Application Security This Week for December 16

The House oversight report on Equifax is out, and it is a doosy.  Ouch.

https://techcrunch.com/2018/12/10/equifax-breach-preventable-house-oversight-report/

Here's a good Twitter thread on it, unrolled

https://threadreaderapp.com/thread/1072319618352627714.html

 

XXE was added to the OWASP Top 10 and some scoffed.  Read this before you blow it off.

https://www.honoki.net/2018/12/from-blind-xxe-to-root-level-file-read-access/

 

OAuth is a thing, and deserves more research.  If Twitter can screw it up, anyone can.

https://shkspr.mobi/blog/2018/12/twitter-bug-bounty/

 

Wordpress 5 got a security release.  Get your hax in while you can.

https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/

 

So SMS based two factor auth is better than NOTHING, but not much.

https://arstechnica.com/information-technology/2018/12/iranian-phishers-bypass-2fa-protections-offered-by-yahoo-mail-and-gmail/

 

That's the news, folks.

 

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList