Olivia
Online
Appsecco
@appseccouk
The Application Security Company
London
Joined April 2015
135 Following
1.9K Followers
3.5K Posts
Honored to be featured in @CloudSecList Issue 320 🙌
Our vulnerable-mcp-servers-lab is a training ground for security professionals to learn pentesting MCP (Model Context Protocol) servers.
MCP is becoming the backbone of AI agent integrations.
Understanding its security gaps today means protecting your AI infrastructure tomorrow.
Try it out 👇
https://t.co/oVTGVoLyO9
#RedTeam #AISecurity #AppSec
We are open sourcing the vulnerable MCP servers we coded for the Pentesting MCP Servers workshop at BSides London.
Last Saturday, I ran a 4-hour hands-on workshop at Security BSides London teaching folks how to pentest MCP servers and AI agents.
To make it practical, I built a collection of intentionally vulnerable MCP servers covering real attack scenarios
- Injection vulnerabilities
- Auth bypass paths
- Misconfigured trust boundaries
- Hidden functionality exposure
- Prompt injection surfaces
The workshop sold out and the feedback was clear - people want reproducible labs they can break, learn from, and practice on.
So we're releasing the entire collection on our Appsecco’s GitHub later this week after some bug fixes.
This is for pentesters who want to understand MCP attack surfaces, product security engineers building with MCP, AI red teamers, and anyone who learns by breaking things in a safe environment.
Real vulnerabilities. Real exploitation. Reproducible locally.
Follow Appsecco to catch the release. We'll share setup guides, attack walkthroughs, and the updated MCP Pentesting Checklist v2.0 alongside it.
My contribution on the journey from Pentester to AI Red Teamer.
#pentesting #aisecurity #mcp #mcpsecurity
CVE-2025-55182 (React RCE) is now fully weaponized.
PoCs are out. Attackers are already scanning.
Here’s a quick demo showing how we detect and exploit the vulnerability using Burp Suite, including Active Scan Plus and a manual multipart payload.
If you’re running React Server Components or Next.js, patch today.
Don’t rely on LLM-generated fixes. Verify them.
#React #NextJS #AppSec #AISecurity
https://t.co/nTZUV9k2tN
Who to follow
Null Bangalore
@Nullblr
The Bangalore chapter of India's largest open security community, NULL @null0x00.
Payatu
@payatulabs
Research Powered Cybersecurity Services and Training. IoT | Embedded | mobile | cloud | Infra security. Organizers of @nullcon @hardwear_io
c0c0n2026
@_c0c0n_
kəˈkuːn
A 8-day hacking & cyber security conference • Since 2008 • Built by the community, for the community.
06 - 13 Oct 2026, The Grand Hyatt, Kochi, Kerala
Our Chief Hacker at Kloudle and Appsecco wants to know who in our connections uses #Kubernetes.
Quick poll in the post!
I fondly remember my first #kubernetes cluster pentest several years ago. Gained cluster admin by reading protected credentials using a binary planting/path confusion bug!
Fun times! 😎 🎊
I'm running a poll to know who in my connections is using Kubernetes in prod?
Continuing our series of IAM - Misconfigurations checkout the Part -2 By @mishr_a_nurag where he explains - how a misconfigured IAM policy can lead to privilege escalation.
Link: https://t.co/TwdJr7rf9M
Read up and share your thoughts.
#aws #cloudsecurity #awssecurity #infosec
Check out Bollina Bhagavan's @XCriminal_ new blog on "Getting shell and data access in AWS App Runner"
Read on and share your thoughts!
Link: https://t.co/1eIEiuZi3a
#aws #cloudsecurity #redteam #infosec #appsecco
Check out Varun Bhat's @evils0cket new blog on "Exploiting IAM security Misconfigurations — Part 1"
Read on and share your thoughts!
Stay tuned for part 2 of the blog.
Link: https://t.co/yLssGVYl0A
#aws #cloudsecurity #redteam #infosec #appsecco #awssecurity #IAM
Check out Bollina Bhagavan's @XCriminal_ new blog on "Finding Treasures in Github and Exploiting AWS for Fun and Profit - Part 2"
Read on and share your thoughts!
Link : https://t.co/2qgLK5vTVt
#aws #cloudsecurity #redteam #infosec #appsecco
Checkout Ratnakar Singh's @em_ratnakar blog on his "Internship Journey at Appsecco".
Link: https://t.co/fnaEd5IZOK
#appsecco #internship # infosec #cybersecurity
Limited seats only! I'll be doing a 2 day in person hands-on cloud security training titled "Breaking and Pwning Apps and Servers on #AWS and #GoogleCloud" @bsidesbangalore on June 6th-7th. Register now!
https://t.co/9My7pzXcSN
cc @appseccouk @Kloudleinc
Checkout Abhishek Birdawade's @abhhi3838 blog on "Gaining Experiences and Building Connections: My Internship Journey at Appsecco".
Link: https://t.co/snWcNtCrPu
#appsecco #internship #infosec #cybersecurity
We are offering our most requested training "Fundamentals of Web Application Hacking" by @swatskudva & @zerodaywo1f at @bsidesbangalore
If you're starting off in Appsec as a career option, sign up and learn from our AppSec Experts.
Register: https://t.co/rGpf5o0Z8W
#appsecco
We are offering our most loved training "Breaking and Pwning Apps and Servers on AWS & Google Cloud" by @riyazwalikar & @XCriminal_ at @bsidesbangalore
Hurry-up and register for the conference & training.
Register:
https://t.co/HpG46vQCC3
#appsecco #aws #gcp #infosec
Check out Bollina Bhagavan's @XCriminal_ new blog on "Finding Treasures in Github and Exploiting AWS for Fun and Profit"
Read on and share your thoughts!
Stay tuned for Part 2 of the blog.
Link: https://t.co/zNbRsryUIZ
#aws #cloudsecurity #redteam #infosec #appsecco
Discover and learn techniques to hacking apps with nosql backends in our latest post by @srkasthuri
Check out:
https://t.co/4ldHR0VjIY
#infosec #CybersecurityAwarenessMonth #appsecco #nosqlinjection #Pentesting
Please follow @InfosecJourneys on LinkedIn and Twitter. It is an one of a kind podcast and a deep dive into the mind of people who are moving mountains in Information Security.
DeTaTalks with @titanlambda, Security Storyteller EP4!
Welcome @_Shruthi_k, Podcaster at @InfosecJourneys | Customer Success Manager at @appseccouk| Co-founded infosecgirls 🎉
Thank you for interacting with us!
#NullconGoa2022 #infosec #cybersecurity #appsecco
At @appseccouk, we released our in-person class courseware for free on GitHub.
Will teach you a bunch of techniques
https://t.co/nMfit2W8Sw
cc @riyazwalikar
The next episode in our series of NULLCON diaries is out. If you weren't able to attend Nullcon or could attend only a few, here's your opportunity to find out what you missed.
https://t.co/qNqwppCqMS
#appsecco #appseccoatnullcon #infosec #techtalks
Last Seen Users on Sotwe
master hari
Seen from Indonesia
PECINTA IBU IBU
Seen from Singapore
UniHORNYCorny
Seen from India
tianyu
Seen from United States
Rubber_GG
Seen from United States
Cha Dượng Chơi Trai
Seen from Vietnam
Pasutri Fantasi
Seen from Indonesia
Pocket
Seen from Thailand
Persipura
Seen from Saudi Arabia
Funny video
Seen from Singapore
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers