Application Security This Week for April 18

Pwn2Own had some interesting browser vulnerability results:

https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results

 

Reddit (A social network) has started a bug bounty program:

https://www.reddit.com/r/redditsecurity/comments/mqse9a/announcing_reddits_public_bug_bounty_program/?sort=qa

I am user #63 on that site, and thee oldest active member who isn't an admin, so I might give it a shot.

 

A good person wrote a list for semgrep that searches for secrets in public repos (or really any code) using some really well written filters.  Check it out:

https://r2c.dev/blog/2021/dont-leak-your-secrets/

 

Hope everyone has a secure week!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList