Application Security This Week for January 19

Good Twitter thread on JavaScript based redirection and Cross-site Scripting.

https://twitter.com/hakluke/status/1216524131421655041

 

I use Burp Suite for a lot of my testing (though I do love ZAP as well).  Here is their roadmap for the next year or so.

https://portswigger.net/blog/burp-suite-roadmap-for-2020

 

You have probably heard that Microsoft's CryptoAPI has a bug.  The US Government has a good writeup.

https://www.us-cert.gov/ncas/alerts/aa20-014a

 

Speaking of governments, the UK cybercommand has a really creat article on security antipatterns.

https://www.ncsc.gov.uk/whitepaper/security-architecture-anti-patterns

 

And finally: SHA-1 is now proveably broken.  Time to move on from it as a session identifier.

https://eprint.iacr.org/2020/014.pdf

 

That's the news, folks.

Comments are closed

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList