Application Security This Week for October 18

Great explainer on using OWASP ZAP, instead of DotDotPwn, for directory traversal attacks.  I haven't used it yet but it looks really promising.

https://diegogiacomelli.com.br/owasp-zap-path-traversal-and-asp-dotnet-notes/

 

Wanna write Burp extensions? Me too! Here's some good tools.

https://github.com/doyensec/burpdeveltraining

 

Man, I'm doing a lot with Docker container security.  This is a good breakdown.

https://cloudberry.engineering/article/dockerfile-security-best-practices/

 

That's the news folks.  Hope you are all doing well.

 

Application Security This Week for October 11

Totally forgot to do this last week, sorry.

 

Telerik released Fiddler Everywhere

https://www.telerik.com/fiddler

 

Github has added code scanning

https://github.blog/2020-09-30-code-scanning-is-now-available/

 

Another example of what I am admittedly harping on too much - the power of HTTP Smuggling

https://medium.com/@ricardoiramar/the-powerful-http-request-smuggling-af208fafa142

 

Here's a cool intro to  manual static vulnerable analysis by Will Butler

https://btlr.dev/blog/how-to-find-vulnerabilities-in-code-bad-words

 

Some basics of securing APIs

https://dev.to/bearer/api-security-best-practices-3gjl

 

Have a good week, everyone!

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList