Carl Sampson

241 new appsec.fyi resources — SSRF (+12), AI (+10), API Security (+10), +22 more. appsec.fyi

Async IO in Python: A Complete Walkthrough – Real Python The content titled "Async IO in Python: A Complete Walkthrough" on Real Python likely provides a comprehensive guide on asyn… realpython.com/async-io-pytho… #appsec #Python

I've been building the iOS companion to appsec.fyi — bringing those 3,000+ curated application security resources to your phone. It's done! Mobile-first features: • Offline access to all articles and tools • Interactive topic explorer with 75+ connections • Built-in security glossary (48 terms) • Browse by 25+ topics (XSS, SQLi, SSRF, IDOR, RCE, etc.) • Background sync for new content Grab it here - apps.apple.com/app/id67622079…

I've been building appsec.fyi — a free curated library of application security resources. 2,600+ articles, tools, and writeups across 22 topics (XSS, SQLi, SSRF, IDOR, RCE, and more). Just added search + 6 new topics. Submissions welcome. appsec.fyi

I built csp-toolkit to parse and analyze Content Security Policy headers at scale. 21 checks, 79 bypass domains, full CLI + #Python API. pip install csp-toolkit Read more at - chs.us/2026/03/csp-to… #infosec #bugbounty #appsec #opensourcesecurity #csp

New post: Use-After-Free vulnerabilities — what they are, how they're exploited, and how to find them with ASan, libFuzzer, and CodeQL. Includes real CVEs from Chrome and the Linux kernel. chs.us/2026/03/use-af… #appsec #security #memorysafety

New post: CVE-2026-27696 — SSRF in changedetection.io via URL validation bypass. Default installs have no auth, and the server will happily fetch your AWS metadata endpoint. Root cause, attack scenario, and the TOCTOU problem most URL validators miss. chs.us/2026/02/ssrf-c…

I met @wtm_offensi years ago and so glad to see him getting a spotlight blog post. He’s a super talented researcher and overall great person to have a convo with. I highly suggest giving the blogpost a read!

“You don’t pick the bugs. The bugs pick you.” Meet Wouter (@wtm_offensi), Microsoft MVR and Zero Day Quest 2026 qualifier, and read his security research journey: msft.it/6016QHeaC

Day FOUR of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 5th Giveaway = FOUR seats to our ONE OF A KIND course on using AI to scale you as a Red, Blue, or Purple Teamer: !! Red Blue Purple AI !! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

Day TWO of FIVE days of celebrating our 2 year ARCANUM-VERSARY! @arcanuminfosec 3rd Giveaway = FOUR seats to our new course by @the_IDORminator "Zero to [BAC] Hero" ! 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries! Winners announced 1/21! Syllabus link below 👇

To help celebrate @arcanuminfosec Information Security's two-year anniversary, @Jhaddix gave me 5 codes good for any Arcanum course to give away! Winners will be announced on 1/22. 👍 1 Like = 1 Entry! ♻️ 1 Share = 2 Entries!

Just finished up a great first day at #AmericaFest!

Any chance of getting a picture with you at AmericaFest, @JesseBWatters? It’s my wife’s birthday this weekend and she chose for us all to go to Phoenix for her birthday! Would be a great birthday present. :)

@JesseBWatters - my wife and I are huge fans. Any chance she can get a picture at AmericaFest? She turns the big 5-0 on Sunday!

@vxunderground @mrd0x @MalDevAcademy I would love one.

Giveaway. Thank you @mrd0x for sponsoring this. We've got FIVE @MalDevAcademy vouchers. These vouchers are bundles. This vouchers give you: - Full access to malware source code database - Full access to malware development course Comment below for a chance to win.

Join me on Polymarket polymarket.us/5933