Application Security This Week for January 17

Breakdown of a malicious app that man-in-the-middled the Google Signin.


Good Wired article about tools the fibby uses to get around smartphone encryption.


Oh man, cross-origin images and data leakage.  Certainly adding this to my manual testing.


This has been patched, but a really good explainer on how the RCE in Office 365 was discovered.


Using game hacking to explain the danger of unsigned code.


Have a great week folks!

Application Security This Week for January 10

Hey, welcome back from holidays.  Quite a week it has been.


Portswigger has a really good writeup of OAUTH 2 vulnerabilities.


This isn't so much appsec, but it is really interesting code that hacks a game - Cyberpunk 2077 minigame resolver.


SolarWinds just keeps on giving.


Keep on keeping on, folks.

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.



profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites