Application Security This Week for July 21

Awesome paper presented in France covering XXE - really good research.  Worth a read.

https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation

 

Those who have taken my training know how I talk about protecting the soft meaty middle - well, Slack is proving that user accounts are the gift that keeps on giving.  They reset passwords - from a breach 4 years ago.  

https://thehackernews.com/2019/07/slack-password-data-breach.html

https://www.theregister.co.uk/2019/07/19/2015_database_hack_slack/

 

Really neat tool for hooking executables in Windows.  I tried it, it's super neat.  

https://github.com/everdox/InfinityHook

 

Here's an I-wish-it-was-an-OWASP-project example.  Tons of research on Command injection.

https://hackersonlineclub.com/command-injection-cheatsheet/

 

That's the news folks.  Stay safe out there.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList