Followup links for OWASP Global AppSec DC 2023

less than 1 minute read

Assorted links for OWASP Global AppSec DC 2023:

OWASP No-Code / Low-Code Top 10
powerpwn

Other talks (slides and source code)

All You Need is Guest @ BlackHat USA 2023
Sure, Let Business Users Build Their Own. What Could Go Wrong? @ BlackHAt USA 2023
Low Code High Risk: Enterprise Domination via Low Code Abuse @ DEFCON30
No-Code Malware: Windows 11 At Your Service @ DEFCON30

Share on

X Facebook LinkedIn Bluesky

There Is Nothing Responsible About Disclosure Of Every Successful Prompt Injection

2 minute read

The InfoSec community is strongest when it can collaborate openly. Few organizations can fend off sophisticated attacks alone—and even they sometimes fail. I...

AIjacking Goes Beyond Prompt Injection

3 minute read

Naming is powerful. An excellent name does more than frame the problem, it hints at ownership, solutions, and urgency to address it. In a very real sense, t...

Very Important Instructions

less than 1 minute read

This is a boring blog post. At least for humans.

Safe Web Browsing for Copilots

1 minute read

Allowing a copilot to search the web at will is extremely dangerous. Here are two somewhat-understood vulnerabilities and how to mitigate them. Note: this is...

Michael Bargury