Application Security This Week for January 19

Good Twitter thread on JavaScript based redirection and Cross-site Scripting.

https://twitter.com/hakluke/status/1216524131421655041

 

I use Burp Suite for a lot of my testing (though I do love ZAP as well).  Here is their roadmap for the next year or so.

https://portswigger.net/blog/burp-suite-roadmap-for-2020

 

You have probably heard that Microsoft's CryptoAPI has a bug.  The US Government has a good writeup.

https://www.us-cert.gov/ncas/alerts/aa20-014a

 

Speaking of governments, the UK cybercommand has a really creat article on security antipatterns.

https://www.ncsc.gov.uk/whitepaper/security-architecture-anti-patterns

 

And finally: SHA-1 is now proveably broken.  Time to move on from it as a session identifier.

https://eprint.iacr.org/2020/014.pdf

 

That's the news, folks.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList