bug in Jira Work Management Could Lead to Full Organization Takeover Stored XSS Bug in Jira Work Management Could Lead to Full Organization Takeover https://ift.tt/chvJTgR

• Stored XSS Flaw in Jira Work Management Could Enable Full Org Compromise Stored XSS Flaw in Jira Work Management Could Enable Full Org Compromise https://ift.tt/tBU50wa

SSRF (+17)

• Top 10 Web Application Vulnerabilities in Indian SaaS Apps Top 10 Web Application Vulnerabilities in Indian SaaS Apps

• 46 Vulnerability Statistics 2026: Key Trends in Discovery, Exploitation and Risk 46 Vulnerability Statistics 2026: Key Trends in Discovery, Exploitation and Risk

• CVE-2026-5417: Dataease SQLbot SSRF Vulnerability CVE-2026-5417: Dataease SQLbot SSRF Vulnerability

• CVE-2026-34740: Wwbn Avideo SSRF Vulnerability CVE-2026-34740: Wwbn Avideo SSRF Vulnerability

• @RX149427 No details. Lisieux was a vital transport hub for the German military and a waypoint for Allied escape lines. Graham Hayes MC a commando in SOE's Small Scale Raiding Force spent several weeks in Lisieux. #GrahamHayes #SSRF #62Commando #SOE #WW2 en.wikipedia.org/wiki/Graham_Hafr @RX149427 No details. Lisieux was a vital transport hub for the German military and a waypoint for Allied escape lines. Graham Hayes MC, a commando in SOE's Small Scale Raiding Force, spent several we...

• curl_cffi is impacted by CVE-2026-33752 a redirect-based SSRF vulnerability allowing internal network access with TLS impersonation bypass. Review applications using curl_cffi for URL input validation. #SSRF #Python #Infosec pulsepatch.io/posts/cve-2026 curl_cffi is impacted by CVE-2026-33752, a redirect-based SSRF vulnerability allowing internal network access with TLS impersonation bypass. Review applications using curl_cffi for URL input valid...

• A critical SSRF vulnerability (CVE-2026-31818) affects Budibase via its REST Connector allowing unauthorized access to internal resources. Review configurations. #SSRF #Budibase #AppSecurity pulsepatch.io/posts/cve-2026 A critical SSRF vulnerability (CVE-2026-31818) affects Budibase via its REST Connector, allowing unauthorized access to internal resources. Review configurations. #SSRF #Budibase #AppSecurity pulsep...

• A critical SSRF filter bypass (CVE-2026-35459) affects pyLoad enabling access to internal network resources. This is an incomplete fix for CVE-2026-33992. #SSRF #pyLoad #infosec pulsepatch.io/posts/cve-2026 A critical SSRF filter bypass (CVE-2026-35459) affects pyLoad, enabling access to internal network resources. This is an incomplete fix for CVE-2026-33992. #SSRF #pyLoad #infosec pulsepatch.io/posts...

• SSRF Vulnerability Explained: Attack Types & Real-World Examples (2025) SSRF Vulnerability Explained: Attack Types & Real-World Examples (2025)

• Server-Side Request Forgery (SSRF) | Invicti Server-Side Request Forgery (SSRF) | Invicti

• The Phantom Pivot: Advanced Red Teaming through SSRF & DNS Rebinding The Phantom Pivot: Advanced Red Teaming through SSRF & DNS Rebinding

• Mastering SSRF Exploitation in 2025 Mastering SSRF Exploitation in 2025

• The newly disclosed CVE-2026-33060 (CKAN MCP Server SSRF) shows a recurring pattern: AI agents granted excessive network access without runtime validation. Fetching metadata/internal IPs shouldn't be default. Control execution not just the prompt. #MCPSecurity #SSRF #AIAgents The newly disclosed CVE-2026-33060 (CKAN MCP Server SSRF) shows a recurring pattern: AI agents granted excessive network access without runtime validation. Fetching metadata/internal IPs shouldn't be ...

• Chained SSRF Indirect Prompt Injection in an AI assistant. Server fetching arbitrary URLs Timing oracle revealing internal services Prompt injection hijacking the AI to recon internal infrastructure Marked N/A. #BugBounty #SSRF #AISecurity #PromptInjectionpic.x.com/1w1wCKOlpJJ Chained SSRF + Indirect Prompt Injection in an AI assistant. → Server fetching arbitrary URLs → Timing oracle revealing internal services → Prompt injection hijacking the AI to recon internal infrastr...

• Critical SSRF flaw in HAPI FHIR validation package CVE-2026-34361 could expose healthcare apps to credential theft and potential data breaches. vulert.com/vuln-db/CVE-20Zp #CyberSecurity #SSRpic.x.com/ulvNeLbE3Y3Y 🚨 Critical SSRF flaw in HAPI FHIR validation package CVE-2026-34361 could expose healthcare apps to credential theft and potential data breaches. �vulert.com/vuln-db/CVE-20…Zp #CyberSecurity #SSRpic.x...

• TL;DR: IMDSv1 SSRF = credenziali IAM gratis. Capital One 2019: 106M record $80M di multa. Tre HTTP request. Zero exploit. Paolo ha scritto come funziona e come si ferma paolocostanzo.github.io/ssrf-imds-ec2-c (post AI paolo studiava AWS cert) #AWS #SSRF #CloudSecurity #PenTest TL;DR: IMDSv1 + SSRF = credenziali IAM gratis. Capital One, 2019: 106M record, $80M di multa. Tre HTTP request. Zero exploit. Paolo ha scritto come funziona e come si ferma 👇paolocostanzo.github.io/ss...

• Warning: High #SSRF & Injection vulnerabilities in #SpringAI. CVE-2026-22742 CVE-2026-22743 CVE-2026-22744 CVSS: 8.6. These CVEs can lead to unintended server requests and database access. #Patch #Patch #Patch Warning: High #SSRF & Injection vulnerabilities in #SpringAI. CVE-2026-22742, CVE-2026-22743, CVE-2026-22744 CVSS: 8.6. These CVEs can lead to unintended server requests and database access. #Patch #P...

CSRF (+16)

• CVE-2026-25101: Bludit Authentication Bypass Vulnerability CVE-2026-25101: Bludit Authentication Bypass Vulnerability

• Cookies: HTTP State Management Mechanism (RFC 6265bis) Cookies: HTTP State Management Mechanism (RFC 6265bis)

• 3 Security Failure Modes in Vibe-Coded Apps 3 Security Failure Modes in Vibe-Coded Apps

• CVE-2026-34394: Wwbn Avideo CSRF Vulnerability CVE-2026-34394: Wwbn Avideo CSRF Vulnerability

• Cross-site request forgery (CSRF) - Security - MDN Web Docs Cross-site request forgery (CSRF) - Security - MDN Web Docs

• Diamond award for Bexhill and Hastings community group for retirees Diamond award for Bexhill and Hastings community group for retirees https://ift.tt/eER5YBr

• CSRF Exploitation Techniques — Flaws, Bypasses & SameSite Cookie Mechanics CSRF Exploitation Techniques — Flaws, Bypasses & SameSite Cookie Mechanics

• Lab: SameSite Lax Bypass via Cookie Refresh | PortSwigger Lab: SameSite Lax Bypass via Cookie Refresh | PortSwigger

• Lab: SameSite Lax Bypass via Method Override | PortSwigger Lab: SameSite Lax Bypass via Method Override | PortSwigger

• Advanced Techniques to Bypass CSRF Defenses Advanced Techniques to Bypass CSRF Defenses

• Cross-Site Request Forgery (CSRF) Attack Guide | Hackviser Cross-Site Request Forgery (CSRF) Attack Guide | Hackviser

• CSRF (Cross Site Request Forgery) | HackTricks CSRF (Cross Site Request Forgery) | HackTricks

• Bypassing SameSite Cookie Restrictions - CSRF | PortSwigger Bypassing SameSite Cookie Restrictions - CSRF | PortSwigger

• CSRF & Bypasses | Cobalt CSRF & Bypasses | Cobalt

• Cross-Site Request Forgery Prevention Cheat Sheet | OWASP Cross-Site Request Forgery Prevention Cheat Sheet | OWASP

• Diamond award for Bexhill and Hastings community group for retirees Diamond award for Bexhill and Hastings community group for retirees https://ift.tt/GT76kYD

Talks (+15)

• HTB COAE: Introducing the new standard for AI Red Teaming HTB COAE: Introducing the new standard for AI Red Teaming

• OWASP Impact Report 2025 OWASP Impact Report 2025

• AI Agent Security Masterclass: Attacking and Defending Autonomous AI Systems - DEF CON Training AI Agent Security Masterclass: Attacking and Defending Autonomous AI Systems - DEF CON Training

• Hacking Android and IOT Apps by Example - DEF CON Training LV 2026 Hacking Android and IOT Apps by Example - DEF CON Training LV 2026

• Black Hat USA 2026 Training Schedule Black Hat USA 2026 Training Schedule

• DEF CON 32 Registration via Black Hat USA 2024 DEF CON 32 Registration via Black Hat USA 2024

• Black Hat Briefings - Wikipedia Black Hat Briefings - Wikipedia

• Security Summer Camp: Black Hat 2025, DEF CON, and Others Security Summer Camp: Black Hat 2025, DEF CON, and Others

• Black Hat USA 2024, BSidesLV and DEF CON 32: Hacker Summer Camp Guide Black Hat USA 2024, BSidesLV and DEF CON 32: Hacker Summer Camp Guide

• Black Hat Conference: Cutting-Edge Cybersecurity Insights Black Hat Conference: Cutting-Edge Cybersecurity Insights

• Black Hat 2025: Latest News and Insights | CSO Online Black Hat 2025: Latest News and Insights | CSO Online

• Black Hat 2025 & DEF CON 33: The Attendees' Guide | Splunk Black Hat 2025 & DEF CON 33: The Attendees' Guide | Splunk

• Black Hat USA 2025 & DEF CON 33 Black Hat USA 2025 & DEF CON 33

• Black Hat USA 2024 Black Hat USA 2024

• DEF CON Hacking Conference DEF CON Hacking Conference

Bug Bounty (+15)

• Getting Started as a Penetration Tester in NZ (2026 Edition) Getting Started as a Penetration Tester in NZ (2026 Edition)

• shuvonsec/claude-bug-bounty: AI Bug Bounty Framework shuvonsec/claude-bug-bounty: AI Bug Bounty Framework

• Disclosed: $4.3m Paid in HackerOne LHEs, PortSwigger Top 10 Released Disclosed: $4.3m Paid in HackerOne LHEs, PortSwigger Top 10 Released

• HackerOne Hacktivity HackerOne Hacktivity

• How Bug Bounty Hunters Are Using Claude Code How Bug Bounty Hunters Are Using Claude Code

• API Penetration Testing: Combined Checklist + Scenario List API Penetration Testing: Combined Checklist + Scenario List

• The Tools I Use for Bug Bounty Hunting The Tools I Use for Bug Bounty Hunting

• Bug Bounty Hunting in 2025: A Real World Guide Bug Bounty Hunting in 2025: A Real World Guide

• Full Bug Bounty Hunting Methodology - Recon (DEF CON 32 Workshop) Full Bug Bounty Hunting Methodology - Recon (DEF CON 32 Workshop)

• The Best Bug Bounty Recon Methodology (2024) | Hive Five The Best Bug Bounty Recon Methodology (2024) | Hive Five

• 2025 Bug Bounty Methodology, Toolsets and Persistent Recon 2025 Bug Bounty Methodology, Toolsets and Persistent Recon

• Comprehensive Bug Bounty Hunting Methodology (2024 Edition) Comprehensive Bug Bounty Hunting Methodology (2024 Edition)

• From Recon to Report: Complete Bug Bounty Workflow for 2025 From Recon to Report: Complete Bug Bounty Workflow for 2025

• Recon for Bug Bounty: 8 Essential Tools | Intigriti Recon for Bug Bounty: 8 Essential Tools | Intigriti

• Bug Bounty Hunting Methodology 2025 Bug Bounty Hunting Methodology 2025

RCE (+15)

• Metasploit Wrap-Up 04/03/2026 Metasploit Wrap-Up 04/03/2026

• Multiple Vulnerabilities in Progress ShareFile Could Allow for Remote Code Execution Multiple Vulnerabilities in Progress ShareFile Could Allow for Remote Code Execution

• Critical RCE Vulnerability in F5 BIG-IP Under Exploitation Critical RCE Vulnerability in F5 BIG-IP Under Exploitation

• CVE-2026-20131 Cisco FMC RCE Vulnerability CVE-2026-20131 Cisco FMC RCE Vulnerability

• Emerging Threat: CVE-2026-27876 Grafana Remote Code Execution via SQL Expressions Emerging Threat: CVE-2026-27876 Grafana Remote Code Execution via SQL Expressions

• SSTI (Server-Side Template Injection) to RCE Walkthrough SSTI (Server-Side Template Injection) to RCE Walkthrough

• SSTI Leading to Remote Code Execution (RCE) SSTI Leading to Remote Code Execution (RCE)

• OpenOlat Velocity Template Injection Leads to RCE OpenOlat Velocity Template Injection Leads to RCE

• A Pentester's Guide to SSTI | Cobalt A Pentester's Guide to SSTI | Cobalt

• RCE with Server-Side Template Injection RCE with Server-Side Template Injection

• Rejetto HTTP File Server SSTI RCE (CVE-2024-23692) | Invicti Rejetto HTTP File Server SSTI RCE (CVE-2024-23692) | Invicti

• WPML Plugin RCE via Twig SSTI (CVE-2024-6386) WPML Plugin RCE via Twig SSTI (CVE-2024-6386)

• PayloadsAllTheThings - Server Side Template Injection PayloadsAllTheThings - Server Side Template Injection

• SSTI: Advanced Exploitation Guide | Intigriti SSTI: Advanced Exploitation Guide | Intigriti

• SSTI Exploitation with RCE Everywhere | YesWeHack SSTI Exploitation with RCE Everywhere | YesWeHack

Python (+15)

• The State of Trusted Open Source Report The State of Trusted Open Source Report

• Rapid Exploitation and Clever Malware in the Supply Chain — Last Week in AppSec Rapid Exploitation and Clever Malware in the Supply Chain — Last Week in AppSec

• CrewAI contains multiple vulnerabilities including SSRF, RCE CrewAI contains multiple vulnerabilities including SSRF, RCE

• CVE-2026-33873: Langflow Agentic Assistant RCE Vulnerability CVE-2026-33873: Langflow Agentic Assistant RCE Vulnerability

• CVE-2026-34519: AIOHTTP XSS Vulnerability CVE-2026-34519: AIOHTTP XSS Vulnerability

• A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI

• Exposing 4 Critical Vulnerabilities in Python PickleScan | Sonatype Exposing 4 Critical Vulnerabilities in Python PickleScan | Sonatype

• Python SAST Tools: Free & Paid Solutions for Secure Code Analysis Python SAST Tools: Free & Paid Solutions for Secure Code Analysis

• 10 Common Security Gotchas in Python and How to Avoid Them 10 Common Security Gotchas in Python and How to Avoid Them

• Insecure Deserialization in Python | Semgrep Insecure Deserialization in Python | Semgrep

• PyTorch Users at Risk: 3 Zero-Day PickleScan Vulnerabilities | JFrog PyTorch Users at Risk: 3 Zero-Day PickleScan Vulnerabilities | JFrog

• PickleScan - Security Scanner Detecting Suspicious Python Pickle Files PickleScan - Security Scanner Detecting Suspicious Python Pickle Files

• Python Secure Coding Guidelines Python Secure Coding Guidelines

• Bandit: Python Static Application Security Testing Guide Bandit: Python Static Application Security Testing Guide

• Python Security Vulnerabilities | Top Issues | Aikido Python Security Vulnerabilities | Top Issues | Aikido

OSINT (+15)

• AI-enabled Workflows and Deeper Intelligence AI-enabled Workflows and Deeper Intelligence

• 10 Best Threat Intelligence Tools In 2026 10 Best Threat Intelligence Tools In 2026

• OSINT Intelligence Briefing - March 31, 2026 OSINT Intelligence Briefing - March 31, 2026

• Open Source Intelligence (OSINT): AI-Powered Image Geo-Location Open Source Intelligence (OSINT): AI-Powered Image Geo-Location

• Top 15 OSINT Tools For Cybersecurity In 2026 Top 15 OSINT Tools For Cybersecurity In 2026

• Bug Bounty 101: Top 10 Reconnaissance Tools | Netlas Bug Bounty 101: Top 10 Reconnaissance Tools | Netlas

• Top 7 OSINT Tools Every Cybersecurity Professional Should Know Top 7 OSINT Tools Every Cybersecurity Professional Should Know

• Top 10 OSINT Tools Everyone Should Know | SMIIT CyberAI Top 10 OSINT Tools Everyone Should Know | SMIIT CyberAI

• Top 10 OSINT Tools in 2025 Cyber Analysts Trust Top 10 OSINT Tools in 2025 Cyber Analysts Trust

• 10 Best Open Source Intelligence (OSINT) Tools Of 2025 10 Best Open Source Intelligence (OSINT) Tools Of 2025

• What is OSINT? Tools, Techniques and Framework Explained What is OSINT? Tools, Techniques and Framework Explained

• 15 Best OSINT Tools in 2026 | Lampyre 15 Best OSINT Tools in 2026 | Lampyre

• Open Source Intelligence Tools and Resources Collection Open Source Intelligence Tools and Resources Collection

• OSINT for Threat Enrichment: Deep Dive with Maltego, SpiderFoot, IntelX, Recon-ng OSINT for Threat Enrichment: Deep Dive with Maltego, SpiderFoot, IntelX, Recon-ng

• Top 15 Free OSINT Tools To Collect Data From Open Sources Top 15 Free OSINT Tools To Collect Data From Open Sources

SQLi (+15)

• SQL Injection (SQLi) Guide - SecPortal SQL Injection (SQLi) Guide - SecPortal

• CVE-2026-27697: Basercms SQLi Vulnerability CVE-2026-27697: Basercms SQLi Vulnerability

• CVE-2026-5197: Student Membership System SQLi Vulnerability CVE-2026-5197: Student Membership System SQLi Vulnerability

• WAF Testing Guide: How to Validate Web Application Firewalls WAF Testing Guide: How to Validate Web Application Firewalls

• Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2 Bug Bounty Bootcamp #29: Boolean Blind SQL Injection Part 2

• 12 Questions and Answers About Insecure Deserialization 12 Questions and Answers About Insecure Deserialization

• How to Perform SQL Injection in Web Apps How to Perform SQL Injection in Web Apps

• What is SQL Injection? How to Prevent SQL Injection | Fortinet What is SQL Injection? How to Prevent SQL Injection | Fortinet

• Bypassing WAFs in 2025: New Techniques and Evasion Tactics Bypassing WAFs in 2025: New Techniques and Evasion Tactics

• 7 Types of SQL Injection Attacks & How to Prevent Them 7 Types of SQL Injection Attacks & How to Prevent Them

• SQLi Payloads - Classic, Blind, Error-Based, Time-Based, WAF Bypass SQLi Payloads - Classic, Blind, Error-Based, Time-Based, WAF Bypass

• SQL Injection for Bug Bounty Hunters | YesWeHack SQL Injection for Bug Bounty Hunters | YesWeHack

• Exploiting an SQL Injection with WAF Bypass Exploiting an SQL Injection with WAF Bypass

• SQL Injection Bypassing WAF | OWASP SQL Injection Bypassing WAF | OWASP

• PayloadsAllTheThings - SQL Injection PayloadsAllTheThings - SQL Injection

GraphQL (+14)

• Cybersecurity Deep Dive: The Complete Guide to Protecting Modern Applications Cybersecurity Deep Dive: The Complete Guide to Protecting Modern Applications

• How Does StackHawk Work? How Does StackHawk Work?

• GraphQL Security Vulnerabilities Guide - SecPortal GraphQL Security Vulnerabilities Guide - SecPortal

• Vespasian: It Sees What Static Analysis Can't - API Endpoint Discovery Vespasian: It Sees What Static Analysis Can't - API Endpoint Discovery

• GraphQL Security: How I Found and Exploited Critical IDOR and Authorization Bypass GraphQL Security: How I Found and Exploited Critical IDOR and Authorization Bypass

• GraphQL Security Testing Guide (2026) GraphQL Security Testing Guide (2026)

• GraphQL Security Complete Guide | Payload Playground GraphQL Security Complete Guide | Payload Playground

• GraphQL Vulnerabilities and Common Attacks Seen in the Wild | Imperva GraphQL Vulnerabilities and Common Attacks Seen in the Wild | Imperva

• GraphQL API Vulnerabilities, Common Attacks & Security Tips GraphQL API Vulnerabilities, Common Attacks & Security Tips

• Hacking GraphQL Endpoints in Bug Bounty Programs | YesWeHack Hacking GraphQL Endpoints in Bug Bounty Programs | YesWeHack

• PayloadsAllTheThings - GraphQL Injection PayloadsAllTheThings - GraphQL Injection

• GraphQL | HackTricks GraphQL | HackTricks

• GraphQL Cheat Sheet | OWASP GraphQL Cheat Sheet | OWASP

• GraphQL Security from a Pentester's Perspective | AFINE GraphQL Security from a Pentester's Perspective | AFINE

XXE (+14)

• Debian: CVE-2026-23739: Asterisk Security Update Debian: CVE-2026-23739: Asterisk Security Update

• CVE-2025-11035: Jinher OA XXE Vulnerability CVE-2025-11035: Jinher OA XXE Vulnerability

• CVE-2025-54254: Adobe Experience Manager Forms XXE Vulnerability CVE-2025-54254: Adobe Experience Manager Forms XXE Vulnerability

• CVE-2026-29924: XXE Vulnerability CVE-2026-29924: XXE Vulnerability

• CVE-2026-34401: XXE in Wwbn Avideo CVE-2026-34401: XXE in Wwbn Avideo

• Advanced XXE Exploitation: File Disclosure, Blind OOB, and RCE Advanced XXE Exploitation: File Disclosure, Blind OOB, and RCE

• What is XXE (XML External Entity) | Examples & Prevention | Imperva What is XXE (XML External Entity) | Examples & Prevention | Imperva

• XML External Entities (XXE) | Pentesting Notes XML External Entities (XXE) | Pentesting Notes

• XML External Entity (XXE) Processing | OWASP XML External Entity (XXE) Processing | OWASP

• Blind XXE: Exfiltrating Data Out-of-Band in 2025 Blind XXE: Exfiltrating Data Out-of-Band in 2025

• Comprehensive Guide to XXE Exploitation: Advanced Data Exfiltration and RCE Comprehensive Guide to XXE Exploitation: Advanced Data Exfiltration and RCE

• XML External Entity: The Ultimate Bug Bounty Guide to XXE | YesWeHack XML External Entity: The Ultimate Bug Bounty Guide to XXE | YesWeHack

• XML External Entity (XXE) Attack Guide | Hackviser XML External Entity (XXE) Attack Guide | Hackviser

• What is a Blind XXE Attack? | PortSwigger What is a Blind XXE Attack? | PortSwigger

IDOR (+14)

• Web Application Security Testing: A Step-by-Step Learning Guide Web Application Security Testing: A Step-by-Step Learning Guide

• CVE-2026-33030: Nginx UI Authorization Bypass CVE-2026-33030: Nginx UI Authorization Bypass

• BugQuest 2026: 31 Days of Broken Access Control BugQuest 2026: 31 Days of Broken Access Control

• Nginx UI IDOR Allows Cross-User Resource Access Nginx UI IDOR Allows Cross-User Resource Access

• IDOR | HackTricks IDOR | HackTricks

• IDOR Attack Guide | Hackviser IDOR Attack Guide | Hackviser

• Real Bug Bounty Report: IDOR Used to Exploit a Banking Application Real Bug Bounty Report: IDOR Used to Exploit a Banking Application

• Reddit Bug Bounty: Exploiting an IDOR Vulnerability in Dubsmash's API Reddit Bug Bounty: Exploiting an IDOR Vulnerability in Dubsmash's API

• IDOR: The $1 Billion Authorization Bug IDOR: The $1 Billion Authorization Bug

• IDOR Vulnerability: Analysis, Impact, Mitigation | Huntress IDOR Vulnerability: Analysis, Impact, Mitigation | Huntress

• How to Find IDOR Vulnerabilities: The Bug Bounty Hunter's Practical Guide How to Find IDOR Vulnerabilities: The Bug Bounty Hunter's Practical Guide

• Insecure Direct Object References (IDOR) | Intigriti Hackademy Insecure Direct Object References (IDOR) | Intigriti Hackademy

• IDOR in 2025: Why Broken Access Control Still Rules the Vulnerability Charts IDOR in 2025: Why Broken Access Control Still Rules the Vulnerability Charts

• IDOR: A Complete Guide to Exploiting Advanced IDOR Vulnerabilities | Intigriti IDOR: A Complete Guide to Exploiting Advanced IDOR Vulnerabilities | Intigriti

AuthZ (+14)

• Broken Authentication and IDOR – A Big but Solvable Problem | Inspectiv Broken Authentication and IDOR – A Big but Solvable Problem | Inspectiv

• Exploiting Broken Access Control Vulnerability for Bounty Exploiting Broken Access Control Vulnerability for Bounty

• Broken Access Control Testing Software for Web Apps | Penti AI Broken Access Control Testing Software for Web Apps | Penti AI

• WSTG Methodology: Web Penetration Testing | Haxoris WSTG Methodology: Web Penetration Testing | Haxoris

• OWASP Top 10 #1: Broken Access Control and Security Tips OWASP Top 10 #1: Broken Access Control and Security Tips

• Primer on Broken Access Control Vulnerabilities and How to Find Them Primer on Broken Access Control Vulnerabilities and How to Find Them

• Horizontal and Vertical Privilege Escalation Explained | Blue Goat Cyber Horizontal and Vertical Privilege Escalation Explained | Blue Goat Cyber

• Broken Access Control - Vertical Privilege Escalation Writeup Broken Access Control - Vertical Privilege Escalation Writeup

• Testing for Privilege Escalation | OWASP WSTG Testing for Privilege Escalation | OWASP WSTG

• Testing for Insecure Direct Object References | OWASP WSTG Testing for Insecure Direct Object References | OWASP WSTG

• Top HackerOne Reports - Authorization Bypass Top HackerOne Reports - Authorization Bypass

• Broken Authentication: Advanced Exploitation Guide | Intigriti Broken Authentication: Advanced Exploitation Guide | Intigriti

• How To Find Broken Access Control Vulnerabilities in the Wild | HackerOne How To Find Broken Access Control Vulnerabilities in the Wild | HackerOne

• Authn vs. authz: How are they different? Authentication (authn) refers to identity, while authorization (authz) has to do with permissions. Learn about the difference between authn vs. authz in more detail.

Burp Suite (+13)

• Zero-Day Incident Response: First 72 Hours Zero-Day Incident Response: First 72 Hours

• Top 7 Online Penetration Testing Tools in 2026 Top 7 Online Penetration Testing Tools in 2026

• Toolchain: Nmap, Burp Suite, and Metasploit - A Practical Workflow Guide Toolchain: Nmap, Burp Suite, and Metasploit - A Practical Workflow Guide

• Top 10 Burp Suite Extensions Every Pentester Should Use Top 10 Burp Suite Extensions Every Pentester Should Use

• Installing Extensions from BApp Store | PortSwigger Installing Extensions from BApp Store | PortSwigger

• 3 Powerful Burp Suite Extensions Every Pentester Should Use 3 Powerful Burp Suite Extensions Every Pentester Should Use

• BApp Store | PortSwigger BApp Store | PortSwigger

• Burp Suite Professional BApps: Maximizing Pentester Productivity Burp Suite Professional BApps: Maximizing Pentester Productivity

• Burp Bounty - Scan Check Builder Extension Burp Bounty - Scan Check Builder Extension

• Burp Suite - Top Extensions | KSEC ARK Pentesting Knowledge Base Burp Suite - Top Extensions | KSEC ARK Pentesting Knowledge Base

• Top 10 Must-Have Burp Suite Extensions for Web Application Security (2024) Top 10 Must-Have Burp Suite Extensions for Web Application Security (2024)

• Top 10 Pentesting Tools and Extensions in Burp Suite | PortSwigger Top 10 Pentesting Tools and Extensions in Burp Suite | PortSwigger

• Top 20 Useful Burp Suite Extensions for Web Application Pentesting Top 20 Useful Burp Suite Extensions for Web Application Pentesting

Mobile (+11)

• OWASP Mobile Top 10 2024: A Security Guide OWASP Mobile Top 10 2024: A Security Guide

• OWASP Mobile Top 10 and MobSF OWASP Mobile Top 10 and MobSF

• Bypassing Certificate Pinning Using Frida: A Step-by-Step Guide Bypassing Certificate Pinning Using Frida: A Step-by-Step Guide

• Hail Frida!! The Universal SSL Pinning Bypass for Android Hail Frida!! The Universal SSL Pinning Bypass for Android

• OWASP Mobile Top 10 (2024) — Bug Bounty Hunter's Guide OWASP Mobile Top 10 (2024) — Bug Bounty Hunter's Guide

• Four Ways to Bypass Android SSL Verification and Certificate Pinning | NetSPI Four Ways to Bypass Android SSL Verification and Certificate Pinning | NetSPI

• Bypassing Certificate Pinning | OWASP MASTG Bypassing Certificate Pinning | OWASP MASTG

• Defeating Android Certificate Pinning with Frida Defeating Android Certificate Pinning with Frida

• OWASP Mobile Top 10 OWASP Mobile Top 10

• OWASP Mobile Application Security (MAS) OWASP Mobile Application Security (MAS)

• What is Mobile Security? | IBM Mobile device security refers to being free from danger or risk of an asset loss or data loss by using mobile computers and communication hardware.

AI (+10)

• Prompt Injection Attacks in LLMs: Vulnerabilities, Exploitation & Defense Prompt Injection Attacks in LLMs: Vulnerabilities, Exploitation & Defense

• How AI Red Teaming Fixes Vulnerabilities in Your AI Systems How AI Red Teaming Fixes Vulnerabilities in Your AI Systems

• What Is Prompt Injection in AI? Examples & Prevention | EC-Council What Is Prompt Injection in AI? Examples & Prevention | EC-Council

• Prompt Injection Attacks in 2025: Risks, Defenses & Testing Prompt Injection Attacks in 2025: Risks, Defenses & Testing

• Red Teaming the Mind of the Machine: Evaluation of Prompt Injection and Jailbreak Vulnerabilities Red Teaming the Mind of the Machine: Evaluation of Prompt Injection and Jailbreak Vulnerabilities

• Practical LLM Security Advice from the NVIDIA AI Red Team Practical LLM Security Advice from the NVIDIA AI Red Team

• OWASP Top 10 for LLMs 2025 | DeepTeam Red Teaming Framework OWASP Top 10 for LLMs 2025 | DeepTeam Red Teaming Framework

• Continuously Hardening ChatGPT Against Prompt Injection | OpenAI Continuously Hardening ChatGPT Against Prompt Injection | OpenAI

• Red Teaming LLMs Exposes a Harsh Truth About the AI Security Arms Race Red Teaming LLMs Exposes a Harsh Truth About the AI Security Arms Race

• LLM01:2025 Prompt Injection | OWASP Gen AI Security LLM01:2025 Prompt Injection | OWASP Gen AI Security

Fuzzing (+10)

• MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing MALF: A Multi-Agent LLM Framework for Intelligent Fuzzing

• Automating App Security with Advanced Fuzz Testing Techniques Automating App Security with Advanced Fuzz Testing Techniques

• Coverage Guided vs Blackbox Fuzzing | ClusterFuzz Coverage Guided vs Blackbox Fuzzing | ClusterFuzz

• Make Fuzzing First-Class in CI/CD: Coverage-Guided Testing in 2025 Make Fuzzing First-Class in CI/CD: Coverage-Guided Testing in 2025

• How to Use Fuzzing in Security Research | Keysight How to Use Fuzzing in Security Research | Keysight

• Fuzz Testing: A Beginner's Guide | Better Stack Fuzz Testing: A Beginner's Guide | Better Stack

• libFuzzer and AFL++ | ClusterFuzz libFuzzer and AFL++ | ClusterFuzz

• libFuzzer - A Library for Coverage-Guided Fuzz Testing | LLVM libFuzzer - A Library for Coverage-Guided Fuzz Testing | LLVM

• AFL - American Fuzzy Lop: A Security-Oriented Fuzzer AFL - American Fuzzy Lop: A Security-Oriented Fuzzer

• Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster Coverage Guided Fuzzing - Extending Instrumentation to Hunt Down Bugs Faster

Recon (+10)

• A Comprehensive Guide to Android Penetration Testing | Redfox Security A Comprehensive Guide to Android Penetration Testing | Redfox Security

• A Step-by-Step Android Penetration Testing Guide | Hack The Box A Step-by-Step Android Penetration Testing Guide | Hack The Box

• Mobile App Pentest Cheatsheet Mobile App Pentest Cheatsheet

• GarudRecon - Automated Domain Recon with XSS, SQLi, LFI, RCE Detection GarudRecon - Automated Domain Recon with XSS, SQLi, LFI, RCE Detection

• Automating Subdomain Enumeration to Discover Critical Vulnerabilities Automating Subdomain Enumeration to Discover Critical Vulnerabilities

• SubdomainX: All-in-One Subdomain Enumeration and Reconnaissance Tool SubdomainX: All-in-One Subdomain Enumeration and Reconnaissance Tool

• How to Use Amass for Subdomain Enumeration and Recon Like a Pro How to Use Amass for Subdomain Enumeration and Recon Like a Pro

• Subfinder Complete Guide 2025: Subdomain Enumeration Mastery Subfinder Complete Guide 2025: Subdomain Enumeration Mastery

• Automate Recon and Detect Subdomain Takeovers with Amass, Subfinder, Nuclei Automate Recon and Detect Subdomain Takeovers with Amass, Subfinder, Nuclei

• Reconnaissance 102: Subdomain Enumeration | ProjectDiscovery Reconnaissance 102: Subdomain Enumeration | ProjectDiscovery

Secrets (+10)

• AWS Secrets Manager vs HashiCorp Vault [2026] AWS Secrets Manager vs HashiCorp Vault [2026]

• AWS Secrets Engine | HashiCorp Vault AWS Secrets Engine | HashiCorp Vault

• Researcher Unearths Thousands of Leaked Secrets in GitHub's "Oops Commits" Researcher Unearths Thousands of Leaked Secrets in GitHub's "Oops Commits"

• How to Detect and Clean Up Leaked Secrets in Your Git Repositories How to Detect and Clean Up Leaked Secrets in Your Git Repositories

• Secret Scanning Tools 2026: Protect Code and Prevent Credential Leaks Secret Scanning Tools 2026: Protect Code and Prevent Credential Leaks

• TruffleHog vs. Gitleaks: A Detailed Comparison TruffleHog vs. Gitleaks: A Detailed Comparison

• Why 28 Million Credentials Leaked on GitHub in 2025 | Snyk Why 28 Million Credentials Leaked on GitHub in 2025 | Snyk

• Gitleaks - Find Secrets with Gitleaks Gitleaks - Find Secrets with Gitleaks

• TruffleHog - Find, Verify, and Analyze Leaked Credentials TruffleHog - Find, Verify, and Analyze Leaked Credentials

• Secrets Management - OWASP Cheat Sheet Series Website with the collection of all the cheat sheets of the project.

Supply Chain (+10)

• 12 Months That Changed Supply Chain Security - 2025 Month by Month 12 Months That Changed Supply Chain Security - 2025 Month by Month

• Securing the Software Supply Chain: OpenSSF, SLSA, SBOM, and Sigstore Securing the Software Supply Chain: OpenSSF, SLSA, SBOM, and Sigstore

• OWASP Top 10 2025: A03 Software Supply Chain Failures (Beginner's Guide) OWASP Top 10 2025: A03 Software Supply Chain Failures (Beginner's Guide)

• SLSA Framework: The Definitive Guide for Securing Your Software Supply Chain SLSA Framework: The Definitive Guide for Securing Your Software Supply Chain

• Five Key Flaws Exploited in 2025's Software Supply Chain Incidents Five Key Flaws Exploited in 2025's Software Supply Chain Incidents

• Predictions for Open Source Security in 2025 | OpenSSF Predictions for Open Source Security in 2025 | OpenSSF

• Supply Chain Attacks in Q4 2025: From Isolated Incidents to Systemic Failure Modes Supply Chain Attacks in Q4 2025: From Isolated Incidents to Systemic Failure Modes

• Supply Chain Security in CI: SBOMs, SLSA, and Sigstore Supply Chain Security in CI: SBOMs, SLSA, and Sigstore

• SLSA - Supply-chain Levels for Software Artifacts SLSA - Supply-chain Levels for Software Artifacts

• A03 Software Supply Chain Failures - OWASP Top 10:2025 A03 Software Supply Chain Failures - OWASP Top 10:2025

Deserialization (+8)

• Unsafe Deserialization in Ruby | SecureFlag Unsafe Deserialization in Ruby | SecureFlag

• Analyzing Prerequisites of Known Deserialization Vulnerabilities on Java Applications Analyzing Prerequisites of Known Deserialization Vulnerabilities on Java Applications

• Insecure Deserialization: The Vulnerability That Gives Attackers RCE Insecure Deserialization: The Vulnerability That Gives Attackers RCE

• Ruby 2.x Universal RCE Deserialization Gadget Chain | elttam Ruby 2.x Universal RCE Deserialization Gadget Chain | elttam

• Insecure Deserialization Explained with Examples Insecure Deserialization Explained with Examples

• Now You Serial, Now You Don't — Systematically Hunting for Deserialization Exploits | Google Cloud Now You Serial, Now You Don't — Systematically Hunting for Deserialization Exploits | Google Cloud

• PayloadsAllTheThings - Java Deserialization Payloads PayloadsAllTheThings - Java Deserialization Payloads

• Insecure Deserialization | OWASP Insecure Deserialization | OWASP

API Security (+8)

• OWASP API Security Top 10 Explained | Salt Security OWASP API Security Top 10 Explained | Salt Security

• How To Prepare For An API Penetration Test How To Prepare For An API Penetration Test

• Awesome GraphQL Security - Curated List of Resources Awesome GraphQL Security - Curated List of Resources

• API Testing with Burp Suite: A Practical Guide API Testing with Burp Suite: A Practical Guide

• Top 6 API Pentesting Tools | Cobalt Top 6 API Pentesting Tools | Cobalt

• API Attack Awareness: BOLA - Why It Tops the OWASP API Top 10 API Attack Awareness: BOLA - Why It Tops the OWASP API Top 10

• OWASP API Security Top 10 OWASP API Security Top 10

• OWASP API Security Project | OWASP Foundation The API Security project focuses on strategies and solutions to understand and mitigate the unique vulnerabilities and security risks of Application Programming Interfaces (APIs)

---

Browse all resources at appsec.fyi | Changelog | Explore Topics