Erlend Oftedal's Avatar

Erlend Oftedal

@webtonull.bsky.social

Security researcher at Crosspoint Labs. AppSec. Tweets are my own and do not express the opinion of my employer. OWASP. retire.js

1,528 Followers  |  164 Following  |  13 Posts  |  Joined: 28.08.2023  |  1.6005

Latest posts by webtonull.bsky.social on Bluesky

Reminder that the Call for Presentations for Sikkerhetsfestivalen (The Security Festival) is open. OWASP Oslo is hosting an AppSec track. Scroll down the page for English version:

sikkerhetsfestivalen.no/alle-nyheter...

10.02.2025 11:20 β€” πŸ‘ 1    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

The CFP for the developer conference NDC Oslo closes today. Security talks of course also very welcome.

ndcoslo.com/call-for-pap...

06.01.2025 07:26 β€” πŸ‘ 4    πŸ” 3    πŸ’¬ 0    πŸ“Œ 0
Post image Post image Post image

My latest blog post is live! Check your Ruby on Rails applications for the use of params[:_json]

nastystereo.com/security/rai...

10.12.2024 08:30 β€” πŸ‘ 34    πŸ” 14    πŸ’¬ 1    πŸ“Œ 2
Post image

πŸ“‘ OWASP Secure Headers Project: The "Response Headers" section has been updated with a series of very interesting blog posts about the "Cross-Origin-Embedder-Policy", "Cross-Origin-Opener-Policy" and "Cross-Origin-Resource-Policy" headers.

#appsec #appsecurity #oshp

πŸ“– owasp.org/www-project-...

06.12.2024 07:52 β€” πŸ‘ 25    πŸ” 6    πŸ’¬ 1    πŸ“Œ 1

It wasnt my work. I was just sharing the article.

19.11.2024 13:26 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Breaking Down Multipart Parsers: File upload validation bypass TL;DR: Basically, all multipart/form-data parsers fail to fully comply with the RFC, and when it comes to validating filenames or content uploaded by users, there are always numerous ways to bypass va...

Great read on bypassing upload filters:
blog.sicuranext.com/breaking-dow...

19.11.2024 08:10 β€” πŸ‘ 16    πŸ” 7    πŸ’¬ 0    πŸ“Œ 1

Best suggestion so far. Good find!

19.11.2024 04:10 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

See AllowedAADCharacters here: learn.microsoft.com/en-us/azure/...

18.11.2024 14:53 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Does anybody know why Microsoft is blocking the string ".@" in passwords in Azure AD B2C custom policy examples? It's not that they are blocking the individual characters, but that exact combination.

18.11.2024 14:51 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Call for Papers - NDC Security 2025 | Security Conference for Software Developers NDC Security 2025 is a 4-Day Event for Software Developers with a focus on Security. 20-23 January 2025 - Radisson Blu Scandinavia Hotel.

The CFP for NDC Security in Oslo, Norway is about to run out! Submit your talk today!

ndc-security.com/call-for-pap...

13.09.2024 07:37 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

hacker drake: you used to shell me on my call phone

11.03.2024 21:49 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Addition to headline Β«also I dont want toΒ»

23.01.2024 21:25 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Someone figured out how to do this back in March it seems: systemweakness.com/new-prompt-i...

19.10.2023 08:41 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0
Post image

Oh well...

19.10.2023 08:39 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

For people with more than one slack of varying importance, this grouping of the slacks is not a good design choice. I don't care if the least important slack has unreads. Now I have to click or hover to see which one it is.

13.09.2023 08:24 β€” πŸ‘ 5    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

@webtonull is following 20 prominent accounts