Application Security This Week for January 26

You know that open S3 buckets are one of my pet peeves - well guess what.  Azure isn't any better.

https://www.zdnet.com/article/microsoft-discloses-security-breach-of-customer-support-database/

 

OWASP has launched their new web page based on GitHub. Controversial decision.  Starting to take shape, though.

https://owasp.org/

https://owasp.org/website/2020/01/15/website-migration-journey.html

 

Credential stuffing is rapidly becoming the appsec story of 2020. Check your users' passwords against the most common passwords list.

https://www.wired.com/story/disney-plus-hacks-credential-stuffing/

https://github.com/filtration/pullit

https://haveibeenpwned.com/Passwords

 

That's the news, folks.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList