Olivia
Online
Ryan Armstrong
@ryarmst
Public health advocate. PhD Biomedical Eng. AppSec professional. Teach @fanshwecollege. AppSec YouTube:
London, Ontario
Joined September 2015
1.8K Following
3K Followers
12.2K Posts
@OreoB1scuit This is a solid series. You may also be interested in my related YouTube series: https://t.co/RDU4q7Edj7
@shakquraa You might be interested in my recent YouTube series: https://t.co/RDU4q7Edj7
@0xTib3rius There are additional possibilities with examples here: https://t.co/CPnxPEjbOg
Excited to welcome @ryarmst onto the @OWASP_ASVS working group!
As a long-time user and recent contributor, Ryan brings his insights in using ASVS for pen testing engagements to help us improve for version 5.0!
Who to follow
Timothy Caulfield 
@CaulfieldTim
Professor of health law and science policy, author, speaker, and TV host. #GoScience #ScienceUpFirst
Linktree: https://t.co/84fx65j5Gw
SkepticalRaptor
@skepticalraptor
Stalking pseudoscience in the internet jungle. With a little hockey and baseball.
Terry Polevoy, MD
@TerryPolevoy
Call me a secular humanist quackbuster up here in the frozen north, and I will buy all of you a coffee and a donut at any Tim Hortons.
The first ASVS Community Meetup was a great success! Thanks to @jit_io for the support!
We had great talks from @manicode, @dcuthbert, @joshcgrossman, @IreneMichlin and Alex S, and super interesting discussions.
Full details in our blog post:
https://t.co/CWtINGaoSQ
The sophistication levels of online scammers that are targeting individuals and families is hitting an all time level.
Just dealt with a friend that drained all their bank accounts, SIM cloning, and had full voice cloning (to remove accents + sound perfect) and kept them on phone as they depleted accounts.
Super methodical, well prepared, precise, and had all their prior breach data at hand. This wasn't your antivirus is out of date, this was starting off:
1. Well prepared pre-text using prior breach data as initial trust gainer.
2. Chase fraud services spoofed number with caller ID.
3. Directed them to a fake FTC 800 number to report claim.
4. Already knew all their bank accounts, SIM cloned to get one time pin, through carrier due to credential stuffing.
5. Delay them as bank accounts were depleted and locked out of accounts to not recall funds.
Definitely gave me the beekeeper movie vibes.
Chiropractors again banned from giving Australian babies spinal treatment. Canada should do the same. @ryarmst @picardonhealth @CaulfieldTim @VikCBC @NightShiftMD @ScienceBasedMed @MaryFernando_ https://t.co/IOx8s3oI47
Coming to the @OWASP ASVS Community Meetup at Global AppSec Lisbon?
We need your input!
What would you like to see/do at the meetup? Let us know by answering a few questions:
https://t.co/quXcVK37c5
@Scott_Helme @JoshCGrossman @OWASP_ASVS I don't think that's quite the case. I can think of scenarios where even following something like the "strict CSP" approach there could exist attacks that succeed without triggering a violation.
@Scott_Helme @JoshCGrossman @OWASP_ASVS @reporturi Of course, and I've never claimed reporting is not an important practice. We recommend it to clients as part of the process of deploying CSP. I just have not seen the evidence of violation reporting being effectively used to identify potential XSS attacks in practice.
@Scott_Helme @JoshCGrossman @OWASP_ASVS @reporturi Can you link the blog post? I have not seen many such cases reported/documented publicly, but I trust your account of it, thank you. Similarly, I have largely only seen clients using reports to refine their policies for functional reasons.
@Scott_Helme @JoshCGrossman @OWASP_ASVS There would, however, be situations where an attacker is not able to evaluate their own payloads in a controlled environment/browser (such as blind attacks).
@Scott_Helme @JoshCGrossman @OWASP_ASVS Assuming the attacker develops the attack in their own browser and app context, they can test/experiment without sending reports. If they can then develop a payload that works and does not trigger CSP, the attack proceeds with no violation logs from the full process.
@Scott_Helme @JoshCGrossman @OWASP_ASVS @Scott_Helme do you have available any case studies or data on orgs identifying and mitigating XSS vectors primarily from CSP violation reports?
@Scott_Helme @JoshCGrossman @OWASP_ASVS We have always recommended reporting regardless, but I've seen it more as a tool to properly deploy a CSP without breaking page functionality.
@Scott_Helme @JoshCGrossman @OWASP_ASVS How about this: have you observed instances of CSP violation reporting in the wild that has been used to identify and remediate a potential XXS vector in an app?
@Scott_Helme @JoshCGrossman @OWASP_ASVS As you say, the end goal is strengthening the CSP, but violations of the policy only capture what could already be blocked by a given policy. If I am misunderstanding, please describe how violation reports can help strengthen a CSP or identify actually effective attacks.
Last Seen Users on Sotwe
Big Gay Dick 🍆💦 | 170k |
Seen from Turkey
Enver Eren
Seen from Poland
Tombul şişman kadın severim
Seen from Turkey
x
SHEZADA BOY
Seen from Pakistan
GAVAT
Seen from Turkey
SISSY_TEST💦GEY TEST FOR QUEEN_GODDESS🥵
Seen from Belgium
Abner Abner
Seen from Guatemala
Seha Demir Sert
Seen from Turkey
𝑳𝒊𝒂𝒓𝒂 𝑻’𝒔𝒐𝒏𝒊 // active
Seen from United States
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers