In the ever-evolving world of cybersecurity, certifications are often seen as milestones that mark one's journey from novice to expert. Among the myriad of certifications available, OffSec Web Expert (OSWE) stands out as one of the most challenging and respected. If you're considering pursuing OSWE, or if you're simply curious about what it entails, this review is for you. What is OSWE? OSWE, or OffSec Web Expert, is an advanced certification offered by OffSec, a renowned organization in the cybersecurity community. The certification is aimed at professionals who want to demonstrate their expertise in conducting white-box penetration testing on web applications. Unlike black-box penetration testing, where the tester has no prior knowledge of the target, white-box testing involves having access to the application's source code, allowing for a more thorough and in-depth analysis. The OSWE certification is not just another feather in your cap; it's a rigorous test of
CVE-2024-37900: XSS through Attachment Filename in XWiki Uploader In the world of cybersecurity, finding vulnerabilities isn't just about identifying problems — it's about making systems safer for everyone. Recently, I discovered a Cross-Site Scripting (XSS) vulnerability in XWiki, an open-source wiki platform. This post explains CVE-2024-37900, how it works, its implications, and the importance of contributing to open-source communities. What is XWiki? XWiki is a free and open-source wiki software platform written in Java, designed for extensibility and enterprise use. It features WYSIWYG editing, document import/export, annotations, tagging, and advanced permissions management. XWiki supports storing structured data and executing server-side scripts in languages like Velocity, Apache Groovy, Python, Ruby, and PHP within wiki pages. Users can define custom data structures, attach them to documents, and query them using XWiki's query language. Its robust extension ecosyst