Viktor Chuchurski @viktorot - Twitter Profile

9 months ago

a small hand in helping improve OSS projects. thanks @avelinorun for the quick and effective mitigation.

9 months ago

🚨Security Advisory🚨 Systemic SQL Injection vulnerability in pREST! Initial report details published: https://t.co/HcMp9PxE77 #Doyensec #AppSec #Security #PostgreSQL #SQLInjection

1

49

7

28

13K

1

2

0

556

viktorot retweeted

Doyensec @Doyensec

over 1 year ago

Make sure to catch @viktorot's presentation at No Hat this weekend! It's 11:45 in the "Technical track" : 🏁A Race to the Bottom🏁: Database Transactions Undermining Your AppSec #doyensec #appsec #DataSecurity #nohat

Doyensec's tweet photo. Make sure to catch @viktorot's presentation at No Hat this weekend! It's 11:45 in the "Technical track" :
🏁A Race to the Bottom🏁: Database Transactions Undermining Your AppSec

#doyensec #appsec #DataSecurity #nohat https://t.co/rzcjfkQwwX

0

2

1

0

430

viktorot retweeted

Clint Gibler @clintgibler

almost 2 years ago

↓ A Race to the Bottom How inadequate concurrency control in databases can lead to race condition bugs @owasp AppSec Lisbon talk by @doyensec's @viktorot 🛠️ Vulnerable Go app https://t.co/pWy1Vi2j0Q 📖 Slides https://t.co/AnyuYN1kxU +Semgrep rules https://t.co/2nDFrfbwnd

0

20

12

13

2K

viktorot retweeted

Doyensec @Doyensec

almost 2 years ago

We're proud our testing helps ensure the security of @ThinkstCanary's OSS Canary Tokens! As part of their transparency efforts, you can read the results of our latest round of testing here: https://t.co/JlzxQ6uEOO #doyensec #appsec #security #thinkst

Doyensec's tweet photo. We're proud our testing helps ensure the security of @ThinkstCanary's OSS Canary Tokens! As part of their transparency efforts, you can read the results of our latest round of testing here:

https://t.co/JlzxQ6uEOO

#doyensec #appsec #security #thinkst https://t.co/OmDGctuE3k

0

31

6

5

2K

Who to follow

Vladislav

@vvelkovski

Capitalist, investor, manager, educator and an entrepreneur in harmony with the environment and with the world

Milan Pecov

@milanpecov

Director of Engineering & Tech Founder @ https://t.co/nTfhFNPzXs

Viktor Chuchurski @viktorot

almost 2 years ago

@ottosulin @Doyensec @owasp it's always good practice to review documentation to see what the database providers and what first best for your application's use-case. there's unfortunately never a catch-all solution for these types of problems.

0

1

0

19

Viktor Chuchurski @viktorot

almost 2 years ago

@ottosulin @Doyensec @owasp the Postgres comment is absolutely correct. the table in the post shows how isolation levels impacted the example we used. 'Repeatable Read' or 'Snapshot Isolation' provided by Postgres is better than the 'Repeatable Read' per the SQL spec, but still below 'Serializable'.

1

2

0

21

Viktor Chuchurski @viktorot

almost 2 years ago

if your making heavy use of database transactions in your system, make sure that you properly handle concurrency control. head over to out blog and read about the details on how transactions are processed and what issues can arise in the worst case scenarios!

Doyensec @Doyensec

almost 2 years ago

Just posted! Check out our @viktorot's presentation on DB race conditions from @owasp's Global AppSec. Our latest post gives all the details, slides and a playground to test your skills at finding these issues! https://t.co/DaZLAoFqfK #doyensec #appsec #owasp #security

Doyensec's tweet photo. Just posted! Check out our @viktorot's presentation on DB race conditions from @owasp's Global AppSec. Our latest post gives all the details, slides and a playground to test your skills at finding these issues!

https://t.co/DaZLAoFqfK

#doyensec #appsec #owasp #security https://t.co/rIQ0gjbA5w

1

30

15

16

2K

1

5

2

0

392

Viktor Chuchurski @viktorot

almost 2 years ago

Stop by and learn how to escape client-side path traversals to CSRF. @maxenceschmitt @Doyensec #owasp #appsec

0

11

4

1

532

viktorot retweeted

Maxence SCHMITT @maxenceschmitt

almost 2 years ago

Don’t miss @viktorot’s talk at #OWASP Global Appsec.

1

2

1

0

201

viktorot retweeted

No Hat Con @nohatcon

almost 2 years ago

Let's welcome @viktorot in our lineup with his talk "A Race to the Bottom - Database Transactions Undermining Your AppSec". Congrats!

0

8

3

0

647

Viktor Chuchurski @viktorot

about 2 years ago

stop by and say hi!

Doyensec @Doyensec

about 2 years ago

Congrats to Doyensec's @maxenceschmitt and @viktorot for being selected to present at @OWASP's Global AppSec conference this June in Lisbon! https://t.co/bcGKroMZJZ #doyensec #appsec #owasp

Doyensec's tweet photo. Congrats to Doyensec's @maxenceschmitt and @viktorot for being selected to present at @OWASP's Global AppSec conference this June in Lisbon!

https://t.co/bcGKroMZJZ

#doyensec #appsec #owasp https://t.co/UQCQUAmLKt

0

14

3

0

1K

0

3

0

124

viktorot retweeted

Security Pills Newsletter @secpillsnews

about 3 years ago

💳 The case for improving crypto wallet security Research from @viktorot on phishing scams targeting crypto wallets and how their security can be improved 🧰 Check their PoC, a service to collect information on ETH Dapps: https://t.co/8MlfjOZUgv https://t.co/3GWCCcOK8S

secpillsnews's tweet photo. 💳 The case for improving crypto wallet security

Research from @viktorot on phishing scams targeting crypto wallets and how their security can be improved

🧰 Check their PoC, a service to collect information on ETH Dapps:
https://t.co/8MlfjOZUgv

https://t.co/3GWCCcOK8S https://t.co/Nj1asu3stw

1

7

1

603

viktorot retweeted

Doyensec @Doyensec

about 3 years ago

New advisory! @viktorot provides details on a CSRF protection bypass he discovered in Sveltekit. Ensure your apps are up-to-date. #doyensec #appsec #javascript #DevSecOps https://t.co/9CqTj8pOn4

Doyensec's tweet photo. New advisory! @viktorot provides details on a CSRF protection bypass he discovered in Sveltekit. Ensure your apps are up-to-date.

#doyensec #appsec #javascript #DevSecOps

https://t.co/9CqTj8pOn4 https://t.co/6UW8fuCNFu

0

16

7

2

3K

Viktor Chuchurski @viktorot

about 3 years ago

While crypto wallets are constantly improving, there is still more to be done. The post describes a potential wallet enhancement, which will provide users access to necessary information about the Dapp they’re using, helping them more easily weed out scam attempts.

Doyensec @Doyensec

about 3 years ago

Phishing scams targeting #crypto wallets are everywhere. In our latest blog post, @viktorot details one such attack and offers suggestions on how wallets can improve their security. #doyensec #appsec #phishing #infosec https://t.co/xxCjQ70NGy

Doyensec's tweet photo. Phishing scams targeting #crypto wallets are everywhere. In our latest blog post, @viktorot details one such attack and offers suggestions on how wallets can improve their security.
#doyensec #appsec #phishing #infosec

https://t.co/xxCjQ70NGy https://t.co/Y1JQXokoU4

0

9

0

1K

0

2

0

208

viktorot retweeted

Clint Gibler @clintgibler

over 3 years ago

📚 tl;dr sec 163 With great work from: @nicolas_frankel, @raesene, @Doyensec, @viktorot, @includesecurity, @8x5clPW2, @sethsec, @luketucker, @emtunc, @mihai, @Tailscale, @blastbots, @simonw, @mikepsecuritee, @DanielMiessler and more! https://t.co/LwjgLW6EK4

1

21

6

4

4K

viktorot retweeted

Doyensec @Doyensec

over 3 years ago

Announcing the release of `safeurl` - a library to help #golang devs "Build with Security"! This module provides tested & versatile protection against Server Side Request Forgery (SSRF)! Hurry and check it out! #doyensec #AppSec https://t.co/qbVeEHgIkm https://t.co/iJknyu32mB

Doyensec's tweet photo. Announcing the release of `safeurl` - a library to help #golang devs "Build with Security"! This module provides tested & versatile protection against Server Side Request Forgery (SSRF)! Hurry and check it out!

#doyensec #AppSec

https://t.co/qbVeEHgIkm
https://t.co/iJknyu32mB https://t.co/MfKSQDzPso

2

46

25

4

0

viktorot retweeted

Doyensec @Doyensec

over 3 years ago

The latest coordinated disclosure from our researchers (Norbert Szetei @73696e65 & Viktor Chuchurski @viktorot) details a SQLi and DoS via Prototype Pollution in #TypeORM! Time to update! More details: https://t.co/sQWGdWA3OW #doyensec #TypeScript #Electron #NodeJS #appsec

0

25

8

2

0

viktorot retweeted

Doyensec @Doyensec

about 4 years ago

We're here as sponsors of #BSidesSF! Come find us to chat about career opportunities, your next AppSec project or just for some fresh new swag!

Doyensec's tweet photo. We're here as sponsors of #BSidesSF! Come find us to chat about career opportunities, your next AppSec project or just for some fresh new swag! https://t.co/TMZ76RT2yb

0

11

1

0

Viktor Chuchurski @viktorot

over 5 years ago

@SonarSource I've implemented a small app that showcases the vulnerability. You can run it locally and play around with it. The app lives in this repo https://t.co/pNiO0JIKLd. I plan to implement all of the challenges in this format #CodeChallenge

0

1

0

Viktor Chuchurski @viktorot

almost 6 years ago

@gregorspagnolo @facyber_ @MicrosoftTeams I said nothing :)

1

0

Viktor Chuchurski

@viktorot

Who to follow

Last Seen Users on Sotwe

Trends for you

Most Popular Users