Application Security This Week for July 19

The Enterprise Security API for Java went to 2.2.1.0

https://github.com/ESAPI/esapi-java-legacy/blob/esapi-2.2.1.0/documentation/esapi4java-core-2.2.1.0-release-notes.txt

 

Microsoft's .NET Framework is getting rid of the Binary Formatter, erasing a significant security flaw

https://github.com/dotnet/designs/pull/141

 

Good writeup on pentesting GitHub source repos - a great place to find bugs in open source packages used by your apps

https://www.errno.fr/Attacking_source_repositories

 

Portswigger's Burp Suite now includes a pre-configured browser as part of community edition - a game changer if you are doing inhouse training or CTFs

https://portswigger.net/burp/releases/professional-community-2020-7

 

Unquestionably the funniest POC for an exploit I have ever seen in my life

https://github.com/tinkersec/cve-2020-1350

 

That's the news, folks.  Hope everyone is well.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList