Application Security This Week for October 13

Portswigger has some good research on a new angle for cross-site leak attacks:

https://portswigger.net/research/xs-leak-leaking-ids-using-focus

 

Serverless inftastructures are slipping through the cracks as far as security testing goes.  Here's a new tool for Amazon Lambda - hopefully it leads to more.

https://www.darknet.org.uk/2019/10/lambdaguard-aws-lambda-serverless-security-scanner/

 

Mozilla isolated an interesting RCE bug in iTerm2:

https://blog.mozilla.org/security/2019/10/09/iterm2-critical-issue-moss-audit/

 

Eric Lawrence (of Fiddler fame) has a good writeup on Chrome's new direction for cookies:

https://textslashplain.com/2019/09/30/same-site-cookies-by-default/

 

And that's the news.

Comments are closed
Mastodon