Viktor Chuchurski

221 posts

Viktor Chuchurski

@viktorot

yes, no, maybe, i don't know. can you repeat the question?

Bitola, Macedonia Katılım Haziran 2010

440 Takip Edilen189 Takipçiler

Viktor Chuchurski@viktorot·19 Eyl

a small hand in helping improve OSS projects. thanks @avelinorun for the quick and effective mitigation.

Doyensec@Doyensec

🚨Security Advisory🚨 Systemic SQL Injection vulnerability in pREST! Initial report details published: github.com/prest/prest/se… #Doyensec #AppSec #Security #PostgreSQL #SQLInjection

English

552

Viktor Chuchurski retweetledi

Doyensec@Doyensec·17 Eki

Make sure to catch @viktorot's presentation at No Hat this weekend! It's 11:45 in the "Technical track" : 🏁A Race to the Bottom🏁: Database Transactions Undermining Your AppSec #doyensec #appsec #DataSecurity #nohat

English

426

Viktor Chuchurski retweetledi

Clint Gibler@clintgibler·23 Tem

↓ A Race to the Bottom How inadequate concurrency control in databases can lead to race condition bugs @owasp AppSec Lisbon talk by @doyensec's @viktorot 🛠️ Vulnerable Go app github.com/doyensec/db-ra… 📖 Slides doyensec.com/resources/Glob… +Semgrep rules blog.doyensec.com/2024/07/11/dat…

English

1.5K

Viktor Chuchurski retweetledi

Doyensec@Doyensec·23 Tem

We're proud our testing helps ensure the security of @ThinkstCanary's OSS Canary Tokens! As part of their transparency efforts, you can read the results of our latest round of testing here: doyensec.com/resources/Doye… #doyensec #appsec #security #thinkst

English

1.6K

Viktor Chuchurski@viktorot·16 Tem

@ottosulin @Doyensec @owasp it's always good practice to review documentation to see what the database providers and what first best for your application's use-case. there's unfortunately never a catch-all solution for these types of problems.

English

Viktor Chuchurski@viktorot·16 Tem

@ottosulin @Doyensec @owasp the Postgres comment is absolutely correct. the table in the post shows how isolation levels impacted the example we used. 'Repeatable Read' or 'Snapshot Isolation' provided by Postgres is better than the 'Repeatable Read' per the SQL spec, but still below 'Serializable'.

English

Doyensec@Doyensec·11 Tem

Just posted! Check out our @viktorot's presentation on DB race conditions from @owasp's Global AppSec. Our latest post gives all the details, slides and a playground to test your skills at finding these issues! blog.doyensec.com/2024/07/11/dat… #doyensec #appsec #owasp #security

English

2.4K

Viktor Chuchurski@viktorot·11 Tem

if your making heavy use of database transactions in your system, make sure that you properly handle concurrency control. head over to out blog and read about the details on how transactions are processed and what issues can arise in the worst case scenarios!

Doyensec@Doyensec

English

389

Viktor Chuchurski@viktorot·28 Haz

Stop by and learn how to escape client-side path traversals to CSRF. @maxenceschmitt @Doyensec #owasp #appsec

English

531

Viktor Chuchurski retweetledi

Maxence SCHMITT@maxenceschmitt·27 Haz

Don’t miss @viktorot’s talk at #OWASP Global Appsec.

English

201

Viktor Chuchurski retweetledi

No Hat Con@nohatcon·20 Haz

Let's welcome @viktorot in our lineup with his talk "A Race to the Bottom - Database Transactions Undermining Your AppSec". Congrats!

English

647

Viktor Chuchurski@viktorot·21 May

stop by and say hi!

Doyensec@Doyensec

Congrats to Doyensec's @maxenceschmitt and @viktorot for being selected to present at @OWASP's Global AppSec conference this June in Lisbon! lisbon.globalappsec.org #doyensec #appsec #owasp

English

124

Viktor Chuchurski retweetledi

Security Pills Newsletter@secpillsnews·11 Nis

💳 The case for improving crypto wallet security Research from @viktorot on phishing scams targeting crypto wallets and how their security can be improved 🧰 Check their PoC, a service to collect information on ETH Dapps: github.com/doyensec/walle… blog.doyensec.com//2023/03/28/wa…

English

603

Viktor Chuchurski retweetledi

Doyensec@Doyensec·6 Nis

New advisory! @viktorot provides details on a CSRF protection bypass he discovered in Sveltekit. Ensure your apps are up-to-date. #doyensec #appsec #javascript #DevSecOps doyensec.com/resources/Doye…

English

Viktor Chuchurski@viktorot·28 Mar

While crypto wallets are constantly improving, there is still more to be done. The post describes a potential wallet enhancement, which will provide users access to necessary information about the Dapp they’re using, helping them more easily weed out scam attempts.

Doyensec@Doyensec

Phishing scams targeting #crypto wallets are everywhere. In our latest blog post, @viktorot details one such attack and offers suggestions on how wallets can improve their security. #doyensec #appsec #phishing #infosec blog.doyensec.com/2023/03/28/wal…

English

208

Viktor Chuchurski retweetledi

Clint Gibler@clintgibler·5 Oca

📚 tl;dr sec 163 With great work from: @nicolas_frankel, @raesene, @Doyensec, @viktorot, @includesecurity, @8x5clPW2, @sethsec, @luketucker, @emtunc, @mihai, @Tailscale, @blastbots, @simonw, @mikepsecuritee, @DanielMiessler and more! tldrsec.com/blog/tldr-sec-…

English

3.9K

Viktor Chuchurski retweetledi

Doyensec@Doyensec·13 Ara

Announcing the release of `safeurl` - a library to help #golang devs "Build with Security"! This module provides tested & versatile protection against Server Side Request Forgery (SSRF)! Hurry and check it out! #doyensec #AppSec blog.doyensec.com/2022/12/13/saf… github.com/doyensec/safeu…

English

Viktor Chuchurski retweetledi

Doyensec@Doyensec·21 Eyl

The latest coordinated disclosure from our researchers (Norbert Szetei @73696e65 & Viktor Chuchurski @viktorot) details a SQLi and DoS via Prototype Pollution in #TypeORM! Time to update! More details: #83" target="_blank" rel="nofollow noopener">doyensec.com/research.html#… #doyensec #TypeScript #Electron #NodeJS #appsec

English

Viktor Chuchurski retweetledi

Doyensec@Doyensec·4 Haz

We're here as sponsors of #BSidesSF! Come find us to chat about career opportunities, your next AppSec project or just for some fresh new swag!

English

Viktor Chuchurski@viktorot·17 Ara

@SonarSource I've implemented a small app that showcases the vulnerability. You can run it locally and play around with it. The app lives in this repo github.com/viktorot/sonar…. I plan to implement all of the challenges in this format #CodeChallenge

English