Meet Joshua, the insightful Research Engineer and Ethical Hacker who loves to decode the mysteries of online safety and web development. With a sharp focus on cybersecurity and tech solutions, he balances detailed analyses with practical applications, all while advocating for best practices in digital security. His tweets are a mix of tech tips, personal projects, and thoughtful inquiries—perfect for those diving into the world of coding and cybersecurity!
Joshua: the only guy I know who thinks posting a 163-line code snippet is a great way to connect with people. Your tweets need more emojis and fewer 'Did you know about SSRF?' moments. Let's spice it up, shall we?
One of Joshua's biggest wins was initiating a Cybersecurity Software Directory, reaching 20 entries in a single day—showing his commitment to sharing valuable resources with the community!
He believes in the power of knowledge-sharing, continuous learning, and the significance of ethical standards in the tech industry. Joshua values transparency and cooperation as key elements in building safer digital spaces.
Joshua's biggest strengths are his analytical skills, problem-solving capabilities, and a knack for simplifying complex technical concepts, which makes him a valuable resource for anyone seeking cybersecurity guidance.
However, he may tend to get too deep into the technical rabbit hole, occasionally leaving his audience confused rather than enlightened—a reminder to keep things accessible and engaging.
To grow his audience on X, Joshua should engage more with followers through polls, questions, and interactive content. Sharing behind-the-scenes of his projects and asking for input could foster community involvement and encourage more discussions.
Fun fact: Joshua recently built a landing page for his wife's nutrition coaching business in under three hours, showcasing not just his tech skills but his dedicated support for her entrepreneurial journey!
Thank you @zalkazemi, so valuable !
Like last week, it's easier for me to convert the video into text and then create an action plan, super easy to do with OpenAI Whisper
I grow YouTube channels. 10 billion+ views generated. 10+ years of experience. Worked w: @Jesser@MrBeast@RedBull & many more. Building a YouTube accelerator.
{"data":{"__meta":{"device":false,"path":"/creators/MRTSec"},"/creators/MRTSec":{"data":{"user":{"created_at":"Wed Jan 31 08:37:06 +0000 2024","default_profile":true,"default_profile_image":false,"description":"Research Engineer | Ethical Hacker | https://t.co/CNOqb5ohFp |\n\n☎️ Need a security expert ? DM","entities":{"description":{"urls":[{"display_url":"cybersecurity-software.com","expanded_url":"http://cybersecurity-software.com","url":"https://t.co/CNOqb5ohFp","indices":[37,60]}]},"url":{"urls":[{"display_url":"mrtsec.xyz","expanded_url":"https://mrtsec.xyz/","url":"https://t.co/DZMnA0qO3w","indices":[0,23]}]}},"fast_followers_count":0,"favourites_count":139,"followers_count":74,"friends_count":36,"has_custom_timelines":false,"is_translator":false,"listed_count":2,"location":"","media_count":23,"name":"Joshua","normal_followers_count":74,"pinned_tweet_ids_str":["1849734608864018820"],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/1752611915988160513/1725272842","profile_image_url_https":"https://pbs.twimg.com/profile_images/1845789866669252610/bvhMRBSj_normal.jpg","profile_interstitial_type":"","screen_name":"MRTSec","statuses_count":201,"translator_type":"none","url":"https://t.co/DZMnA0qO3w","verified":false,"withheld_in_countries":[],"id":"1752611915988160513"},"details":{"type":"The Analyst","description":"Meet Joshua, the insightful Research Engineer and Ethical Hacker who loves to decode the mysteries of online safety and web development. With a sharp focus on cybersecurity and tech solutions, he balances detailed analyses with practical applications, all while advocating for best practices in digital security. His tweets are a mix of tech tips, personal projects, and thoughtful inquiries—perfect for those diving into the world of coding and cybersecurity!","purpose":"Joshua's life purpose revolves around empowering individuals and companies to achieve digital safety while promoting ethical practices in technology.","beliefs":"He believes in the power of knowledge-sharing, continuous learning, and the significance of ethical standards in the tech industry. Joshua values transparency and cooperation as key elements in building safer digital spaces.","facts":"Fun fact: Joshua recently built a landing page for his wife's nutrition coaching business in under three hours, showcasing not just his tech skills but his dedicated support for her entrepreneurial journey!","strength":"Joshua's biggest strengths are his analytical skills, problem-solving capabilities, and a knack for simplifying complex technical concepts, which makes him a valuable resource for anyone seeking cybersecurity guidance.","weakness":"However, he may tend to get too deep into the technical rabbit hole, occasionally leaving his audience confused rather than enlightened—a reminder to keep things accessible and engaging.","roast":"Joshua: the only guy I know who thinks posting a 163-line code snippet is a great way to connect with people. Your tweets need more emojis and fewer 'Did you know about SSRF?' moments. Let's spice it up, shall we?","win":"One of Joshua's biggest wins was initiating a Cybersecurity Software Directory, reaching 20 entries in a single day—showing his commitment to sharing valuable resources with the community!","recommendation":"To grow his audience on X, Joshua should engage more with followers through polls, questions, and interactive content. Sharing behind-the-scenes of his projects and asking for input could foster community involvement and encourage more discussions."},"tweets":[{"bookmarked":false,"display_text_range":[0,273],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/YUlf70RtC3","expanded_url":"https://x.com/MRTSec/status/1844352905408557543/photo/1","ext_alt_text":"Landing page final result","id_str":"1844350770889535502","indices":[274,297],"media_key":"3_1844350770889535502","media_url_https":"https://pbs.twimg.com/media/GZhzQRwWsA4UUXY.png","type":"photo","url":"https://t.co/YUlf70RtC3","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":1849,"w":1011,"resize":"fit"},"medium":{"h":1200,"w":656,"resize":"fit"},"small":{"h":680,"w":372,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":1849,"width":1011,"focus_rects":[{"x":0,"y":0,"w":1011,"h":566},{"x":0,"y":0,"w":1011,"h":1011},{"x":0,"y":0,"w":1011,"h":1153},{"x":43,"y":0,"w":925,"h":1849},{"x":0,"y":0,"w":1011,"h":1849}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1844350770889535502"}}},{"display_url":"pic.x.com/YUlf70RtC3","expanded_url":"https://x.com/MRTSec/status/1844352905408557543/photo/1","ext_alt_text":"Webstudio protype screenshot","id_str":"1844350899059130378","indices":[274,297],"media_key":"3_1844350899059130378","media_url_https":"https://pbs.twimg.com/media/GZhzXvOXgAoK15X.jpg","type":"photo","url":"https://t.co/YUlf70RtC3","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":540,"w":2025,"resize":"fit"},"medium":{"h":320,"w":1200,"resize":"fit"},"small":{"h":181,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":540,"width":2025,"focus_rects":[{"x":581,"y":0,"w":964,"h":540},{"x":793,"y":0,"w":540,"h":540},{"x":826,"y":0,"w":474,"h":540},{"x":928,"y":0,"w":270,"h":540},{"x":0,"y":0,"w":2025,"h":540}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1844350899059130378"}}},{"display_url":"pic.x.com/YUlf70RtC3","expanded_url":"https://x.com/MRTSec/status/1844352905408557543/photo/1","ext_alt_text":"ChatGPT Prompt","id_str":"1844350948182790166","indices":[274,297],"media_key":"3_1844350948182790166","media_url_https":"https://pbs.twimg.com/media/GZhzamOXEBYhILE.jpg","type":"photo","url":"https://t.co/YUlf70RtC3","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":964,"w":1191,"resize":"fit"},"medium":{"h":964,"w":1191,"resize":"fit"},"small":{"h":550,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":964,"width":1191,"focus_rects":[{"x":0,"y":0,"w":1191,"h":667},{"x":24,"y":0,"w":964,"h":964},{"x":83,"y":0,"w":846,"h":964},{"x":265,"y":0,"w":482,"h":964},{"x":0,"y":0,"w":1191,"h":964}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1844350948182790166"}}},{"display_url":"pic.x.com/YUlf70RtC3","expanded_url":"https://x.com/MRTSec/status/1844352905408557543/photo/1","ext_alt_text":"Stackblitz - Bolt code export","id_str":"1844351023097282573","indices":[274,297],"media_key":"3_1844351023097282573","media_url_https":"https://pbs.twimg.com/media/GZhze9TXgA0kjEh.jpg","type":"photo","url":"https://t.co/YUlf70RtC3","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":917,"w":1770,"resize":"fit"},"medium":{"h":622,"w":1200,"resize":"fit"},"small":{"h":352,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":917,"width":1770,"focus_rects":[{"x":0,"y":0,"w":1638,"h":917},{"x":293,"y":0,"w":917,"h":917},{"x":349,"y":0,"w":804,"h":917},{"x":522,"y":0,"w":459,"h":917},{"x":0,"y":0,"w":1770,"h":917}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1844351023097282573"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[{"id_str":"1060211667215118341","name":"Namya @ Supafast","screen_name":"namyakhann","indices":[799,810]},{"id_str":"2279695508","name":"StackBlitz","screen_name":"stackblitz","indices":[1634,1645]},{"id_str":"2279695508","name":"StackBlitz","screen_name":"stackblitz","indices":[2326,2337]}]},"extended_entities":{"media":[{"display_url":"pic.x.com/YUlf70RtC3","expanded_url":"https://x.com/MRTSec/status/1844352905408557543/photo/1","ext_alt_text":"Landing page final result","id_str":"1844350770889535502","indices":[274,297],"media_key":"3_1844350770889535502","media_url_https":"https://pbs.twimg.com/media/GZhzQRwWsA4UUXY.png","type":"photo","url":"https://t.co/YUlf70RtC3","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":1849,"w":1011,"resize":"fit"},"medium":{"h":1200,"w":656,"resize":"fit"},"small":{"h":680,"w":372,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":1849,"width":1011,"focus_rects":[{"x":0,"y":0,"w":1011,"h":566},{"x":0,"y":0,"w":1011,"h":1011},{"x":0,"y":0,"w":1011,"h":1153},{"x":43,"y":0,"w":925,"h":1849},{"x":0,"y":0,"w":1011,"h":1849}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1844350770889535502"}}},{"display_url":"pic.x.com/YUlf70RtC3","expanded_url":"https://x.com/MRTSec/status/1844352905408557543/photo/1","ext_alt_text":"Webstudio protype screenshot","id_str":"1844350899059130378","indices":[274,297],"media_key":"3_1844350899059130378","media_url_https":"https://pbs.twimg.com/media/GZhzXvOXgAoK15X.jpg","type":"photo","url":"https://t.co/YUlf70RtC3","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":540,"w":2025,"resize":"fit"},"medium":{"h":320,"w":1200,"resize":"fit"},"small":{"h":181,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":540,"width":2025,"focus_rects":[{"x":581,"y":0,"w":964,"h":540},{"x":793,"y":0,"w":540,"h":540},{"x":826,"y":0,"w":474,"h":540},{"x":928,"y":0,"w":270,"h":540},{"x":0,"y":0,"w":2025,"h":540}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1844350899059130378"}}},{"display_url":"pic.x.com/YUlf70RtC3","expanded_url":"https://x.com/MRTSec/status/1844352905408557543/photo/1","ext_alt_text":"ChatGPT Prompt","id_str":"1844350948182790166","indices":[274,297],"media_key":"3_1844350948182790166","media_url_https":"https://pbs.twimg.com/media/GZhzamOXEBYhILE.jpg","type":"photo","url":"https://t.co/YUlf70RtC3","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":964,"w":1191,"resize":"fit"},"medium":{"h":964,"w":1191,"resize":"fit"},"small":{"h":550,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":964,"width":1191,"focus_rects":[{"x":0,"y":0,"w":1191,"h":667},{"x":24,"y":0,"w":964,"h":964},{"x":83,"y":0,"w":846,"h":964},{"x":265,"y":0,"w":482,"h":964},{"x":0,"y":0,"w":1191,"h":964}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1844350948182790166"}}},{"display_url":"pic.x.com/YUlf70RtC3","expanded_url":"https://x.com/MRTSec/status/1844352905408557543/photo/1","ext_alt_text":"Stackblitz - Bolt code export","id_str":"1844351023097282573","indices":[274,297],"media_key":"3_1844351023097282573","media_url_https":"https://pbs.twimg.com/media/GZhze9TXgA0kjEh.jpg","type":"photo","url":"https://t.co/YUlf70RtC3","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":917,"w":1770,"resize":"fit"},"medium":{"h":622,"w":1200,"resize":"fit"},"small":{"h":352,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":917,"width":1770,"focus_rects":[{"x":0,"y":0,"w":1638,"h":917},{"x":293,"y":0,"w":917,"h":917},{"x":349,"y":0,"w":804,"h":917},{"x":522,"y":0,"w":459,"h":917},{"x":0,"y":0,"w":1770,"h":917}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1844351023097282573"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1844352905408557543","view_count":1983,"bookmark_count":5,"created_at":1728562973000,"favorite_count":11,"quote_count":1,"reply_count":0,"retweet_count":2,"user_id_str":"1752611915988160513","conversation_id_str":"1844352905408557543","full_text":"Ever wondered how to build a landing page in just 3 hours, even if you've never done it before ? 🤔\nLet me show you how I did it for my wife's nutrition coaching business 👇\n\nMy wife want to start her nutrition coaching business, mainly focusing on people with (high) fitness goals. Besides being incredibly talented, she has a natural gift for understanding and helping others. \n\nTo help her succeed, she needs to get her name out there, which means building a landing page. I thought this would be a nightmare, but surprisingly, it only took less than 3 hours. Here’s how:\n\nFirst off, here’s the final result (web version):\n\nHaving never made one before, I needed to understand what's necessary to create something that captures users and converts them into clients. \n\nAfter a quick search, I found @namyakhann's account, which is a masterclass on the subject. Their pinned tweet was exactly what I needed, a clear visual guide on creating a high-converting landing page.\n\nThe most recommended tools for creating landing pages are Framer and Webflow, but neither allows exporting code. \nAs a developer, I prefer the freedom to change platforms and make manual modifications if needed. \n\nWebstudio is an alternative that allows code export. Although not in my preferred language, I gave it a shot and had a basic start in 30 minutes.\n\nBut there was a big problem: it wasn't responsive, and I figured most potential clients would view the site on smartphones. Not wanting to learn Webstudio in-depth, I decided to go manual with AI assistance. \n\nI put three tools to the test:\n - Claude 3.5 Sonnet\n - ChatGPT o1-preview\n - Bolt from @stackblitz I'd just heard about it on Twitter\n\nThe goal was to give the same initial prompt to all three, work on site components, keep the best option each time, and iterate.\nMy prompt wasn't crucial, but the two input images were : \n - The anatomy of a high-converting landing page and \n - My Webstudio screenshot (for colors).\n\nIn less than 15 minutes, I had my landing page. Bolt did 95% of the work, outperforming in every aspect. \n\nThe big plus? I didn't even need to pay. The only downside was that I asked for HTML code (and selected this project type) but ended up with a React project. I'll let that slide. Also, I didn't mention it, but the site is perfectly responsive, thanks @stackblitz\n\nI know the site isn't perfect and I didn't follow all the guidelines. I think one big missing point will be adding the demo video in the \"main content\". Apart from simply having a video, I think it also adds a visual element that should speak directly to the customer.\nThere are also all the code optimizations with the right meta tags etc...\n\nHowever, for me it's an excellent start that we can always continue to improve, either on our own, or by serving as a basis for a professional to do better.\n\nI'd also like to point out that all the texts / reviews are AI generated and will be changed before the site is released 😄\n\nFor the rest, if you have any suggestions, I'd love to hear them ! ❤️","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,275],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/xaTAdcSPAE","expanded_url":"https://x.com/MRTSec/status/1851985360219185322/photo/1","id_str":"1851982759935303680","indices":[276,299],"media_key":"3_1851982759935303680","media_url_https":"https://pbs.twimg.com/media/GbOQgggXYAAD7YW.png","type":"photo","url":"https://t.co/xaTAdcSPAE","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":402,"w":810,"resize":"fit"},"medium":{"h":402,"w":810,"resize":"fit"},"small":{"h":337,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":402,"width":810,"focus_rects":[{"x":0,"y":0,"w":718,"h":402},{"x":0,"y":0,"w":402,"h":402},{"x":0,"y":0,"w":353,"h":402},{"x":41,"y":0,"w":201,"h":402},{"x":0,"y":0,"w":810,"h":402}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851982759935303680"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/xaTAdcSPAE","expanded_url":"https://x.com/MRTSec/status/1851985360219185322/photo/1","id_str":"1851982759935303680","indices":[276,299],"media_key":"3_1851982759935303680","media_url_https":"https://pbs.twimg.com/media/GbOQgggXYAAD7YW.png","type":"photo","url":"https://t.co/xaTAdcSPAE","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":402,"w":810,"resize":"fit"},"medium":{"h":402,"w":810,"resize":"fit"},"small":{"h":337,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":402,"width":810,"focus_rects":[{"x":0,"y":0,"w":718,"h":402},{"x":0,"y":0,"w":402,"h":402},{"x":0,"y":0,"w":353,"h":402},{"x":41,"y":0,"w":201,"h":402},{"x":0,"y":0,"w":810,"h":402}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851982759935303680"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1851985360219185322","view_count":1422,"bookmark_count":5,"created_at":1730382692000,"favorite_count":10,"quote_count":2,"reply_count":4,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1851985360219185322","full_text":"6⃣ [PART 6] What is Web Application Security ?\n\nI've observed that many of you have a SaaS that requires the user to provide a URL and a request is made to the website.\n\nBut without the right practices, you're exposing yourself to a very dangerous vulnerability.\n\nServer-Side Request Forgery (SSRF)\n--------------------------------\n\nAn SSRF occurs when an attacker can make your server perform requests to unintended locations. It's like tricking your server into becoming a proxy to access internal services or private networks.\n\nThere are several types of SSRF, but for this post we'll concentrate on the “basic” one.\n\n► Your service requests a URL from the user\n► The backend makes the request and displays the response\n\nWithout protection, it is therefore possible to interrogate internal resources and retrieve sensitive information.\n\nIt's even worse in cloud environments: on AWS, for example, it's possible to retrieve IAM credentials, and then it's party time for the attacker.\n\nDepending on the logic of the application and how the request is made, it's more or less complicated to prevent this.\n\nPossible defensive measures include :\n► URL Validation and an allowlist\n► Proper DNS Resolution\n► Network-Level Protection\n► Cloud Platform Specific Protections\n\nI wanted to include an example of what a good example looks like, but the code is 163 lines long, so instead, what I recommend is that you rely on a robust, well-proven SSRF protection library.","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,186],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1850957837297500340","view_count":230,"bookmark_count":0,"created_at":1730137712000,"favorite_count":9,"quote_count":0,"reply_count":4,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1850957837297500340","full_text":"What I've done today :\n\nAdded the first 20 software to my Cybersecurity Software Directory, taking longer than expected.\nMy goal is to have 100 software by the end of the week\n\nAnd you ?","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,215],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1848300543237656984","view_count":5218,"bookmark_count":0,"created_at":1729504163000,"favorite_count":7,"quote_count":0,"reply_count":13,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1848300543237656984","full_text":"Do you think taking a domain other than .com is a mistake ?\n\nI took an .xyz and even I naturally tend to type .com in the URL bar, so I wonder if it can have a real negative impact on the discovery of an application","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,65],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/nH57BmXPm2","expanded_url":"https://x.com/MRTSec/status/1849805264519610727/photo/1","id_str":"1849805151093026816","indices":[66,89],"media_key":"3_1849805151093026816","media_url_https":"https://pbs.twimg.com/media/GavT-_aWcAA8g1S.jpg","type":"photo","url":"https://t.co/nH57BmXPm2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":1580,"w":2048,"resize":"fit"},"medium":{"h":926,"w":1200,"resize":"fit"},"small":{"h":525,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":3160,"width":4096,"focus_rects":[{"x":0,"y":0,"w":4096,"h":2294},{"x":0,"y":0,"w":3160,"h":3160},{"x":0,"y":0,"w":2772,"h":3160},{"x":0,"y":0,"w":1580,"h":3160},{"x":0,"y":0,"w":4096,"h":3160}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849805151093026816"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/nH57BmXPm2","expanded_url":"https://x.com/MRTSec/status/1849805264519610727/photo/1","id_str":"1849805151093026816","indices":[66,89],"media_key":"3_1849805151093026816","media_url_https":"https://pbs.twimg.com/media/GavT-_aWcAA8g1S.jpg","type":"photo","url":"https://t.co/nH57BmXPm2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":1580,"w":2048,"resize":"fit"},"medium":{"h":926,"w":1200,"resize":"fit"},"small":{"h":525,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":3160,"width":4096,"focus_rects":[{"x":0,"y":0,"w":4096,"h":2294},{"x":0,"y":0,"w":3160,"h":3160},{"x":0,"y":0,"w":2772,"h":3160},{"x":0,"y":0,"w":1580,"h":3160},{"x":0,"y":0,"w":4096,"h":3160}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849805151093026816"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"quoted_status_id_str":"1849797590981709903","quoted_status_permalink":{"url":"https://t.co/P9NQcf8iu1","expanded":"https://twitter.com/zalkazemi/status/1849797590981709903","display":"x.com/zalkazemi/stat…"},"retweeted":false,"fact_check":null,"id":"1849805264519610727","view_count":822,"bookmark_count":0,"created_at":1729862917000,"favorite_count":7,"quote_count":1,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849805264519610727","full_text":"Convert video to text \nAsk ChatGPT to convert text to checkpoints https://t.co/nH57BmXPm2","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":1,"is_ai":null},{"bookmarked":false,"conversation_control":{"policy":"ByInvitation","conversation_owner_results":{"result":{"__typename":"User","legacy":{"screen_name":"MRTSec"}}}},"display_text_range":[0,36],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1849734608864018820","view_count":500,"bookmark_count":0,"created_at":1729846071000,"favorite_count":6,"quote_count":0,"reply_count":2,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849734608864018820","full_text":"What is Web Application Security ? 🧵","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,276],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1853408390585737387","view_count":593,"bookmark_count":2,"created_at":1730721969000,"favorite_count":6,"quote_count":2,"reply_count":1,"retweet_count":1,"user_id_str":"1752611915988160513","conversation_id_str":"1853408390585737387","full_text":"9⃣ [PART 9] What Is Web Application Security ?\n\nWhat is a security audit ? 🤔\nSpoiler alert: your small project needs it too, and it doesn't have to break the bank!\n\nBetter known as pentesting (penetration testing), it's like inviting a professional thief to try and break into your house, but for your application. He'll try to find security holes before the bad guys do. It's all about hiring someone who thinks like an attacker.\n\n\"But I'm just a small fish, who would want to hack me?\" Here's the truth: automated scanners don't care about your size and smaller projects are often targeted because attackers assume they have weaker security. \n\nSome real scenarios :\n1/ SaaS startup with 10 customers\n► Never had a security audit\n► Got hacked through a simple vulnerability\n► Lost multiples customers\n► Revenue impact: -$45,000/year\n\n2/ Small e-commerce site\n► First pentest revealed SQL injection\n► Could have exposed 3,000 customer records\n► Cost of pentest: $1,500\n► Just in potential GDPR fine avoided: A lot\n\nIf you've never had a pentest, start with a one-day security audit. \nIt's like a quick health check for your application 🏗️\n\nWhat You Get:\n► Quick identification of obvious vulnerabilities\n► Basic security posture assessment\n► Priority recommendations\n► A starting point for your security journey\n\nOnce you're more established, you should:\n► Do \"Regular\" Audits\n► Vary Your Testing Approaches (BlackBox, GreyBox, WhiteBox)\n► Use Different Companies, why? Because different testers = different methodologies = better coverage\n\nA pentest with no finding isn't a waste! It's like a clean bill of health from your doctor. It means:\n\n► Your security practices are working\n► You have documentation of your security posture\n► You can prove due diligence to customers\n► You have a baseline for future comparison\n\nPractical Next Steps 📝\n- Book a one-day security audit\n- Focus on critical components\n- Get quick wins\n\n- Address findings\n- Implement basic security monitoring\n- Document your security practices\n\n- Plan regular testing schedule\n- Build security into development","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,166],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/C0WeaB4LOK","expanded_url":"https://x.com/MRTSec/status/1849776524808843639/photo/1","id_str":"1849775988504203264","indices":[167,190],"media_key":"3_1849775988504203264","media_url_https":"https://pbs.twimg.com/media/Gau5dgTXEAA7tln.jpg","type":"photo","url":"https://t.co/C0WeaB4LOK","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":1575,"w":2048,"resize":"fit"},"medium":{"h":923,"w":1200,"resize":"fit"},"small":{"h":523,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":2436,"width":3168,"focus_rects":[{"x":0,"y":301,"w":3168,"h":1774},{"x":0,"y":0,"w":2436,"h":2436},{"x":0,"y":0,"w":2137,"h":2436},{"x":420,"y":0,"w":1218,"h":2436},{"x":0,"y":0,"w":3168,"h":2436}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849775988504203264"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/C0WeaB4LOK","expanded_url":"https://x.com/MRTSec/status/1849776524808843639/photo/1","id_str":"1849775988504203264","indices":[167,190],"media_key":"3_1849775988504203264","media_url_https":"https://pbs.twimg.com/media/Gau5dgTXEAA7tln.jpg","type":"photo","url":"https://t.co/C0WeaB4LOK","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":1575,"w":2048,"resize":"fit"},"medium":{"h":923,"w":1200,"resize":"fit"},"small":{"h":523,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":2436,"width":3168,"focus_rects":[{"x":0,"y":301,"w":3168,"h":1774},{"x":0,"y":0,"w":2436,"h":2436},{"x":0,"y":0,"w":2137,"h":2436},{"x":420,"y":0,"w":1218,"h":2436},{"x":0,"y":0,"w":3168,"h":2436}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849775988504203264"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1849776524808843639","view_count":175,"bookmark_count":0,"created_at":1729856065000,"favorite_count":5,"quote_count":1,"reply_count":0,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849776524808843639","full_text":"## Insecure Code 2⃣\n\nExtract from a real Ruby on Rails application\n\nDue to a naive check, it is possible for an attacker to authenticate in the place of another user. https://t.co/C0WeaB4LOK","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,277],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/uLB1cXFeLR","expanded_url":"https://x.com/MRTSec/status/1851188609036251283/photo/1","id_str":"1851186904865132544","indices":[278,301],"media_key":"3_1851186904865132544","media_url_https":"https://pbs.twimg.com/media/GbC8rpVXUAA2uyU.png","type":"photo","url":"https://t.co/uLB1cXFeLR","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":378,"w":809,"resize":"fit"},"medium":{"h":378,"w":809,"resize":"fit"},"small":{"h":318,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":378,"width":809,"focus_rects":[{"x":46,"y":0,"w":675,"h":378},{"x":194,"y":0,"w":378,"h":378},{"x":217,"y":0,"w":332,"h":378},{"x":289,"y":0,"w":189,"h":378},{"x":0,"y":0,"w":809,"h":378}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851186904865132544"}}},{"display_url":"pic.x.com/uLB1cXFeLR","expanded_url":"https://x.com/MRTSec/status/1851188609036251283/photo/1","id_str":"1851187289436700672","indices":[278,301],"media_key":"3_1851187289436700672","media_url_https":"https://pbs.twimg.com/media/GbC9CB-XwAAt7j0.jpg","type":"photo","url":"https://t.co/uLB1cXFeLR","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[{"x":18,"y":429,"h":38,"w":38},{"x":25,"y":809,"h":68,"w":68},{"x":2,"y":682,"h":103,"w":103},{"x":248,"y":678,"h":108,"w":108}]},"medium":{"faces":[{"x":18,"y":429,"h":38,"w":38},{"x":25,"y":809,"h":68,"w":68},{"x":2,"y":682,"h":103,"w":103},{"x":248,"y":678,"h":108,"w":108}]},"small":{"faces":[{"x":13,"y":312,"h":27,"w":27},{"x":18,"y":588,"h":49,"w":49},{"x":1,"y":496,"h":74,"w":74},{"x":180,"y":493,"h":78,"w":78}]},"orig":{"faces":[{"x":18,"y":429,"h":38,"w":38},{"x":25,"y":809,"h":68,"w":68},{"x":2,"y":682,"h":103,"w":103},{"x":248,"y":678,"h":108,"w":108}]}},"sizes":{"large":{"h":935,"w":811,"resize":"fit"},"medium":{"h":935,"w":811,"resize":"fit"},"small":{"h":680,"w":590,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":935,"width":811,"focus_rects":[{"x":0,"y":449,"w":811,"h":454},{"x":0,"y":124,"w":811,"h":811},{"x":0,"y":10,"w":811,"h":925},{"x":69,"y":0,"w":468,"h":935},{"x":0,"y":0,"w":811,"h":935}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851187289436700672"}}},{"display_url":"pic.x.com/uLB1cXFeLR","expanded_url":"https://x.com/MRTSec/status/1851188609036251283/photo/1","id_str":"1851187646258679808","indices":[278,301],"media_key":"3_1851187646258679808","media_url_https":"https://pbs.twimg.com/media/GbC9WzPXEAAHr7A.png","type":"photo","url":"https://t.co/uLB1cXFeLR","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":747,"w":806,"resize":"fit"},"medium":{"h":747,"w":806,"resize":"fit"},"small":{"h":630,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":747,"width":806,"focus_rects":[{"x":0,"y":237,"w":806,"h":451},{"x":0,"y":0,"w":747,"h":747},{"x":0,"y":0,"w":655,"h":747},{"x":0,"y":0,"w":374,"h":747},{"x":0,"y":0,"w":806,"h":747}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851187646258679808"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/uLB1cXFeLR","expanded_url":"https://x.com/MRTSec/status/1851188609036251283/photo/1","id_str":"1851186904865132544","indices":[278,301],"media_key":"3_1851186904865132544","media_url_https":"https://pbs.twimg.com/media/GbC8rpVXUAA2uyU.png","type":"photo","url":"https://t.co/uLB1cXFeLR","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":378,"w":809,"resize":"fit"},"medium":{"h":378,"w":809,"resize":"fit"},"small":{"h":318,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":378,"width":809,"focus_rects":[{"x":46,"y":0,"w":675,"h":378},{"x":194,"y":0,"w":378,"h":378},{"x":217,"y":0,"w":332,"h":378},{"x":289,"y":0,"w":189,"h":378},{"x":0,"y":0,"w":809,"h":378}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851186904865132544"}}},{"display_url":"pic.x.com/uLB1cXFeLR","expanded_url":"https://x.com/MRTSec/status/1851188609036251283/photo/1","id_str":"1851187289436700672","indices":[278,301],"media_key":"3_1851187289436700672","media_url_https":"https://pbs.twimg.com/media/GbC9CB-XwAAt7j0.jpg","type":"photo","url":"https://t.co/uLB1cXFeLR","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[{"x":18,"y":429,"h":38,"w":38},{"x":25,"y":809,"h":68,"w":68},{"x":2,"y":682,"h":103,"w":103},{"x":248,"y":678,"h":108,"w":108}]},"medium":{"faces":[{"x":18,"y":429,"h":38,"w":38},{"x":25,"y":809,"h":68,"w":68},{"x":2,"y":682,"h":103,"w":103},{"x":248,"y":678,"h":108,"w":108}]},"small":{"faces":[{"x":13,"y":312,"h":27,"w":27},{"x":18,"y":588,"h":49,"w":49},{"x":1,"y":496,"h":74,"w":74},{"x":180,"y":493,"h":78,"w":78}]},"orig":{"faces":[{"x":18,"y":429,"h":38,"w":38},{"x":25,"y":809,"h":68,"w":68},{"x":2,"y":682,"h":103,"w":103},{"x":248,"y":678,"h":108,"w":108}]}},"sizes":{"large":{"h":935,"w":811,"resize":"fit"},"medium":{"h":935,"w":811,"resize":"fit"},"small":{"h":680,"w":590,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":935,"width":811,"focus_rects":[{"x":0,"y":449,"w":811,"h":454},{"x":0,"y":124,"w":811,"h":811},{"x":0,"y":10,"w":811,"h":925},{"x":69,"y":0,"w":468,"h":935},{"x":0,"y":0,"w":811,"h":935}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851187289436700672"}}},{"display_url":"pic.x.com/uLB1cXFeLR","expanded_url":"https://x.com/MRTSec/status/1851188609036251283/photo/1","id_str":"1851187646258679808","indices":[278,301],"media_key":"3_1851187646258679808","media_url_https":"https://pbs.twimg.com/media/GbC9WzPXEAAHr7A.png","type":"photo","url":"https://t.co/uLB1cXFeLR","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":747,"w":806,"resize":"fit"},"medium":{"h":747,"w":806,"resize":"fit"},"small":{"h":630,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":747,"width":806,"focus_rects":[{"x":0,"y":237,"w":806,"h":451},{"x":0,"y":0,"w":747,"h":747},{"x":0,"y":0,"w":655,"h":747},{"x":0,"y":0,"w":374,"h":747},{"x":0,"y":0,"w":806,"h":747}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851187646258679808"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1851188609036251283","view_count":558,"bookmark_count":1,"created_at":1730192732000,"favorite_count":5,"quote_count":1,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1851188609036251283","full_text":"4⃣ [PART 4] What is Web Application Security ?\nWeb Security Threats and How to Protect Against Them\n\nCross-Site Scripting (XSS)\n-----------------------\n\nXSS occurs when attackers inject malicious JavaScript into your website. Think of it as someone sneaking malicious code into your application that then runs in your users' browsers. There are three main types of XSS, and yes, they're all dangerous !\n\n1/ Reflected XSS :\nThis is like a boomerang, the malicious code is part of the user's request and gets immediately reflected back.\n\nExample scenario:\n► Attacker creates a link: `https://yourapp[.]com/search?q=<script>stealCookies()</script>`\n► Sends it to a victim\n► Your app displays the search term without sanitization\nVictim's browser executes the malicious script\n\n2/ Stored XSS\nThis is for me, the most dangerous, the malicious code gets stored, e.g in your database and serves to every user who accesses the affected page. It's like a malicious land mine waiting to explode!\n\nExample scenario:\n► Attacker posts a comment containing malicious script\n► Your app stores it in the database\n► Every user viewing the comments gets attacked\n\n3/ DOM-based XSS\nThe sneaky one, the vulnerability exists in client-side code that modifies the DOM. The malicious payload never reaches your server !\n\nExample scenario:\n► URL contains malicious code: `https://yourapp[.]com#<img src=x onerror=\"alert(1)\">`\n► Client-side JavaScript uses this value unsafely\n► Attacker exploits DOM manipulation\n\nWell, I was going to talk about more things, including possible mitigation strategies, but I can't include more than 4 images in one post, so I'll do it tomorrow 😉","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,109],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1852401002172854289","view_count":523,"bookmark_count":0,"created_at":1730481789000,"favorite_count":5,"quote_count":1,"reply_count":1,"retweet_count":1,"user_id_str":"1752611915988160513","conversation_id_str":"1852401002172854289","full_text":"Want a FREE security audit of your product or just some security advice ?\n\nDrop a comment, I'll pick someone👇","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,183],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1851678350193893516","view_count":243,"bookmark_count":0,"created_at":1730309495000,"favorite_count":5,"quote_count":0,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1851678350193893516","full_text":"What a day 😮💨\n\n➡️Sent a 37 page security audit report\n➡️Performed an update on my site\n➡️Add 20 new entries to my directory\n\nHard to find time to interact with people on X\n\nAnd you ?","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,64],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/uiKwfsvi9x","expanded_url":"https://x.com/MRTSec/status/1853029241941561496/photo/1","id_str":"1853029077500010496","indices":[65,88],"media_key":"3_1853029077500010496","media_url_https":"https://pbs.twimg.com/media/GbdIINLboAANsee.png","type":"photo","url":"https://t.co/uiKwfsvi9x","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":53,"w":266,"resize":"fit"},"medium":{"h":53,"w":266,"resize":"fit"},"small":{"h":53,"w":266,"resize":"fit"},"thumb":{"h":53,"w":53,"resize":"crop"}},"original_info":{"height":53,"width":266,"focus_rects":[{"x":86,"y":0,"w":95,"h":53},{"x":107,"y":0,"w":53,"h":53},{"x":110,"y":0,"w":46,"h":53},{"x":120,"y":0,"w":27,"h":53},{"x":0,"y":0,"w":266,"h":53}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1853029077500010496"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/uiKwfsvi9x","expanded_url":"https://x.com/MRTSec/status/1853029241941561496/photo/1","id_str":"1853029077500010496","indices":[65,88],"media_key":"3_1853029077500010496","media_url_https":"https://pbs.twimg.com/media/GbdIINLboAANsee.png","type":"photo","url":"https://t.co/uiKwfsvi9x","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":53,"w":266,"resize":"fit"},"medium":{"h":53,"w":266,"resize":"fit"},"small":{"h":53,"w":266,"resize":"fit"},"thumb":{"h":53,"w":53,"resize":"crop"}},"original_info":{"height":53,"width":266,"focus_rects":[{"x":86,"y":0,"w":95,"h":53},{"x":107,"y":0,"w":53,"h":53},{"x":110,"y":0,"w":46,"h":53},{"x":120,"y":0,"w":27,"h":53},{"x":0,"y":0,"w":266,"h":53}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1853029077500010496"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1853029241941561496","view_count":211,"bookmark_count":0,"created_at":1730631573000,"favorite_count":5,"quote_count":0,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1853029241941561496","full_text":"All right, the first 100 entries in my Directory are available 🥳 https://t.co/uiKwfsvi9x","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,55],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/rh46b55GRp","expanded_url":"https://x.com/MRTSec/status/1853524680340086970/photo/1","id_str":"1853524408800821248","indices":[56,79],"media_key":"3_1853524408800821248","media_url_https":"https://pbs.twimg.com/media/GbkKoSEWwAAXQvr.png","type":"photo","url":"https://t.co/rh46b55GRp","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":427,"w":875,"resize":"fit"},"medium":{"h":427,"w":875,"resize":"fit"},"small":{"h":332,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":427,"width":875,"focus_rects":[{"x":0,"y":0,"w":763,"h":427},{"x":0,"y":0,"w":427,"h":427},{"x":0,"y":0,"w":375,"h":427},{"x":46,"y":0,"w":214,"h":427},{"x":0,"y":0,"w":875,"h":427}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1853524408800821248"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/rh46b55GRp","expanded_url":"https://x.com/MRTSec/status/1853524680340086970/photo/1","id_str":"1853524408800821248","indices":[56,79],"media_key":"3_1853524408800821248","media_url_https":"https://pbs.twimg.com/media/GbkKoSEWwAAXQvr.png","type":"photo","url":"https://t.co/rh46b55GRp","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":427,"w":875,"resize":"fit"},"medium":{"h":427,"w":875,"resize":"fit"},"small":{"h":332,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":427,"width":875,"focus_rects":[{"x":0,"y":0,"w":763,"h":427},{"x":0,"y":0,"w":427,"h":427},{"x":0,"y":0,"w":375,"h":427},{"x":46,"y":0,"w":214,"h":427},{"x":0,"y":0,"w":875,"h":427}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1853524408800821248"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1853524680340086970","view_count":235,"bookmark_count":0,"created_at":1730749695000,"favorite_count":5,"quote_count":0,"reply_count":0,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1853524680340086970","full_text":"An audit that starts well\n\nAnd you, what are you doing? https://t.co/rh46b55GRp","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,277],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1853837182013722902","view_count":198,"bookmark_count":0,"created_at":1730824201000,"favorite_count":5,"quote_count":0,"reply_count":0,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1853837182013722902","full_text":"1⃣0⃣ [PART 10] What Is Web Application Security ?\n\nAlready number 10 🥳\n\nYesterday we talked about what a security audit / pentest is, today we're going to look at what you can expect from it, but also what you can ask for beforehand.\n\nWhat to Look for in a Pentesting Company ? You can ask for :\n► Similar industry experience\n► Case studies\n► Sample reports\n► Testing methodology\n\nDo not hesitate to ask for information on the testing methodology and favor a manual approach, if automated tools are used you can ask which ones, apart from the tools created internally, there is no secret to had about that\n\nWhat is a clear deliverables ?\n► Detailed technical findings\n► Business impact analysis\n► Remediation guidance\n\nAlso, the post-audit support is very important if you do not understand a vulnerability or cannot reproduce it, you must be able to obtain help from the company that discovered it.\n\nYou can even ask if after the fix, the vulnerabilities can be re-checked, this is however not obligatory / not always included in the audit offer.\n\nDon't forget, security testing is an investment, not an expense. It's not just for big companies. Start small, but start now. \n\nA one-day audit is better than no audit, and regular testing shows you take security seriously. Remember:\n\n► Every project needs security testing\n► Start with a basic audit\n► Build up to regular testing\n► Clean reports are valuable\n► Security is an ongoing journey\n\nBook that first security audit. Your future self (and your customers) will thank you !🚀","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,71],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1849060358721335400","view_count":352,"bookmark_count":0,"created_at":1729685318000,"favorite_count":4,"quote_count":0,"reply_count":4,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849060358721335400","full_text":"\"Validate first\" they say, but why is it so difficult to get feedback ?","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,274],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/Gf0P9oTPa2","expanded_url":"https://x.com/MRTSec/status/1850845494664184309/photo/1","id_str":"1850843940179554304","indices":[275,298],"media_key":"3_1850843940179554304","media_url_https":"https://pbs.twimg.com/media/Ga-EweUWMAAEhfT.png","type":"photo","url":"https://t.co/Gf0P9oTPa2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":248,"w":774,"resize":"fit"},"medium":{"h":248,"w":774,"resize":"fit"},"small":{"h":218,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":248,"width":774,"focus_rects":[{"x":0,"y":0,"w":443,"h":248},{"x":0,"y":0,"w":248,"h":248},{"x":0,"y":0,"w":218,"h":248},{"x":34,"y":0,"w":124,"h":248},{"x":0,"y":0,"w":774,"h":248}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1850843940179554304"}}},{"display_url":"pic.x.com/Gf0P9oTPa2","expanded_url":"https://x.com/MRTSec/status/1850845494664184309/photo/1","id_str":"1850844174335066112","indices":[275,298],"media_key":"3_1850844174335066112","media_url_https":"https://pbs.twimg.com/media/Ga-E-GnXwAAHUn-.png","type":"photo","url":"https://t.co/Gf0P9oTPa2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":190,"w":761,"resize":"fit"},"medium":{"h":190,"w":761,"resize":"fit"},"small":{"h":170,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":190,"width":761,"focus_rects":[{"x":0,"y":0,"w":339,"h":190},{"x":0,"y":0,"w":190,"h":190},{"x":12,"y":0,"w":167,"h":190},{"x":48,"y":0,"w":95,"h":190},{"x":0,"y":0,"w":761,"h":190}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1850844174335066112"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/Gf0P9oTPa2","expanded_url":"https://x.com/MRTSec/status/1850845494664184309/photo/1","id_str":"1850843940179554304","indices":[275,298],"media_key":"3_1850843940179554304","media_url_https":"https://pbs.twimg.com/media/Ga-EweUWMAAEhfT.png","type":"photo","url":"https://t.co/Gf0P9oTPa2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":248,"w":774,"resize":"fit"},"medium":{"h":248,"w":774,"resize":"fit"},"small":{"h":218,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":248,"width":774,"focus_rects":[{"x":0,"y":0,"w":443,"h":248},{"x":0,"y":0,"w":248,"h":248},{"x":0,"y":0,"w":218,"h":248},{"x":34,"y":0,"w":124,"h":248},{"x":0,"y":0,"w":774,"h":248}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1850843940179554304"}}},{"display_url":"pic.x.com/Gf0P9oTPa2","expanded_url":"https://x.com/MRTSec/status/1850845494664184309/photo/1","id_str":"1850844174335066112","indices":[275,298],"media_key":"3_1850844174335066112","media_url_https":"https://pbs.twimg.com/media/Ga-E-GnXwAAHUn-.png","type":"photo","url":"https://t.co/Gf0P9oTPa2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":190,"w":761,"resize":"fit"},"medium":{"h":190,"w":761,"resize":"fit"},"small":{"h":170,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":190,"width":761,"focus_rects":[{"x":0,"y":0,"w":339,"h":190},{"x":0,"y":0,"w":190,"h":190},{"x":12,"y":0,"w":167,"h":190},{"x":48,"y":0,"w":95,"h":190},{"x":0,"y":0,"w":761,"h":190}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1850844174335066112"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1850845494664184309","view_count":266,"bookmark_count":1,"created_at":1730110927000,"favorite_count":4,"quote_count":1,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1850845494664184309","full_text":"3⃣ [PART 3] What is Web Application Security ?\nWeb Security Threats and How to Protect Against Them\n\n1. SQL injection\n-----------------------\n\nWhat's involved ? Imagine that someone enters malicious SQL code into your login form instead of a normal username. If not properly protected, this code could give them access to your entire database!\n\nHow to protect yourself?\n► NEVER rely on user input (Global rule)\n► Use parameterized queries (most modern frameworks allow this).\n► Use an ORM (Object-Relational Mapping) like Prisma, Sequelize or Django ORM.\n\nFortunately, with modern solutions, this vulnerability is not as common as it used to be, simply because ORMs effectively protect against SQL Injection.\n\nBut ... misuse of these ORMs can still leave you vulnerable, so don't take security for granted and have your code audited.\n\nTomorrow I'll share a post about two more common vulnerabilities, including my favorite one","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null}],"ctweets":[{"bookmarked":false,"display_text_range":[0,215],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1848300543237656984","view_count":5218,"bookmark_count":0,"created_at":1729504163000,"favorite_count":7,"quote_count":0,"reply_count":13,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1848300543237656984","full_text":"Do you think taking a domain other than .com is a mistake ?\n\nI took an .xyz and even I naturally tend to type .com in the URL bar, so I wonder if it can have a real negative impact on the discovery of an application","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,71],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1849060358721335400","view_count":352,"bookmark_count":0,"created_at":1729685318000,"favorite_count":4,"quote_count":0,"reply_count":4,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849060358721335400","full_text":"\"Validate first\" they say, but why is it so difficult to get feedback ?","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,186],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1850957837297500340","view_count":230,"bookmark_count":0,"created_at":1730137712000,"favorite_count":9,"quote_count":0,"reply_count":4,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1850957837297500340","full_text":"What I've done today :\n\nAdded the first 20 software to my Cybersecurity Software Directory, taking longer than expected.\nMy goal is to have 100 software by the end of the week\n\nAnd you ?","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,275],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/xaTAdcSPAE","expanded_url":"https://x.com/MRTSec/status/1851985360219185322/photo/1","id_str":"1851982759935303680","indices":[276,299],"media_key":"3_1851982759935303680","media_url_https":"https://pbs.twimg.com/media/GbOQgggXYAAD7YW.png","type":"photo","url":"https://t.co/xaTAdcSPAE","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":402,"w":810,"resize":"fit"},"medium":{"h":402,"w":810,"resize":"fit"},"small":{"h":337,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":402,"width":810,"focus_rects":[{"x":0,"y":0,"w":718,"h":402},{"x":0,"y":0,"w":402,"h":402},{"x":0,"y":0,"w":353,"h":402},{"x":41,"y":0,"w":201,"h":402},{"x":0,"y":0,"w":810,"h":402}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851982759935303680"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/xaTAdcSPAE","expanded_url":"https://x.com/MRTSec/status/1851985360219185322/photo/1","id_str":"1851982759935303680","indices":[276,299],"media_key":"3_1851982759935303680","media_url_https":"https://pbs.twimg.com/media/GbOQgggXYAAD7YW.png","type":"photo","url":"https://t.co/xaTAdcSPAE","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":402,"w":810,"resize":"fit"},"medium":{"h":402,"w":810,"resize":"fit"},"small":{"h":337,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":402,"width":810,"focus_rects":[{"x":0,"y":0,"w":718,"h":402},{"x":0,"y":0,"w":402,"h":402},{"x":0,"y":0,"w":353,"h":402},{"x":41,"y":0,"w":201,"h":402},{"x":0,"y":0,"w":810,"h":402}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851982759935303680"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1851985360219185322","view_count":1422,"bookmark_count":5,"created_at":1730382692000,"favorite_count":10,"quote_count":2,"reply_count":4,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1851985360219185322","full_text":"6⃣ [PART 6] What is Web Application Security ?\n\nI've observed that many of you have a SaaS that requires the user to provide a URL and a request is made to the website.\n\nBut without the right practices, you're exposing yourself to a very dangerous vulnerability.\n\nServer-Side Request Forgery (SSRF)\n--------------------------------\n\nAn SSRF occurs when an attacker can make your server perform requests to unintended locations. It's like tricking your server into becoming a proxy to access internal services or private networks.\n\nThere are several types of SSRF, but for this post we'll concentrate on the “basic” one.\n\n► Your service requests a URL from the user\n► The backend makes the request and displays the response\n\nWithout protection, it is therefore possible to interrogate internal resources and retrieve sensitive information.\n\nIt's even worse in cloud environments: on AWS, for example, it's possible to retrieve IAM credentials, and then it's party time for the attacker.\n\nDepending on the logic of the application and how the request is made, it's more or less complicated to prevent this.\n\nPossible defensive measures include :\n► URL Validation and an allowlist\n► Proper DNS Resolution\n► Network-Level Protection\n► Cloud Platform Specific Protections\n\nI wanted to include an example of what a good example looks like, but the code is 163 lines long, so instead, what I recommend is that you rely on a robust, well-proven SSRF protection library.","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,116],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/0jINUi4aag","expanded_url":"https://x.com/MRTSec/status/1849132310819492214/photo/1","id_str":"1849131408670765056","indices":[117,140],"media_key":"3_1849131408670765056","media_url_https":"https://pbs.twimg.com/media/GalvOBTWsAAh2hX.jpg","type":"photo","url":"https://t.co/0jINUi4aag","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":738,"w":1297,"resize":"fit"},"medium":{"h":683,"w":1200,"resize":"fit"},"small":{"h":387,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":738,"width":1297,"focus_rects":[{"x":0,"y":0,"w":1297,"h":726},{"x":279,"y":0,"w":738,"h":738},{"x":325,"y":0,"w":647,"h":738},{"x":464,"y":0,"w":369,"h":738},{"x":0,"y":0,"w":1297,"h":738}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849131408670765056"}}},{"display_url":"pic.x.com/0jINUi4aag","expanded_url":"https://x.com/MRTSec/status/1849132310819492214/photo/1","id_str":"1849131481177710593","indices":[117,140],"media_key":"3_1849131481177710593","media_url_https":"https://pbs.twimg.com/media/GalvSPaW4AEDYIX.png","type":"photo","url":"https://t.co/0jINUi4aag","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":752,"w":1314,"resize":"fit"},"medium":{"h":687,"w":1200,"resize":"fit"},"small":{"h":389,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":752,"width":1314,"focus_rects":[{"x":0,"y":0,"w":1314,"h":736},{"x":281,"y":0,"w":752,"h":752},{"x":327,"y":0,"w":660,"h":752},{"x":469,"y":0,"w":376,"h":752},{"x":0,"y":0,"w":1314,"h":752}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849131481177710593"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/0jINUi4aag","expanded_url":"https://x.com/MRTSec/status/1849132310819492214/photo/1","id_str":"1849131408670765056","indices":[117,140],"media_key":"3_1849131408670765056","media_url_https":"https://pbs.twimg.com/media/GalvOBTWsAAh2hX.jpg","type":"photo","url":"https://t.co/0jINUi4aag","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":738,"w":1297,"resize":"fit"},"medium":{"h":683,"w":1200,"resize":"fit"},"small":{"h":387,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":738,"width":1297,"focus_rects":[{"x":0,"y":0,"w":1297,"h":726},{"x":279,"y":0,"w":738,"h":738},{"x":325,"y":0,"w":647,"h":738},{"x":464,"y":0,"w":369,"h":738},{"x":0,"y":0,"w":1297,"h":738}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849131408670765056"}}},{"display_url":"pic.x.com/0jINUi4aag","expanded_url":"https://x.com/MRTSec/status/1849132310819492214/photo/1","id_str":"1849131481177710593","indices":[117,140],"media_key":"3_1849131481177710593","media_url_https":"https://pbs.twimg.com/media/GalvSPaW4AEDYIX.png","type":"photo","url":"https://t.co/0jINUi4aag","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":752,"w":1314,"resize":"fit"},"medium":{"h":687,"w":1200,"resize":"fit"},"small":{"h":389,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":752,"width":1314,"focus_rects":[{"x":0,"y":0,"w":1314,"h":736},{"x":281,"y":0,"w":752,"h":752},{"x":327,"y":0,"w":660,"h":752},{"x":469,"y":0,"w":376,"h":752},{"x":0,"y":0,"w":1314,"h":752}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849131481177710593"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1849132310819492214","view_count":226,"bookmark_count":0,"created_at":1729702472000,"favorite_count":3,"quote_count":0,"reply_count":2,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849132310819492214","full_text":"I just updated my website, it will serve as my 'Under construction' page until I can do better.\n\nWhat do you think ? https://t.co/0jINUi4aag","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"conversation_control":{"policy":"ByInvitation","conversation_owner_results":{"result":{"__typename":"User","legacy":{"screen_name":"MRTSec"}}}},"display_text_range":[0,36],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1849734608864018820","view_count":500,"bookmark_count":0,"created_at":1729846071000,"favorite_count":6,"quote_count":0,"reply_count":2,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849734608864018820","full_text":"What is Web Application Security ? 🧵","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,276],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/RT6NL9ie6b","expanded_url":"https://x.com/MRTSec/status/1852291534156190066/photo/1","id_str":"1852290046201602048","indices":[277,300],"media_key":"3_1852290046201602048","media_url_https":"https://pbs.twimg.com/media/GbSn-7DWoAAhMrJ.png","type":"photo","url":"https://t.co/RT6NL9ie6b","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":262,"w":804,"resize":"fit"},"medium":{"h":262,"w":804,"resize":"fit"},"small":{"h":222,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":262,"width":804,"focus_rects":[{"x":0,"y":0,"w":468,"h":262},{"x":0,"y":0,"w":262,"h":262},{"x":0,"y":0,"w":230,"h":262},{"x":35,"y":0,"w":131,"h":262},{"x":0,"y":0,"w":804,"h":262}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1852290046201602048"}}},{"display_url":"pic.x.com/RT6NL9ie6b","expanded_url":"https://x.com/MRTSec/status/1852291534156190066/photo/1","id_str":"1852291340870021120","indices":[277,300],"media_key":"3_1852291340870021120","media_url_https":"https://pbs.twimg.com/media/GbSpKSEW8AA5cpv.png","type":"photo","url":"https://t.co/RT6NL9ie6b","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":638,"w":802,"resize":"fit"},"medium":{"h":638,"w":802,"resize":"fit"},"small":{"h":541,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":638,"width":802,"focus_rects":[{"x":0,"y":0,"w":802,"h":449},{"x":0,"y":0,"w":638,"h":638},{"x":0,"y":0,"w":560,"h":638},{"x":101,"y":0,"w":319,"h":638},{"x":0,"y":0,"w":802,"h":638}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1852291340870021120"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/RT6NL9ie6b","expanded_url":"https://x.com/MRTSec/status/1852291534156190066/photo/1","id_str":"1852290046201602048","indices":[277,300],"media_key":"3_1852290046201602048","media_url_https":"https://pbs.twimg.com/media/GbSn-7DWoAAhMrJ.png","type":"photo","url":"https://t.co/RT6NL9ie6b","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":262,"w":804,"resize":"fit"},"medium":{"h":262,"w":804,"resize":"fit"},"small":{"h":222,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":262,"width":804,"focus_rects":[{"x":0,"y":0,"w":468,"h":262},{"x":0,"y":0,"w":262,"h":262},{"x":0,"y":0,"w":230,"h":262},{"x":35,"y":0,"w":131,"h":262},{"x":0,"y":0,"w":804,"h":262}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1852290046201602048"}}},{"display_url":"pic.x.com/RT6NL9ie6b","expanded_url":"https://x.com/MRTSec/status/1852291534156190066/photo/1","id_str":"1852291340870021120","indices":[277,300],"media_key":"3_1852291340870021120","media_url_https":"https://pbs.twimg.com/media/GbSpKSEW8AA5cpv.png","type":"photo","url":"https://t.co/RT6NL9ie6b","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":638,"w":802,"resize":"fit"},"medium":{"h":638,"w":802,"resize":"fit"},"small":{"h":541,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":638,"width":802,"focus_rects":[{"x":0,"y":0,"w":802,"h":449},{"x":0,"y":0,"w":638,"h":638},{"x":0,"y":0,"w":560,"h":638},{"x":101,"y":0,"w":319,"h":638},{"x":0,"y":0,"w":802,"h":638}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1852291340870021120"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1852291534156190066","view_count":147,"bookmark_count":0,"created_at":1730455690000,"favorite_count":3,"quote_count":1,"reply_count":2,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1852291534156190066","full_text":"7⃣ [PART 7] What Is Web Application Security ?\n\nToday, a vulnerability that without hesitation affects almost all of you which is also my favorite. I could do dozens of posts on this vulnerability, but I'll keep it brief.\n\nBroken Access Control\n-----------------------\n\nBehind this barbaric name, there are actually several sub-categories of vulnerabilities, but in general, they affect everything related to authorization management.\n\nWhy do I say it affects almost all of you ? Because even for experienced developers, it's a really complicated thing to implement, and it's something that's currently extremely poorly managed in LLM-generated code.\n\nSo when I see a product with complex access control management, such as user/team management or multi-tenant, I smile in anticipation.\n\nThe easiest example to illustrate in this category is IDOR (Insecure Direct Object Reference). It may not ring a bell, but a recent drama made a lot of noise about this vulnerability.\n\nA classic example: a user can access or modify another user's data by simply changing an ID in the URL or API request. \n\nAnd no, just using UUIDs instead of sequential IDs isn't enough protection ! Large companies such as Uber have paid the price for making this mistake.\n\n► Always verify that the current user has permission to access the requested resource\n► Implement proper authorization checks at EVERY endpoint\n► Use role-based access control (RBAC)\n► Don't rely solely on obscurity (like UUIDs) for security","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,109],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1852315362898882971","view_count":389,"bookmark_count":0,"created_at":1730461371000,"favorite_count":3,"quote_count":0,"reply_count":2,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1852315362898882971","full_text":"Is the number of followers a measure of confidence for you ?\n\nIf so, what's the minimum number of followers ?","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,91],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/b3CnrLnBig","expanded_url":"https://x.com/MRTSec/status/1850264117942104073/video/1","id_str":"1850263598766891008","indices":[92,115],"media_key":"7_1850263598766891008","media_url_https":"https://pbs.twimg.com/ext_tw_video_thumb/1850263598766891008/pu/img/FiTcWsTINvx8Cu-H.jpg","type":"video","url":"https://t.co/b3CnrLnBig","additional_media_info":{"monetizable":false},"ext_media_availability":{"status":"Available"},"sizes":{"large":{"h":1080,"w":1920,"resize":"fit"},"medium":{"h":675,"w":1200,"resize":"fit"},"small":{"h":383,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":1080,"width":1920,"focus_rects":[]},"allow_download_status":{"allow_download":true},"video_info":{"aspect_ratio":[16,9],"duration_millis":73282,"variants":[{"content_type":"application/x-mpegURL","url":"https://video.twimg.com/ext_tw_video/1850263598766891008/pu/pl/sxXTTRp4GqzA_F03.m3u8?tag=12"},{"bitrate":256000,"content_type":"video/mp4","url":"https://video.twimg.com/ext_tw_video/1850263598766891008/pu/vid/avc1/480x270/RbmSEwRI83I_1Xzb.mp4?tag=12"},{"bitrate":832000,"content_type":"video/mp4","url":"https://video.twimg.com/ext_tw_video/1850263598766891008/pu/vid/avc1/640x360/Ri1rqxtUy6BZ7ysk.mp4?tag=12"},{"bitrate":2176000,"content_type":"video/mp4","url":"https://video.twimg.com/ext_tw_video/1850263598766891008/pu/vid/avc1/1280x720/Lk5C9l5211LMhJIe.mp4?tag=12"}]},"media_results":{"result":{"media_key":"7_1850263598766891008"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/b3CnrLnBig","expanded_url":"https://x.com/MRTSec/status/1850264117942104073/video/1","id_str":"1850263598766891008","indices":[92,115],"media_key":"7_1850263598766891008","media_url_https":"https://pbs.twimg.com/ext_tw_video_thumb/1850263598766891008/pu/img/FiTcWsTINvx8Cu-H.jpg","type":"video","url":"https://t.co/b3CnrLnBig","additional_media_info":{"monetizable":false},"ext_media_availability":{"status":"Available"},"sizes":{"large":{"h":1080,"w":1920,"resize":"fit"},"medium":{"h":675,"w":1200,"resize":"fit"},"small":{"h":383,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":1080,"width":1920,"focus_rects":[]},"allow_download_status":{"allow_download":true},"video_info":{"aspect_ratio":[16,9],"duration_millis":73282,"variants":[{"content_type":"application/x-mpegURL","url":"https://video.twimg.com/ext_tw_video/1850263598766891008/pu/pl/sxXTTRp4GqzA_F03.m3u8?tag=12"},{"bitrate":256000,"content_type":"video/mp4","url":"https://video.twimg.com/ext_tw_video/1850263598766891008/pu/vid/avc1/480x270/RbmSEwRI83I_1Xzb.mp4?tag=12"},{"bitrate":832000,"content_type":"video/mp4","url":"https://video.twimg.com/ext_tw_video/1850263598766891008/pu/vid/avc1/640x360/Ri1rqxtUy6BZ7ysk.mp4?tag=12"},{"bitrate":2176000,"content_type":"video/mp4","url":"https://video.twimg.com/ext_tw_video/1850263598766891008/pu/vid/avc1/1280x720/Lk5C9l5211LMhJIe.mp4?tag=12"}]},"media_results":{"result":{"media_key":"7_1850263598766891008"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"scopes":{"followers":false},"fact_check":null,"id":"1850264117942104073","view_count":111,"bookmark_count":0,"created_at":1729972316000,"favorite_count":3,"quote_count":0,"reply_count":2,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1850264117942104073","full_text":"Still under construction but I'm creating my own directory template\n\nWhat could I improve ? https://t.co/b3CnrLnBig","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,108],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1847180671090860216","view_count":87,"bookmark_count":0,"created_at":1729237165000,"favorite_count":0,"quote_count":0,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1847180671090860216","full_text":"Does anyone know the most cost effective AWS instance to run a model such as nvidia/Llama-3.1-Nemotron-70B ?","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,277],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1849419356104478986","view_count":214,"bookmark_count":0,"created_at":1729770909000,"favorite_count":3,"quote_count":1,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849419356104478986","full_text":"1⃣ [PART 1] What is Web Application Security ?\n\nHey, indie hackers friends! 👋 Let's talk about something that may not be the most exciting part of building your SaaS, but is absolutely crucial: web application security. Don't worry - I'll keep it simple and practical, focusing on what you really need to know as a solo founder or small team.\n\n➡️Why Should You Care?\n\nImagine the situation: You've just launched your SaaS after weeks of hard work. You get your first paying customers, things are looking good, and then... boom! Someone finds a security flaw and your users' data is exposed. Not only is this a technical nightmare, it can also destroy the trust you've worked so hard to build.\n\nAs indie hackers, we often wear many hats and have to prioritize. Even if we don't need the same security configuration as a banking system, we absolutely must have the basics in place.\n\n➡️What Exactly Is Web Application Security?\n\nThink of web application security as your home security system. Just as you want to protect your home from break-ins, you want to protect your web application from unauthorized access and attacks.\n\nSimply put, web application security is about\n► Protecting your users' data (such as passwords and personal information)\n► Ensuring that only authorized users can access certain functions\n► Preventing attackers from breaking or misusing your application\n► Maintain your users' trust and your reputation\n\nTomorrow we'll take a look at the three core pillars of web security !","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,65],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/nH57BmXPm2","expanded_url":"https://x.com/MRTSec/status/1849805264519610727/photo/1","id_str":"1849805151093026816","indices":[66,89],"media_key":"3_1849805151093026816","media_url_https":"https://pbs.twimg.com/media/GavT-_aWcAA8g1S.jpg","type":"photo","url":"https://t.co/nH57BmXPm2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":1580,"w":2048,"resize":"fit"},"medium":{"h":926,"w":1200,"resize":"fit"},"small":{"h":525,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":3160,"width":4096,"focus_rects":[{"x":0,"y":0,"w":4096,"h":2294},{"x":0,"y":0,"w":3160,"h":3160},{"x":0,"y":0,"w":2772,"h":3160},{"x":0,"y":0,"w":1580,"h":3160},{"x":0,"y":0,"w":4096,"h":3160}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849805151093026816"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/nH57BmXPm2","expanded_url":"https://x.com/MRTSec/status/1849805264519610727/photo/1","id_str":"1849805151093026816","indices":[66,89],"media_key":"3_1849805151093026816","media_url_https":"https://pbs.twimg.com/media/GavT-_aWcAA8g1S.jpg","type":"photo","url":"https://t.co/nH57BmXPm2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":1580,"w":2048,"resize":"fit"},"medium":{"h":926,"w":1200,"resize":"fit"},"small":{"h":525,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":3160,"width":4096,"focus_rects":[{"x":0,"y":0,"w":4096,"h":2294},{"x":0,"y":0,"w":3160,"h":3160},{"x":0,"y":0,"w":2772,"h":3160},{"x":0,"y":0,"w":1580,"h":3160},{"x":0,"y":0,"w":4096,"h":3160}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1849805151093026816"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"quoted_status_id_str":"1849797590981709903","quoted_status_permalink":{"url":"https://t.co/P9NQcf8iu1","expanded":"https://twitter.com/zalkazemi/status/1849797590981709903","display":"x.com/zalkazemi/stat…"},"retweeted":false,"fact_check":null,"id":"1849805264519610727","view_count":822,"bookmark_count":0,"created_at":1729862917000,"favorite_count":7,"quote_count":1,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1849805264519610727","full_text":"Convert video to text \nAsk ChatGPT to convert text to checkpoints https://t.co/nH57BmXPm2","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":1,"is_ai":null},{"bookmarked":false,"display_text_range":[0,274],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/Gf0P9oTPa2","expanded_url":"https://x.com/MRTSec/status/1850845494664184309/photo/1","id_str":"1850843940179554304","indices":[275,298],"media_key":"3_1850843940179554304","media_url_https":"https://pbs.twimg.com/media/Ga-EweUWMAAEhfT.png","type":"photo","url":"https://t.co/Gf0P9oTPa2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":248,"w":774,"resize":"fit"},"medium":{"h":248,"w":774,"resize":"fit"},"small":{"h":218,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":248,"width":774,"focus_rects":[{"x":0,"y":0,"w":443,"h":248},{"x":0,"y":0,"w":248,"h":248},{"x":0,"y":0,"w":218,"h":248},{"x":34,"y":0,"w":124,"h":248},{"x":0,"y":0,"w":774,"h":248}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1850843940179554304"}}},{"display_url":"pic.x.com/Gf0P9oTPa2","expanded_url":"https://x.com/MRTSec/status/1850845494664184309/photo/1","id_str":"1850844174335066112","indices":[275,298],"media_key":"3_1850844174335066112","media_url_https":"https://pbs.twimg.com/media/Ga-E-GnXwAAHUn-.png","type":"photo","url":"https://t.co/Gf0P9oTPa2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":190,"w":761,"resize":"fit"},"medium":{"h":190,"w":761,"resize":"fit"},"small":{"h":170,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":190,"width":761,"focus_rects":[{"x":0,"y":0,"w":339,"h":190},{"x":0,"y":0,"w":190,"h":190},{"x":12,"y":0,"w":167,"h":190},{"x":48,"y":0,"w":95,"h":190},{"x":0,"y":0,"w":761,"h":190}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1850844174335066112"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/Gf0P9oTPa2","expanded_url":"https://x.com/MRTSec/status/1850845494664184309/photo/1","id_str":"1850843940179554304","indices":[275,298],"media_key":"3_1850843940179554304","media_url_https":"https://pbs.twimg.com/media/Ga-EweUWMAAEhfT.png","type":"photo","url":"https://t.co/Gf0P9oTPa2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":248,"w":774,"resize":"fit"},"medium":{"h":248,"w":774,"resize":"fit"},"small":{"h":218,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":248,"width":774,"focus_rects":[{"x":0,"y":0,"w":443,"h":248},{"x":0,"y":0,"w":248,"h":248},{"x":0,"y":0,"w":218,"h":248},{"x":34,"y":0,"w":124,"h":248},{"x":0,"y":0,"w":774,"h":248}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1850843940179554304"}}},{"display_url":"pic.x.com/Gf0P9oTPa2","expanded_url":"https://x.com/MRTSec/status/1850845494664184309/photo/1","id_str":"1850844174335066112","indices":[275,298],"media_key":"3_1850844174335066112","media_url_https":"https://pbs.twimg.com/media/Ga-E-GnXwAAHUn-.png","type":"photo","url":"https://t.co/Gf0P9oTPa2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":190,"w":761,"resize":"fit"},"medium":{"h":190,"w":761,"resize":"fit"},"small":{"h":170,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":190,"width":761,"focus_rects":[{"x":0,"y":0,"w":339,"h":190},{"x":0,"y":0,"w":190,"h":190},{"x":12,"y":0,"w":167,"h":190},{"x":48,"y":0,"w":95,"h":190},{"x":0,"y":0,"w":761,"h":190}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1850844174335066112"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1850845494664184309","view_count":266,"bookmark_count":1,"created_at":1730110927000,"favorite_count":4,"quote_count":1,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1850845494664184309","full_text":"3⃣ [PART 3] What is Web Application Security ?\nWeb Security Threats and How to Protect Against Them\n\n1. SQL injection\n-----------------------\n\nWhat's involved ? Imagine that someone enters malicious SQL code into your login form instead of a normal username. If not properly protected, this code could give them access to your entire database!\n\nHow to protect yourself?\n► NEVER rely on user input (Global rule)\n► Use parameterized queries (most modern frameworks allow this).\n► Use an ORM (Object-Relational Mapping) like Prisma, Sequelize or Django ORM.\n\nFortunately, with modern solutions, this vulnerability is not as common as it used to be, simply because ORMs effectively protect against SQL Injection.\n\nBut ... misuse of these ORMs can still leave you vulnerable, so don't take security for granted and have your code audited.\n\nTomorrow I'll share a post about two more common vulnerabilities, including my favorite one","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,274],"entities":{"hashtags":[],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"favorited":false,"lang":"en","retweeted":false,"fact_check":null,"id":"1850435755295793651","view_count":74,"bookmark_count":0,"created_at":1730013238000,"favorite_count":1,"quote_count":0,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1850435755295793651","full_text":"October 27, 2023: I want to improve myself\n\n1 year later, where I am ?\n\nI've started reading more books, listening to podcasts, exercising, taking care of my health, paying more attention to many things\n\nResult:\n- 13Kg lost\n- Ran my first 10Km\n- Learned a ton about a ton of things\n- Launched my first side business\n- My best year ever in terms of money\n- Fitter than ever, never tired\n- Happier than ever\n- Still love my 9-5 job\n\nAnd lots of other things, now the important thing is to keep going, I can't wait to take a second look back in a year.","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null},{"bookmarked":false,"display_text_range":[0,171],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/EheCtZJ9J2","expanded_url":"https://x.com/MRTSec/status/1852307599820992939/photo/1","id_str":"1852307568531542016","indices":[172,195],"media_key":"3_1852307568531542016","media_url_https":"https://pbs.twimg.com/media/GbS3620XEAAfC5y.png","type":"photo","url":"https://t.co/EheCtZJ9J2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":431,"w":803,"resize":"fit"},"medium":{"h":431,"w":803,"resize":"fit"},"small":{"h":365,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":431,"width":803,"focus_rects":[{"x":0,"y":0,"w":770,"h":431},{"x":0,"y":0,"w":431,"h":431},{"x":0,"y":0,"w":378,"h":431},{"x":0,"y":0,"w":216,"h":431},{"x":0,"y":0,"w":803,"h":431}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1852307568531542016"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[{"id_str":"1263916889455177729","name":"Zaid Al Kazemi","screen_name":"zalkazemi","indices":[10,20]}]},"extended_entities":{"media":[{"display_url":"pic.x.com/EheCtZJ9J2","expanded_url":"https://x.com/MRTSec/status/1852307599820992939/photo/1","id_str":"1852307568531542016","indices":[172,195],"media_key":"3_1852307568531542016","media_url_https":"https://pbs.twimg.com/media/GbS3620XEAAfC5y.png","type":"photo","url":"https://t.co/EheCtZJ9J2","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":431,"w":803,"resize":"fit"},"medium":{"h":431,"w":803,"resize":"fit"},"small":{"h":365,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":431,"width":803,"focus_rects":[{"x":0,"y":0,"w":770,"h":431},{"x":0,"y":0,"w":431,"h":431},{"x":0,"y":0,"w":378,"h":431},{"x":0,"y":0,"w":216,"h":431},{"x":0,"y":0,"w":803,"h":431}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1852307568531542016"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"quoted_status_id_str":"1852298788188143815","quoted_status_permalink":{"url":"https://t.co/Zh9QovSdnG","expanded":"https://twitter.com/zalkazemi/status/1852298788188143815","display":"x.com/zalkazemi/stat…"},"retweeted":false,"fact_check":null,"id":"1852307599820992939","view_count":362,"bookmark_count":0,"created_at":1730459520000,"favorite_count":4,"quote_count":0,"reply_count":1,"retweet_count":1,"user_id_str":"1752611915988160513","conversation_id_str":"1852307599820992939","full_text":"Thank you @zalkazemi, so valuable !\n\nLike last week, it's easier for me to convert the video into text and then create an action plan, super easy to do with OpenAI Whisper https://t.co/EheCtZJ9J2","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":1,"is_ai":null},{"bookmarked":false,"display_text_range":[0,274],"entities":{"hashtags":[],"media":[{"display_url":"pic.x.com/xtPC7vR5gj","expanded_url":"https://x.com/MRTSec/status/1851644309776351411/photo/1","id_str":"1851643540012466176","indices":[275,298],"media_key":"3_1851643540012466176","media_url_https":"https://pbs.twimg.com/media/GbJb_T0XAAAf_21.png","type":"photo","url":"https://t.co/xtPC7vR5gj","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":399,"w":810,"resize":"fit"},"medium":{"h":399,"w":810,"resize":"fit"},"small":{"h":335,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":399,"width":810,"focus_rects":[{"x":0,"y":0,"w":713,"h":399},{"x":0,"y":0,"w":399,"h":399},{"x":0,"y":0,"w":350,"h":399},{"x":1,"y":0,"w":200,"h":399},{"x":0,"y":0,"w":810,"h":399}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851643540012466176"}}},{"display_url":"pic.x.com/xtPC7vR5gj","expanded_url":"https://x.com/MRTSec/status/1851644309776351411/photo/1","id_str":"1851643675475918848","indices":[275,298],"media_key":"3_1851643675475918848","media_url_https":"https://pbs.twimg.com/media/GbJcHMdXQAAWEA1.png","type":"photo","url":"https://t.co/xtPC7vR5gj","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":559,"w":807,"resize":"fit"},"medium":{"h":559,"w":807,"resize":"fit"},"small":{"h":471,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":559,"width":807,"focus_rects":[{"x":0,"y":0,"w":807,"h":452},{"x":0,"y":0,"w":559,"h":559},{"x":0,"y":0,"w":490,"h":559},{"x":0,"y":0,"w":280,"h":559},{"x":0,"y":0,"w":807,"h":559}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851643675475918848"}}},{"display_url":"pic.x.com/xtPC7vR5gj","expanded_url":"https://x.com/MRTSec/status/1851644309776351411/photo/1","id_str":"1851643801565118464","indices":[275,298],"media_key":"3_1851643801565118464","media_url_https":"https://pbs.twimg.com/media/GbJcOiLXwAAyI_j.png","type":"photo","url":"https://t.co/xtPC7vR5gj","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":342,"w":808,"resize":"fit"},"medium":{"h":342,"w":808,"resize":"fit"},"small":{"h":288,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":342,"width":808,"focus_rects":[{"x":0,"y":0,"w":611,"h":342},{"x":0,"y":0,"w":342,"h":342},{"x":0,"y":0,"w":300,"h":342},{"x":16,"y":0,"w":171,"h":342},{"x":0,"y":0,"w":808,"h":342}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851643801565118464"}}},{"display_url":"pic.x.com/xtPC7vR5gj","expanded_url":"https://x.com/MRTSec/status/1851644309776351411/photo/1","id_str":"1851643911883681792","indices":[275,298],"media_key":"3_1851643911883681792","media_url_https":"https://pbs.twimg.com/media/GbJcU9JXcAAYCcP.png","type":"photo","url":"https://t.co/xtPC7vR5gj","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":530,"w":810,"resize":"fit"},"medium":{"h":530,"w":810,"resize":"fit"},"small":{"h":445,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":530,"width":810,"focus_rects":[{"x":0,"y":0,"w":810,"h":454},{"x":0,"y":0,"w":530,"h":530},{"x":31,"y":0,"w":465,"h":530},{"x":131,"y":0,"w":265,"h":530},{"x":0,"y":0,"w":810,"h":530}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851643911883681792"}}}],"symbols":[],"timestamps":[],"urls":[],"user_mentions":[]},"extended_entities":{"media":[{"display_url":"pic.x.com/xtPC7vR5gj","expanded_url":"https://x.com/MRTSec/status/1851644309776351411/photo/1","id_str":"1851643540012466176","indices":[275,298],"media_key":"3_1851643540012466176","media_url_https":"https://pbs.twimg.com/media/GbJb_T0XAAAf_21.png","type":"photo","url":"https://t.co/xtPC7vR5gj","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":399,"w":810,"resize":"fit"},"medium":{"h":399,"w":810,"resize":"fit"},"small":{"h":335,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":399,"width":810,"focus_rects":[{"x":0,"y":0,"w":713,"h":399},{"x":0,"y":0,"w":399,"h":399},{"x":0,"y":0,"w":350,"h":399},{"x":1,"y":0,"w":200,"h":399},{"x":0,"y":0,"w":810,"h":399}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851643540012466176"}}},{"display_url":"pic.x.com/xtPC7vR5gj","expanded_url":"https://x.com/MRTSec/status/1851644309776351411/photo/1","id_str":"1851643675475918848","indices":[275,298],"media_key":"3_1851643675475918848","media_url_https":"https://pbs.twimg.com/media/GbJcHMdXQAAWEA1.png","type":"photo","url":"https://t.co/xtPC7vR5gj","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":559,"w":807,"resize":"fit"},"medium":{"h":559,"w":807,"resize":"fit"},"small":{"h":471,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":559,"width":807,"focus_rects":[{"x":0,"y":0,"w":807,"h":452},{"x":0,"y":0,"w":559,"h":559},{"x":0,"y":0,"w":490,"h":559},{"x":0,"y":0,"w":280,"h":559},{"x":0,"y":0,"w":807,"h":559}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851643675475918848"}}},{"display_url":"pic.x.com/xtPC7vR5gj","expanded_url":"https://x.com/MRTSec/status/1851644309776351411/photo/1","id_str":"1851643801565118464","indices":[275,298],"media_key":"3_1851643801565118464","media_url_https":"https://pbs.twimg.com/media/GbJcOiLXwAAyI_j.png","type":"photo","url":"https://t.co/xtPC7vR5gj","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":342,"w":808,"resize":"fit"},"medium":{"h":342,"w":808,"resize":"fit"},"small":{"h":288,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":342,"width":808,"focus_rects":[{"x":0,"y":0,"w":611,"h":342},{"x":0,"y":0,"w":342,"h":342},{"x":0,"y":0,"w":300,"h":342},{"x":16,"y":0,"w":171,"h":342},{"x":0,"y":0,"w":808,"h":342}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851643801565118464"}}},{"display_url":"pic.x.com/xtPC7vR5gj","expanded_url":"https://x.com/MRTSec/status/1851644309776351411/photo/1","id_str":"1851643911883681792","indices":[275,298],"media_key":"3_1851643911883681792","media_url_https":"https://pbs.twimg.com/media/GbJcU9JXcAAYCcP.png","type":"photo","url":"https://t.co/xtPC7vR5gj","ext_media_availability":{"status":"Available"},"features":{"large":{"faces":[]},"medium":{"faces":[]},"small":{"faces":[]},"orig":{"faces":[]}},"sizes":{"large":{"h":530,"w":810,"resize":"fit"},"medium":{"h":530,"w":810,"resize":"fit"},"small":{"h":445,"w":680,"resize":"fit"},"thumb":{"h":150,"w":150,"resize":"crop"}},"original_info":{"height":530,"width":810,"focus_rects":[{"x":0,"y":0,"w":810,"h":454},{"x":0,"y":0,"w":530,"h":530},{"x":31,"y":0,"w":465,"h":530},{"x":131,"y":0,"w":265,"h":530},{"x":0,"y":0,"w":810,"h":530}]},"allow_download_status":{"allow_download":true},"media_results":{"result":{"media_key":"3_1851643911883681792"}}}]},"favorited":false,"lang":"en","possibly_sensitive":false,"possibly_sensitive_editable":true,"retweeted":false,"fact_check":null,"id":"1851644309776351411","view_count":148,"bookmark_count":1,"created_at":1730301379000,"favorite_count":4,"quote_count":1,"reply_count":1,"retweet_count":0,"user_id_str":"1752611915988160513","conversation_id_str":"1851644309776351411","full_text":"5⃣ [PART 5] What is Web Application Security ?\n\nYesterday we started talking about XSS (Cross-Site Scripting), today we're going to talk about some measures that can be put in place.\n\nContent Security Policy (CSP)\n------------------------\n\nCSP is a security layer that helps prevent XSS attacks by specifying which content sources are trusted and can be loaded by the browser, thus blocking the execution of malicious scripts from unauthorized sources.\n\nOutput Encoding Based on Context\n------------------------\n\nConverts characters into their encoded equivalents based on where they appear (HTML, JavaScript, URLs, etc.) to prevent them from being interpreted as code.\n\nFramework-specific best practices\n------------------------\n\nInvolve using built-in security features and templating systems that automatically escape user input and prevent XSS vulnerabilities.\n\nInput validation and sanitization (Golden Rule)\n------------------------\n\ninvolves checking user input against allowed patterns/characters and removing/encoding potentially malicious content before processing or storing it.\n\nTomorrow we'll be talking about a vulnerability that's impacting a lot of SaaS here, why ? because you're accepting arbitrary URLs, but we'll see about that tomorrow 😁","in_reply_to_user_id_str":null,"in_reply_to_status_id_str":null,"is_quote_status":0,"is_ai":null}],"activities":null,"interactions":null,"interactions_updated":null,"created":1730982629092,"updated":1761697771881,"type":"the analyst","hits":1},"people":[{"user":{},"details":{"type":"The Analyst","description":"Android Developers is the ultimate hub for techies, delivering cutting-edge news, best practices, and hands-on tutorials for everything Android! With energetic tweets and updates, they keep the developer community informed and inspired. Their vibrant engagement invites a diverse audience to explore the fascinating world of Android development.","purpose":"To empower Android developers with essential knowledge and tools to create innovative applications that redefine user experiences.","beliefs":"They believe in open-source collaboration, continuous learning, and the importance of creating accessible and efficient technology for all users.","facts":"Fun fact: This profile has tweeted over 7,600 times, making them a prolific source of information and updates on all things Android!","strength":"Their strength lies in their deep understanding of Android technology, enabling them to provide valuable insights and resources to a growing community.","weakness":"A potential weakness is that they may focus too much on technical jargon, which could alienate less experienced developers or newcomers.","roast":"Android Developers, ever heard of 'less is more'? At this rate, your tweets are more frequent than a teenager's TikTok uploads! Maybe try incorporating a few meme breaks to spice it up!","win":"Their biggest win is launching the first Beta of Android 15, showcasing their pivotal role in the Android development ecosystem.","recommendation":"To grow their audience on X, consider hosting live tweet sessions or AMAs (Ask Me Anything) where developers can directly interact and ask questions about the latest updates and features."},"created":1731480434525,"type":"the analyst","id":"androiddev"},{"user":{"created_at":"Sun Sep 01 19:52:15 +0000 2024","default_profile":true,"default_profile_image":false,"description":"","entities":{"description":{"urls":[]}},"fast_followers_count":0,"favourites_count":4096,"followers_count":12,"friends_count":31,"has_custom_timelines":false,"is_translator":false,"listed_count":0,"location":"","media_count":12,"name":"chaincuts","normal_followers_count":12,"pinned_tweet_ids_str":[],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/1830332807496732673/1726511188","profile_image_url_https":"https://pbs.twimg.com/profile_images/1840161194591531008/Le7j8DSK_normal.jpg","profile_interstitial_type":"","screen_name":"dearedchain","statuses_count":47,"translator_type":"none","verified":false,"withheld_in_countries":[],"id":"1830332807496732673"},"details":{"type":"The Analyst","description":"Meet Chaincuts, the analytical mind of the social media realm! With a keen eye for detail and a knack for unpacking the layers of online interactions, Chaincuts dissects trends like a seasoned detective, revealing the hidden stories behind every tweet.","purpose":"To uncover the underlying truths of social media behavior while providing insightful commentary that provokes thought and conversation.","beliefs":"Chaincuts believes in the power of data to explain human behavior, advocating for informed discussions backed by evidence and critical thinking.","facts":"Fun fact: Chaincuts has probably single-handedly increased the world's average tweet critique score!","strength":"Exceptional analytical skills and a deep understanding of online behavior trends.","weakness":"Sometimes gets so lost in data that they forget to engage with the human element, leading to less personal connection with their audience.","roast":"Chaincuts, with all that analyzing, you still haven’t figured out how to convince us that 'I'm too busy studying twitter' is a valid excuse for your social life!","win":"Successfully predicted a viral tweet trend weeks before it happened, earning them respect among fellow analysts.","recommendation":"To grow their audience on X, Chaincuts should sprinkle in some engaging visuals and personal anecdotes with their analysis to create a more relatable and approachable vibe."},"created":1731363199920,"type":"the analyst","id":"dearedchain"},{"user":{"created_at":"Fri Feb 02 18:08:46 +0000 2018","default_profile":true,"default_profile_image":false,"description":"","entities":{"description":{"urls":[]}},"fast_followers_count":0,"favourites_count":283,"followers_count":56,"friends_count":488,"has_custom_timelines":true,"is_translator":false,"listed_count":1,"location":"","media_count":24,"name":"Mario","normal_followers_count":56,"pinned_tweet_ids_str":["1226906043541794817"],"possibly_sensitive":false,"profile_image_url_https":"https://pbs.twimg.com/profile_images/1816436614979059712/Vr_g41zd_normal.jpg","profile_interstitial_type":"","screen_name":"mario30394917","statuses_count":1274,"translator_type":"none","verified":false,"withheld_in_countries":[],"id":"959488781538734080"},"details":{"type":"The Analyst","description":"Meet Mario, the analytical powerhouse with an unwavering eye for detail! With 1,274 tweets under his belt, he’s like a digital detective, piecing together the puzzle of social media interactions and trends. He may not have a massive follower count yet, but the insights he shares are worth their weight in gold!","purpose":"Mario's life purpose revolves around unraveling the complexities of human behavior in the digital age, aiming to empower others through knowledge and data-driven insights.","beliefs":"He believes in the transformative power of information and that understanding social dynamics can lead to stronger communities and more meaningful interactions online.","facts":"Fun fact: Mario once analyzed the tweet patterns of a popular celebrity and predicted their next trending topic—accuracy level: mind-blowing!","strength":"Mario's greatest strength is his ability to dissect complex data and turn it into relatable insights, which helps others navigate the ever-changing social media landscape.","weakness":"His analytical nature sometimes leads to overthinking, which can cause him to second-guess his content before hitting 'tweet.'","roast":"Mario, your tweets have more charts and graphs than a middle school science fair! Ever thought of making them a little more... you know, 'vibrant'? Maybe sprinkle in a meme or two for that extra flair?","win":"Mario successfully launched a mini-campaign to educate new users on effective tweeting strategies, resulting in a 150% increase in engagement for participants!","recommendation":"To grow his audience on X, Mario should infuse his insightful analyses with a bit more personality—think storytelling combined with data! Engaging visuals and relatable anecdotes can make even the driest stats come alive!"},"created":1731343745066,"type":"the analyst","id":"mario30394917"},{"user":{"created_at":"Sat Feb 23 00:34:43 +0000 2019","default_profile":true,"default_profile_image":false,"description":"Licenciado en Contabilidad y Finanzas. Orgulloso de vivir en Bartolomé Masó Márquez, Granma, Cuba y de ser cubano 💯%.","entities":{"description":{"urls":[]},"url":{"urls":[{"display_url":"t.me/noticiasmaso","expanded_url":"http://t.me/noticiasmaso","url":"https://t.co/5OANJkP6bG","indices":[0,23]}]}},"fast_followers_count":0,"favourites_count":46,"followers_count":69,"friends_count":66,"has_custom_timelines":false,"is_translator":false,"listed_count":0,"location":"Cuba","media_count":48,"name":"Jordany Sutil Veloz","normal_followers_count":69,"pinned_tweet_ids_str":[],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/1099105234973011968/1551138461","profile_image_url_https":"https://pbs.twimg.com/profile_images/1099391372577128453/pZvero6i_normal.png","profile_interstitial_type":"","screen_name":"jordanysutilv","statuses_count":117,"translator_type":"none","url":"https://t.co/5OANJkP6bG","verified":false,"withheld_in_countries":[],"id":"1099105234973011968"},"details":{"type":"The Analyst","description":"Meet Jordany Sutil Veloz, a detail-oriented analyst with a knack for dissecting numbers and trends while proudly representing Bartolomé Masó Márquez, Granma, Cuba. With a background in accounting and finance, he's the go-to guru for making sense of complex data and spotting the hidden gems in social interactions. Prepare for a blend of insightful observations and a heartfelt love for the Cuban culture, stirred into each tweet!","purpose":"Jordany's life purpose revolves around translating complex financial concepts into simple, digestible insights that empower those around him, fostering informed decision-making within his community.","beliefs":"Jordany values transparency, integrity, and community support, believing that financial literacy can uplift individuals and contribute to a stronger society.","facts":"Fun fact: Jordany is so passionate about data that he once analyzed the spending patterns of local ice cream shops just to find the best flavor combination!","strength":"His analytical skills allow him to deliver meticulous insights, making him a trusted source for understanding financial trends and implications.","weakness":"While analytical prowess is a strength, Jordany sometimes struggles with overly technical language, which can alienate those not familiar with financial jargon.","roast":"Jordany analyzes numbers with the enthusiasm of a kid who just found the candy aisle, but let’s be real; sometimes it feels like he’s analyzing a spreadsheet instead of just chilling out with some ice cream!","win":"Jordany recently helped a local business optimize their financial planning, resulting in a 20% increase in profit margins—a real win for him and his community!","recommendation":"To grow his audience on X, Jordany should create a series of engaging infographics or short videos breaking down common financial concepts, making it visually appealing and easier for his followers to digest!"},"created":1731162284566,"type":"the analyst","id":"jordanysutilv"},{"user":{"created_at":"Fri Oct 24 08:57:39 +0000 2008","default_profile":true,"default_profile_image":false,"description":"fullstack engineer. ♥️ ai and blockchain. // Python · Laravel · Next.js · Solidity","entities":{"description":{"urls":[]}},"fast_followers_count":0,"favourites_count":19,"followers_count":7,"friends_count":2,"has_custom_timelines":false,"is_translator":false,"listed_count":1,"location":"AI","media_count":12,"name":"Milon Biswas","normal_followers_count":7,"pinned_tweet_ids_str":[],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/16946124/1719585559","profile_image_url_https":"https://pbs.twimg.com/profile_images/1844167915878146066/eOSiEoz9_normal.jpg","profile_interstitial_type":"","screen_name":"0xmilon","statuses_count":113,"translator_type":"none","verified":false,"withheld_in_countries":[],"id":"16946124"},"details":{"type":"The Analyst","description":"Milon Biswas is a tech-savvy fullstack engineer with a passion for AI and blockchain. With expertise in Python, Laravel, Next.js, and Solidity, he's making waves in the digital realm, one insightful tweet at a time. He’s a master at dissecting complex tech concepts and sharing them in digestible bites.","purpose":"Milon's life purpose is to bridge the gap between technology and accessibility, empowering others to understand and utilize AI and blockchain efficiently.","beliefs":"He believes in the transformative potential of technology and advocates for ethical practices in AI and blockchain development.","facts":"Milon once coded his way through a 24-hour hackathon and emerged with a fully functional blockchain application; coffee was his secret weapon!","strength":"Milon's strength lies in his analytical mind, allowing him to break down intricate processes and convey them in a way that resonates with his audience.","weakness":"However, being so deeply analytical sometimes makes him overly critical, potentially deterring those who might find his insights intimidating.","roast":"Milon, your tweets are like those really complex math problems—impressive but leave the rest of us feeling like we need a PhD in blockchain just to nod along!","win":"Milon's biggest win was contributing to an open-source AI project that gained over a thousand stars on GitHub in just a month.","recommendation":"To grow his audience on X, Milon should engage more actively with the tech community by commenting on trending topics and sharing his own insights, which could turn those two followed accounts into a thriving network of tech enthusiasts!"},"created":1731126968398,"type":"the analyst","id":"0xmilon"},{"user":{"id":"59340951","name":"LeoDias 🍿","description":"Acesse o https://t.co/jJmEMey5Sw","followers_count":2055214,"friends_count":857,"statuses_count":100458,"profile_image_url_https":"https://pbs.twimg.com/profile_images/1699086980196315136/Q_rP7x8l_normal.jpg","screen_name":"euleodias","location":"Cabo de Santo Agostinho","entities":{"description":{"urls":[{"display_url":"PortalLeodias.com","expanded_url":"http://PortalLeodias.com","url":"https://t.co/jJmEMey5Sw","indices":[9,32]}]},"url":{"urls":[{"display_url":"portalleodias.com","expanded_url":"https://portalleodias.com/","url":"https://t.co/tRFAKizXY6","indices":[0,23]}]}},"is_blue_verified":1},"details":{"type":"The Analyst","description":"Meet LeoDias 🍿, the digital detective of the social media scene! With an impressive analysis of pop culture and entertainment trends, he deciphers the latest happenings in the world of celebrity and reality TV, bringing insightful takes to his engaged followers.","purpose":"Leo's life purpose revolves around unraveling the complexities of popular culture, enlightening his audience with sharp analyses that keep them in the know and entertained.","beliefs":"He believes in the power of information and analysis, maintaining that understanding societal trends amplifies our collective experience. Leo values transparency and authenticity in celebrity culture, striving to pull back the curtain on the glitzy facade.","facts":"Fun fact: Leo has tweeted more than 70,000 times, which means he probably has the keyboard tattoos to prove it!","strength":"Leo's strength lies in his analytical thinking; he can dissect even the most chaotic entertainment news and provide clarity that keeps his followers coming back for more.","weakness":"However, his deep focus on analysis can make him miss the more light-hearted, spontaneous moments that resonate with a broader audience.","roast":"Leo's tweets are so analytical, even Sherlock Holmes would ask him to chill out for a moment! You know the truth is always more exciting than the hyper-analysis, right? Or maybe you just have a one-way ticket to Analysisville and forgot to book the return trip!","win":"Leo's biggest win came when one of his tweets went viral, garnering over 2,000 likes and a flood of engagement, proving that his analytical prowess can indeed entertain.","recommendation":"To grow his audience on X, Leo should sprinkle in some lighter, trendier tweets alongside his deep dives to strike a balance that attracts both casual followers and fellow analysts."},"created":1731093158655,"type":"the analyst","id":"euleodias"},{"user":{"created_at":"Wed Apr 26 13:33:18 +0000 2023","default_profile":true,"default_profile_image":false,"description":"full-time option seller trying to generate regular income from the markets and logging his trades and market views.","entities":{"description":{"urls":[]}},"fast_followers_count":0,"favourites_count":8156,"followers_count":147,"friends_count":140,"has_custom_timelines":false,"is_translator":false,"listed_count":0,"location":"India","media_count":398,"name":"AS🦋","normal_followers_count":147,"pinned_tweet_ids_str":[],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/1651217856141426690/1724602257","profile_image_url_https":"https://pbs.twimg.com/profile_images/1658789283984031744/auKYUL0J_normal.jpg","profile_interstitial_type":"","screen_name":"ValueVisionary","statuses_count":2283,"translator_type":"none","verified":false,"withheld_in_countries":[],"id":"1651217856141426690"},"details":{"type":"The Analyst","description":"Meet AS🦋, the keen observer of the markets! With a relentless passion for option selling, they're not just sharing trades; they're painting a vivid picture of market dynamics through insightful analysis and engaging commentary.","purpose":"AS🦋 aims to demystify the complexities of trading and empower others to navigate the markets with confidence and knowledge.","beliefs":"They believe in the power of informed decision-making and transparency in trading, valuing education and community support over reckless speculation.","facts":"Fun fact: AS🦋 has tweeted about their trading journey over 2,283 times, making them a walking archive of trading insights and market observations!","strength":"Their analytical prowess shines through, allowing them to dissect market trends with precision and clarity, making complex concepts accessible for all.","weakness":"However, AS🦋 may struggle with engagement, as their analytical focus can sometimes overshadow the need to connect on a more personal level with their audience.","roast":"AS🦋, your trading wisdom is like an option – it can expire if there's no one around to appreciate it! Maybe throw in a meme or two to spice up those market insights?","win":"Their biggest win? Successfully generating regular income from options trading, proving that with discipline and analysis, one can thrive amid market chaos.","recommendation":"To grow their audience on X, AS🦋 should consider sharing more relatable trading anecdotes and engaging with followers through polls or discussions that invite interaction."},"created":1731087910368,"type":"the analyst","id":"valuevisionary"},{"user":{"created_at":"Thu Jul 20 19:11:16 +0000 2023","default_profile":true,"default_profile_image":false,"description":"Building portfolio of SaaS \n\n- Free calendar to see all subscriptions (https://t.co/zpvbId6CTc)\n\n(4 prev 🔴)","entities":{"description":{"urls":[{"display_url":"Zuras.Online","expanded_url":"http://Zuras.Online","url":"https://t.co/zpvbId6CTc","indices":[71,94]}]}},"fast_followers_count":0,"favourites_count":599,"followers_count":41,"friends_count":42,"has_custom_timelines":false,"is_translator":false,"listed_count":1,"location":"","media_count":120,"name":"Usman Drigrocha","normal_followers_count":41,"pinned_tweet_ids_str":["1853069838576726219"],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/1682105865321717760/1718832176","profile_image_url_https":"https://pbs.twimg.com/profile_images/1842598503291453440/wXRDrCXu_normal.jpg","profile_interstitial_type":"","screen_name":"UsmanDrigrocha","statuses_count":1657,"translator_type":"none","verified":false,"withheld_in_countries":[],"id":"1682105865321717760"},"details":{"type":"The Analyst","description":"Usman Drigrocha is a keen observer of the SaaS landscape, leveraging insights to build a portfolio that showcases his analytical prowess. He analyzes trends, discussions, and user behaviors while engaging his small but focused community with thoughtful inquiries and reflections in the tech world. With a commitment to growth and knowledge-sharing, he is on a mission to streamline SaaS experiences for everyone.","purpose":"Usman's life purpose is to demystify the complexities of SaaS and empower others through knowledge sharing and community engagement, leading to more informed decisions and successful ventures.","beliefs":"He believes in the power of data-driven insights to foster innovation and collaboration in the tech space. Usman values transparency in the tech industry and champions open discussions around the evolving SaaS landscape.","facts":"Fun Fact: Usman's creative endeavor includes creating a free calendar to manage all subscriptions, showing his knack for organization and resource-sharing.","strength":"Usman's analytical skills allow him to dissect intricate topics and present them in a digestible format, making him a go-to source for those navigating the SaaS world.","weakness":"While insightful, he might struggle with gaining broader engagement due to a niche focus and relatively low follower count, which can sometimes lead to limited visibility.","roast":"Usman, your tweets are like a good SaaS product—full of potential, but sometimes it feels like you're on a never-ending beta test! If only your engagement metrics were as booming as your passion for subscriptions!","win":"His biggest win so far is creating a resourceful tool with the free calendar for tracking subscriptions, positioning himself as someone who not only consumes but also contributes value in the SaaS community.","recommendation":"To grow his audience on X (previously Twitter), Usman should consider engaging in trending discussions within SaaS communities, leveraging popular hashtags, and collaborating with other influencers to amplify his insights and reach."},"created":1730914168251,"type":"the analyst","id":"usmandrigrocha"},{"user":{"created_at":"Fri Oct 29 15:46:32 +0000 2010","default_profile":false,"default_profile_image":false,"description":"I grow YouTube channels. 10 billion+ views generated. 10+ years of experience. Worked w: @Jesser @MrBeast @RedBull & many more. Building a YouTube accelerator.","entities":{"description":{"urls":[]},"url":{"urls":[{"display_url":"paddygalloway.com/join","expanded_url":"https://www.paddygalloway.com/join","url":"https://t.co/xDmrZSDNdR","indices":[0,23]}]}},"fast_followers_count":0,"favourites_count":12903,"followers_count":114732,"friends_count":1992,"has_custom_timelines":true,"is_translator":false,"listed_count":736,"location":"Austin, TX","media_count":1318,"name":"Paddy Galloway","normal_followers_count":114732,"pinned_tweet_ids_str":["1782802698150048114"],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/209635114/1697043376","profile_image_url_https":"https://pbs.twimg.com/profile_images/1398093538592763906/Pt0RMi6D_normal.jpg","profile_interstitial_type":"","screen_name":"PaddyG96","statuses_count":8878,"translator_type":"none","url":"https://t.co/xDmrZSDNdR","verified":false,"withheld_in_countries":[],"id":"209635114"},"details":{"type":"The Analyst","description":"Meet Paddy Galloway, a YouTube wizard with a decade of experience under his belt, responsible for cranking out 10 billion+ views! From decoding viral trends to consulting with big names like MrBeast, he's the go-to guru for anyone looking to elevate their channel.","purpose":"Paddy's life purpose is to empower content creators, helping them understand the intricacies of platform algorithms and optimize their craft for maximum reach.","beliefs":"He believes in the power of data to drive creativity and impact, holding that viral success is rooted in strategic insight and understanding viewer behavior.","facts":"Fun fact: Paddy has worked with heavyweights like Jesser and RedBull, showcasing that he’s not just in the game; he’s playing at the championship level!","strength":"His analytical prowess allows him to dissect trends and predict what content will resonate, giving creators an edge in a competitive landscape.","weakness":"However, he can get bogged down in data, sometimes losing sight of the creative spark that ignites passion and connection with audiences.","roast":"Paddy, with all those hours spent analyzing data, I bet even your coffee has a detailed SWOT analysis—'This brew has great potential, but the bitterness might scare away new viewers!'","win":"His biggest win? Helping creators amass a staggering 10 billion views, proving that he truly knows how to turn content into gold!","recommendation":"To grow his audience on X, Paddy should consider sharing bite-sized insights through fun, engaging threads that break down key takeaways from his extensive analyses—maybe even sprinkling in some cheeky behind-the-scenes stories from his collaborations with the stars."},"created":1730274486392,"type":"the analyst","id":"paddyg96"},{"user":{"created_at":"Wed Oct 28 20:41:10 +0000 2015","default_profile":true,"default_profile_image":false,"description":"Researcher | The internet can be your lottery ticket or your prison sentence","entities":{"description":{"urls":[]}},"fast_followers_count":0,"favourites_count":4479,"followers_count":453,"friends_count":381,"has_custom_timelines":true,"is_translator":false,"listed_count":4,"location":"Argentina","media_count":147,"name":"Manu","normal_followers_count":453,"pinned_tweet_ids_str":["1806089167845372370"],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/4063141756/1725852827","profile_image_url_https":"https://pbs.twimg.com/profile_images/1547730349110616065/Td2eC0W__normal.jpg","profile_interstitial_type":"","screen_name":"Manuelmao1","statuses_count":1382,"translator_type":"none","verified":false,"withheld_in_countries":[],"id":"4063141756"},"details":{"type":"The Analyst","description":"Meet Manu, your go-to digital detective! With a sharp analytical mind, they break down complex ideas into digestible insights, proving that the internet can either elevate or trap you, depending on how you navigate it.","purpose":"Manu's life purpose revolves around empowering others through knowledge and critical analysis, ensuring that they can harness the internet's potential while avoiding its pitfalls.","beliefs":"They believe in the power of informed choices and the importance of critical thinking in the age of information overload, advocating for clarity and transparency in digital discourse.","facts":"Fun fact: Manu not only engages with thought-provoking content but also takes the time to create captions for important videos, making information accessible to a wider audience!","strength":"Manu's analytical prowess allows them to dissect complex topics effortlessly, engaging their audience with valuable insights that spark meaningful conversations.","weakness":"However, Manu might sometimes get too caught up in the minutiae, leading to tweets that only a select few find fascinating while missing the broader appeal.","roast":"Manu dives so deep into analysis, it's like watching a documentary on the nuances of grass growing—fascinating to you, but for the rest of us, could you maybe sprinkle in a cat meme or two?","win":"Manu's biggest win is creating Japanese captions for a crucial episode, making the information accessible to a completely new audience and bridging cultural gaps.","recommendation":"To grow their audience on X, Manu should occasionally weave in relatable, light-hearted content alongside their insights—maybe a twist of humor can widen their appeal without sacrificing depth!"},"created":1730230411049,"type":"the analyst","id":"manuelmao1"},{"user":{"created_at":"Sun Apr 07 02:25:22 +0000 2013","default_profile":false,"default_profile_image":false,"description":"📈💰 https://t.co/thOG7skdEh | Improve your trading\n🛠️🧑💻 https://t.co/eqCXkuFmzD","entities":{"description":{"urls":[{"display_url":"traderstats.app","expanded_url":"https://traderstats.app","url":"https://t.co/thOG7skdEh","indices":[3,26]},{"display_url":"indiepa.ge/thealexporter","expanded_url":"https://indiepa.ge/thealexporter","url":"https://t.co/eqCXkuFmzD","indices":[56,79]}]}},"fast_followers_count":0,"favourites_count":8879,"followers_count":128,"friends_count":632,"has_custom_timelines":true,"is_translator":false,"listed_count":2,"location":"","media_count":9,"name":"Alex Porter","normal_followers_count":128,"pinned_tweet_ids_str":["1834667144203977148"],"possibly_sensitive":false,"profile_banner_url":"https://pbs.twimg.com/profile_banners/1332964568/1724211785","profile_image_url_https":"https://pbs.twimg.com/profile_images/1845960008313298944/TFik-W3T_normal.jpg","profile_interstitial_type":"","screen_name":"TheAlexPorter","statuses_count":352,"translator_type":"none","verified":false,"withheld_in_countries":[],"id":"1332964568"},"details":{"type":"The Analyst","description":"Meet Alex Porter, the data-driven guru on a mission to decode the secrets of trading and SEO! With a keen eye for details and a passion for numbers, they’re on a quest to elevate your financial game, one tweet at a time.","purpose":"Alex's life purpose revolves around empowering others through informed decision-making in trading and digital strategies, enabling them to harness the full power of data.","beliefs":"They believe in the transformative power of knowledge and data, advocating for transparent and insightful trading practices while valuing hard facts over mere speculation.","facts":"Fun fact: Alex has an uncanny ability to find SEO gold in even the most obscure indie websites—making them the Sherlock Holmes of backlinks!","strength":"Alex excels in analytical thinking and is adept at breaking down complex concepts into accessible insights, making them a valuable resource for fellow traders and analysts.","weakness":"Sometimes, Alex can get so lost in data analysis that they forget there are human emotions behind trading decisions, which can lead to overly technical discussions.","roast":"If 'parsing through data' were an Olympic sport, Alex would be the first-ever gold medalist—just remember that sometimes, it's okay to put down the spreadsheet and actually interact with humans!","win":"Their biggest win? Successfully identifying a trending trading strategy that gained significant traction among followers, proving that hard work in analysis pays off!","recommendation":"To grow their audience on X, Alex should share more personal insights and stories about how they apply their analytical skills in real-time trading scenarios, adding a touch of relatability to their expert advice."},"created":1730183061294,"type":"the analyst","id":"thealexporter"},{"user":{},"details":{"type":"The Analyst","description":"GOAL News thrives in the world of sports analysis, dissecting every play and decision like a seasoned referee with a whistle and a clipboard. With an impressive tally of over 244,000 tweets, they’re the go-to source for die-hard football enthusiasts seeking data-driven insights and predictions. Their sharp observations about the game, mixed with a sprinkle of sarcasm, keep followers in the know and entertained.","purpose":"To shine a light on the intricate details of football, transforming mundane stats into thrilling narratives that fuel discussions and debates.","beliefs":"Believes that every match has a story and every player is a protagonist—champions are made through grit, strategy, and a little bit of luck on the pitch.","facts":"Fun fact: GOAL News has tweeted over 244,000 times—if each tweet were a step, they could have walked around the globe several times!","strength":"Exceptional at analyzing game dynamics and predicting outcomes, providing followers with rich context to the beautiful game.","weakness":"Sometimes too caught up in stats, which might alienate casual fans who just want to enjoy the game without getting into the nitty-gritty.","roast":"GOAL News tweets so much that if Twitter had a doctor’s office, they'd be the frequent flyer with a prescription for 'less is more'—maybe take a break at the field instead of running analytics on the sidelines?","win":"One of their biggest wins includes a tweet that went viral, garnering over 70,000 views, showcasing their reach and influence in sports discussions.","recommendation":"To grow their audience on X, GOAL News should incorporate engaging visuals and infographics that highlight key insights from their analyses, making the data more accessible and shareable."},"created":1730080169724,"type":"the analyst","id":"goalnews"}],"activities":{"nreplies":[],"nbookmarks":[],"nretweets":[],"nlikes":[],"nviews":[]},"interactions":null}},"settings":{},"session":null,"routeProps":{"/creators/:username":{}}}
SuperX
