https://ai-blog.noorshomelab.dev/tags/appsec/Recent content in AppSec on AI VOIDHugoenSun, 04 Jan 2026 00:00:00 +0000https://ai-blog.noorshomelab.dev/web-security-ethical-hacking-2026/chained-vulnerabilities/Sun, 04 Jan 2026 00:00:00 +0000https://ai-blog.noorshomelab.dev/web-security-ethical-hacking-2026/chained-vulnerabilities/<h2 id="introduction-beyond-single-flaws">Introduction: Beyond Single Flaws</h2> <p>Welcome back, future security master! In our previous chapters, we&rsquo;ve explored a wide array of individual web application vulnerabilities, from the common Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) to more complex issues like API abuse and authentication failures. You&rsquo;ve learned how to identify, understand, and even exploit these flaws in isolation. But what happens when an attacker doesn&rsquo;t stop at one vulnerability? What if they combine several seemingly minor issues to achieve a much greater, more devastating impact?</p>https://ai-blog.noorshomelab.dev/web-security-ethical-hacking-2026/threat-modeling-large-apps/Sun, 04 Jan 2026 00:00:00 +0000https://ai-blog.noorshomelab.dev/web-security-ethical-hacking-2026/threat-modeling-large-apps/<h2 id="introduction-to-proactive-security-with-threat-modeling">Introduction to Proactive Security with Threat Modeling</h2> <p>Welcome to Chapter 15! So far, we&rsquo;ve explored many fascinating (and sometimes scary!) attack techniques and learned how to defend against them. But what if we could catch potential vulnerabilities <em>before</em> any code is even written, or at least very early in the development cycle? That&rsquo;s where <strong>Threat Modeling</strong> comes in.</p> <p>In this chapter, we&rsquo;re going to dive deep into threat modeling, a structured approach to identifying potential threats, vulnerabilities, and countermeasures within an application or system. For large-scale applications, with their intricate microservices, APIs, and distributed components, proactive security is not just a best practice—it&rsquo;s a necessity. We&rsquo;ll learn how to systematically break down complex systems, identify potential attack vectors, and design security controls right from the start.</p>https://ai-blog.noorshomelab.dev/guides/web-app-security-dev-guide/Sun, 04 Jan 2026 00:00:00 +0000https://ai-blog.noorshomelab.dev/guides/web-app-security-dev-guide/<h2 id="welcome-aspiring-secure-web-developer">Welcome, Aspiring Secure Web Developer!</h2> <p>Have you ever wondered how hackers find weaknesses in web applications? Or how to build your own applications so robustly that they shrug off common attacks? This guide is your answer!</p> <h3 id="what-is-this-guide-about">What is This Guide About?</h3> <p>This comprehensive learning guide is designed for web developers who want to elevate their skills by mastering web application security and adopting an ethical hacking mindset. We&rsquo;ll start from the very foundations, understanding how attackers think and how to proactively identify vulnerabilities through threat modeling. From there, we&rsquo;ll dive deep into the notorious OWASP Top 10, dissecting each vulnerability, learning its internal mechanisms, and, most importantly, practicing how to safely reproduce and prevent them in hands-on demo projects.</p>