Application Security This Week for December 22

Hope everyone has a good holiday.

 

You probably heard that the Russian offices of ngnix were raided by the government.  F5 is doing a code review.

https://www.msn.com/en-us/news/technology/f5-networks-secures-ngnix-software-builds-as-precaution-after-visit-from-russian-law-enforcement/ar-BBY357u?ocid=ARWLCHR

 

Solid research on privilege escalation in Amazon Web Services.  Very real problem.

https://know.bishopfox.com/research/privilege-escalation-in-aws

 

Do you want to bone up on real world appsec skills over the week?  I recommend the PortSwigger Web Academy.

https://portswigger.net/web-security

 

That's the news.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList