Application Security This Week for December 1

Fortinet is communicating with static keys and a simple XOR.  Whoops.

https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/

 

An Android gif library has an interesting vulnerability that will affect many application.

https://seclists.org/fulldisclosure/2019/Nov/27

 

An OWASP member made a neat ZAP plugin that helps to attack deployed Kubernetes applications.

https://github.com/omerlh/zap-operator

 

Hope everyone had a great thanksgiving.

S

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList