appsec.fyi · Sources

slideshare.net

7 curated AppSec resources from slideshare.net across 3 topics on appsec.fyi.

slideshare.net

Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2025-08-14.

XSS 3 Talks 2 XXE 2
Date Added Resource Excerpt
2025-08-14 2025The security phoenix - from the ashes of DEV-OPS Appsec California 20…TalksThe content seems to discuss the concept of security rising like a phoenix from the challenges faced in the realm of DevOps and application security at the Appsec California 2020 event. It likely explores how security measures can evolve and improve despite setbacks, drawing parallels to the mythical phoenix that rises from its ashes. The content may delve into strategies for enhancing security practices in the context of DevOps and application security.
2025-08-14 2025https://www.slideshare.net/ssuserf09cba/xxe-how-to-become-a-jediXXEThe content discusses how to become a "Jedi" in the context of XXE (XML External Entity) attacks. It covers the basics of XXE attacks, their impact, and how to prevent them. The presentation outlines steps to become proficient in identifying and mitigating XXE vulnerabilities, emphasizing the importance of understanding XML parsing and secure coding practices. It also provides practical examples and resources for further learning. Overall, the content aims to educate individuals on the risks associated with XXE attacks and empower them to enhance their cybersecurity skills in this area.
2025-08-14 2025XXE - XML External Entity AttackXXEXXE, or XML External Entity Attack, is a type of security vulnerability where an attacker can exploit the processing of XML data by including external entities that can disclose confidential information, execute remote code, or cause a denial of service. This attack can occur when an application processes XML input without proper validation and allows external entities to be included. Preventing XXE attacks involves disabling external entity processing, using whitelists for allowed entities, and validating input data to ensure it does not contain malicious XML entities.
2020-01-31 2020Purple is the new black: Modern Approaches to Application SecurityTalksThe content discusses modern approaches to application security, highlighting the concept that "purple is the new black." This phrase implies a shift towards a more comprehensive and integrated approach to security that combines traditional blue team (defenders) and red team (attackers) strategies. By adopting a "purple team" mindset, organizations can enhance their security posture by fostering collaboration between defensive and offensive security teams to better protect against cyber threats.
2018-07-30 2018Cross site scripting XSSXSSCross-Site Scripting (XSS) is a security vulnerability where attackers inject malicious scripts into web pages viewed by other users. This can lead to theft of sensitive data, session hijacking, or defacement of websites. XSS attacks can be stored, reflected, or DOM-based. Prevention methods include input validation, output encoding, and implementing Content Security Policy (CSP). Regular security audits and staying updated on security best practices are crucial to protect against XSS attacks.
2018-07-30 2018Cross Site Scripting ( XSS)XSSThe content is an introduction to Cross Site Scripting (XSS), a type of security vulnerability commonly found in web applications. XSS occurs when attackers inject malicious scripts into web pages viewed by other users. These scripts can steal sensitive information, manipulate content, or redirect users to malicious sites. Preventing XSS involves validating and sanitizing user input, encoding output, and implementing security measures like Content Security Policy (CSP). Understanding XSS is crucial for developers to protect websites and users from potential attacks.
2017-03-07 2017ng-owasp: OWASP Top 10 for AngularJS ApplicationsXSSThe content discusses the OWASP Top 10, a list of critical web application security risks, and how they apply to AngularJS applications. It explores security vulnerabilities specific to AngularJS, aiming to address and mitigate these risks. The focus is on understanding and implementing security measures to protect AngularJS applications from potential threats outlined in the OWASP Top 10 list.