Application Security This Week for January 31

Using Machine Learning to perfect SQL Injection

https://portswigger.net/daily-swig/machine-learning-offers-fresh-approach-to-tackling-sql-injection-vulnerabilities

And some practical application of that idea

https://research.nccgroup.com/2019/06/05/project-ava-on-the-matter-of-using-machine-learning-for-web-application-security-testing-part-1-understanding-the-basics-and-what-platforms-and-frameworks-are-available/

 

Didier has a new PDF tool out.  I haven't used it yet but I am certain it is awesome.

https://blog.didierstevens.com/2021/01/31/new-tool-pdftool-py/

 

OK, this is a weird one.  It appears that threat actors are using project files with built-in vulnerabilities to target the vulnerability researchers themselves, apparently to steal their research.  That's some next level stuff.

https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/amp/

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList