#appsec

Big thank you to our Platinum sponsor Clover Security!

Clover Security empowers product security teams with design-led AI agents that embed security into design and planning, making secure decisions instinctive for developers, product managers, and AI agents alike.

Want to sponsor OWASP BASC 2026, check out the site www.basconf.org

#owasp #basc #basc2026 #appsec

ZAST Agent has identified 14 vulnerabilities in pybbs (tomoya92/pybbs, 2.9k+ GitHub Stars).

The attack surface includes 8 XSS vectors, CSRF on admin endpoints, and CAPTCHA reuse. Traditional SAST, which focuses on pattern matching, does not analyze logic flaws like email bypass or multi-stage flows (Stored XSS via /api/settings).

Our engine verified every attack path—from payload persistence to triggering admin-level execution—via executable PoCs. This minimizes the triage effort required for these validated findings.

Repo: https://github.com/tomoya92/pybbs

Full Technical Details: https://blog.zast.ai/cybersecurity/product%20updates/When-Your-Forum-Has-More-Holes-Than-Swiss-Cheese-A-Case-Study-in-pybbs-Security/

#AppSec #ZAST #VulnerabilityResearch #Java #XSS

ZAST has disclosed a wide range of security flaws in the pybbs Java forum (2.9k+ Stars on GitHub).

Key Metrics:
- Total Vulnerabilities: 14
- Categories: Injection (XSS), Logic Flaws, Request Forgery (CSRF).
- Policy: Zero False Positives through Autonomous Verification.

These findings demonstrate the importance of semantic analysis in modern AppSec.

By verifying logic-based bypasses in CAPTCHA and email systems, ZAST.AI continues to provide actionable security insights for the open-source community and enterprise infrastructure.

Project Home: https://github.com/tomoya92/pybbs

Read the Advisory: https://blog.zast.ai/cybersecurity/product%20updates/When-Your-Forum-Has-More-Holes-Than-Swiss-Cheese-A-Case-Study-in-pybbs-Security/

#AppSec #ZAST #VulnerabilityResearch #Java #CyberSecurity

I'm looking for a senior software engineer to join my team working on securing Wikipedia and our other projects at Wikimedia Foundation. We've got a huge platform, a great mission and a team of passionate engineers and product managers working together with the community.

Wikipedia just celebrated its 25th birthday in January, and there's a lot of energy to take on big challenges. Come help us tackle them head-on!

Remote (UTC-5 to UTC+1)

Job: https://job-boards.greenhouse.io/wikimedia/jobs/7565171?gh_src=83nogelu1us

Team: https://www.mediawiki.org/wiki/Product_Safety_and_Integrity

#Fedihire #infosec #appsec #infosecjobs #wikimediafoundation #wikipedia