# AppSec Newsletter 0035

### Vídeo novo no canal!

%[https://www.youtube.com/watch?v=iQ-TcXrf8BE] 

### Links

* [Splitting the email atom: exploiting parsers to bypass access controls](https://portswigger.net/research/splitting-the-email-atom)
    
* [Using AI for Offensive Security](https://cloudsecurityalliance.org/artifacts/using-ai-for-offensive-security)
    
* [Bypassing API rate limiting using IP rotation in Burp Suite](https://danaepp.com/bypassing-api-rate-limiting-using-ip-rotation-in-burp-suite)
    
* [TruffleHog Now Analyzes Permissions Of API Keys and Passwords](https://trufflesecurity.com/blog/trufflehog-now-analyzes-permissions-of-api-keys-and-passwords)
    
* [How did Facebook intercept their competitor's encrypted mobile app traffic?](https://doubleagent.net/onavo-facebook-ssl-mitm-technical-analysis/)
    
* [Datadog Extension for Visual Studio Code](https://docs.datadoghq.com/developers/ide_plugins/vscode/#static-analysis)
    
* [Fast, Cheap and Good | An Unusual Trade-off Available in Threat Modeling by Adam Shostack](https://shostack.org/files/papers/Fast-Cheap-and-Good.pdf)
    

### **Siga o Guia de AppSec nas redes!**

* Youtube: [**youtube.com/@GuiadeAppSec**](http://youtube.com/@GuiadeAppSec)
    
* Twitter / X: [**twitter.com/guiadeappsec**](http://twitter.com/guiadeappsec)
    
* Site: [**guiadeappsec.com.br**](http://guiadeappsec.com.br/)
