Application Security This Week for July 12

Big news this week was the F5 zero day, of course, but on the application side you should review the code for the exploit, which is public.  I am not gonna link it here but y'all can google.  DO NOT run this on your corporate machines, use your test box and a VM, and just look.  Here is a link to the CVE:

https://us-cert.cisa.gov/ncas/current-activity/2020/07/04/f5-releases-security-advisory-big-ip-tmui-rce-vulnerability-cve

 

Bestill my heart, an API driven HTTP server. Haven't played with it yet but I looks super sexy.

https://httpie.org/

 

Common thread on this newsletter - DNS is dangerous.  Review your records.

https://www.theregister.com/2020/07/07/microsoft_azure_takeovers/

 

Very nice collection of testing scripts - well worth the clone and the hour it takes to learn to use them. I'm integrating them into my test scenarios.

https://github.com/wintrmvte/Citadel

 

That's the news, folks!

 

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList