Application Security This Week for August 16

Microsoft pushed a change to ASP.NET for a DoS vulnerability.  Not only should you patch, but looking at the change control is worth your time.

https://github.com/aspnet/Announcements/issues/431

 

Speaking of .NET, Adam Chester has an awesome article about the debugger that is worth a look.

https://blog.xpnsec.com/debugging-into-net/

 

Sonatype has their annual report on the Software Supply Chain ready, which is a topic near and dear to my heart. You have to give them your email, but it is worth it.

https://www.sonatype.com/2020ssc

I spoke to the .NET Dev Group in Columbus about this topic in March and it got a little spicy.

https://www.youtube.com/watch?v=KWt0Brcc2Ag

 

 Finally, here is another good analysis paper on the application security development lifecycle.

https://www.veracode.com/sites/default/files/pdf/resources/surveyreports/esg-modern-application-development-security-veracode-survey-report.pdf

 

Stay safe and well.

S

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList