Application Security This Week for August 26

Big, big news out of Portswigger this week.  I'm a huge fan of OWASP ZAP, and use it daily, but this is a major uptick in web analysis tools.

A new API for Burp Suite (something ZAP has had for years) https://portswigger.net/blog/burps-new-rest-api

The introduction of 2.0 https://portswigger.net/blog/burp-suite-2-0-beta-now-available

And finally the introduction of Enterprise Edition, which effectively adds scalibility https://portswigger.net/blog/burp-suite-enterprise-edition

Really solid week of announcements.

 

In other news, AppSec consulting hits it out of the park again with advice on securing third-party JavaScript.

https://www.appsecconsulting.com/blog/securing-third-party-javascript

 

A major flaw was found in GhostScript.  If you are parsing document formats like PDF or XPS, get your patch on!

https://www.kb.cert.org/vuls/id/332928

 

Another Struts RCE vulnerability.  "I'm shocked!" said nobody, ever.

https://cwiki.apache.org/confluence/display/WW/S2-057

 

Bitdefender published a whitepaper on the next phase of Android malware, and it is worth a read.

https://www.bitdefender.com/files/News/CaseStudies/study/234/Bitdefender-Whitepaper-Triout-The-Malware-Framework-for-Android-That-Packs-Potent-Spyware-Capabilities.pdf

 

And that's the news!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList