# AppSec Newsletter 0036

### Links

* [URL validation bypass cheat sheet | PortSwigger](https://portswigger.net/web-security/ssrf/url-validation-bypass-cheat-sheet)
    
* [Learn AWS Pentesting | Tyler Ramsbey](https://www.youtube.com/playlist?app=desktop&list=PLMoaZm9nyKaNRN0SoR_PBVYc_RAhbZdG4&si=w9DowKDlYt071M9P)
    
* [Burp Suite - Deep Dive | Cristi Vlad](https://www.youtube.com/playlist?list=PLonlF40eS6nzPfbOv5NHv5SpUOcPH7daP)
    
* [Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information](https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/)
    
* [SaaS attack techniques](https://github.com/pushsecurity/saas-attacks)
    
* [CAPEC-STRIDE Mapping](https://www.ostering.com/blog/2022/03/07/capec-stride-mapping/)
    
* [Gotta cache 'em all: bending the rules of web cache exploitation](https://portswigger.net/research/gotta-cache-em-all)
