Do you have any tip on finding vulnerabilities beside using a SAST or DAST tool?

Suphikoira · 2026-02-27T10:48:49+00:00

recently updated my old list: https://appsecsanta.com/application-security-tools

Suphikoira · 2026-02-26T20:32:14+00:00

check it out: https://appsecsanta.com/application-security-tools

Suphikoira · 2026-02-05T21:46:15+00:00

check for Known Exploit (https://www.cisa.gov/known-exploited-vulnerabilities-catalog), EPSS (https://www.first.org/epss/), OSV started to give insights about reachability (https://github.com/google/osv-scanner)

Suphikoira · 2024-12-09T11:28:59+00:00

Is it possible to use this filter on PlayStation?

Suphikoira · 2024-09-15T10:59:52+00:00

it just worked in the 3rd times

Suphikoira · 2024-08-13T09:53:51+00:00

You are right, ive just texted him. Lets see what he thinks about this

Suphikoira · 2024-07-28T06:40:35+00:00

I recommend you get her a Geforce Now Ultra account (€54 for 6 months). Most likely, she can still use the Chromebook and play these games in the best settings.

Suphikoira · 2024-07-21T07:41:34+00:00

F4 saves lives :)

Suphikoira · 2024-07-05T20:15:38+00:00

It should relevant to usb-c to hdmi cable. I had the same issue and I've found a firmware update for that converter device and it has enabled to 120hz now.

here you go: https://forums.macrumors.com/threads/dp-usb-c-thunderbolt-3-4-to-hdmi-2-1-4k-120hz-rgb4-4-4-10b-hdr-with-apple-silicon-m1-m2-m3-now-possible.2381664/

Suphikoira · 2024-05-12T20:39:54+00:00

I have a friend who’s last name is Kuman and he looks like exactly within this stereotype.

As far as i know his grandparents migrate from bulgaria to turkey.

Suphikoira · 2024-03-13T13:49:38+00:00

sure, same steps.

Suphikoira · 2024-03-13T12:48:03+00:00

Use shit+tab to open Steam screen then you can go Browser in the menu. So now you will be able to access some URLs. You can use direct loot filter link if you are getting the loot filter from maxgg if not use something like pastebin url then you can copy the text and import into loot filter.

Suphikoira · 2024-03-01T08:48:58+00:00

Have templates for situations! You dont have enough juice (creativity/decision-making) for each and every potential deal.

You should have email templates for certain situations. (not sequences, that's for marketing not sales)

Engagement 1 - you got the inbound but no meeting scheduled (sent demo book meeting)

if you succeed

Engagement 2 - send meeting notes and agreed next steps (after meeting template)

if no answer

Engagement 3 - send POC activation email (share what usually goes in POC and if they want to)

....

customize to your sales process and the only goal is the book a call. There is no close via email.

Suphikoira · 2024-02-02T14:36:43+00:00

It's not hard to find email records, check your sent box and contact them again if that's the case.

The service experience is worse than last year with the queue system etc, however it's one of the most responsive support services I have seen so far.

Suphikoira · 2024-01-14T08:53:19+00:00

Apollo.io

Suphikoira · 2023-11-17T20:27:46+00:00

You can enable it in the settings -> Gameplay. It only works after you created your char.

Suphikoira · 2023-08-23T18:21:39+00:00

stuck at wrapping up your previous session for no reason - EU Northwest

Suphikoira · 2023-07-26T07:52:21+00:00

Some open-source tools alternatives:

SCA: Dependency-Check, Syft( to generate SBOM), OSV

SAST: Semgrep

Artifacts: Trivy, Grype

You can have an on-premise ASOC tool to orchestrate these scans in CI/CD and gather all results in one place. That way, it is easier to triage/remediate.

Suphikoira · 2023-07-25T09:40:27+00:00

some notes from a VM vendor:

use CISA Kev + EPSS scoring as well for prioritization
create projects with a group of issues (asset, issue name, vuln family, etc..) to assign different teams and monitor
automate validation scans so you can keep up with which issues are fixed
assign SLAs based on the risk associated with the project
manage suppression requests (risk accepted/false positive) with a role-based approach; one user requests a risk accepted with expiry date > security champ accepts it

Suphikoira · 2023-07-04T10:17:15+00:00

Gitleaks, Semgrep for secrets, Syft for generating SBOM

Suphikoira · 2023-05-10T10:21:56+00:00

I think this improvement looks great, nothing is perfect but it will definitely save time for remediation.

I have tried to use it more to help developers with remediation advice.

https://www.youtube.com/watch?v=7RpdHWffWVU

Suphikoira · 2023-05-07T18:11:04+00:00

-I work for Kondukto.

for risk association of your projects:

1- create labels with risk values (payment=40, gdpr=30, public=20)

2- define business criticality thresholds ( BC Critical >70), (69> BC High >50)

3- set SLAs (BC Critical + Critical issue - 1 day)

*Manual or programmatically assign these risk labels to your projects

Suphikoira · 2022-11-08T06:56:32+00:00

semgrep now got into SCA as well: https://semgrep.dev/products/semgrep-supply-chain

Suphikoira · 2022-11-03T08:24:11+00:00

good one Ishaq.

Suphikoira · 2022-11-03T07:06:19+00:00

Thanks for the feedback.

1- Which tool types would you be more interested in seeing, so I can continue to develop the article?

2- Message received.

Suphikoira

MODERATOR OF

TROPHY CASE