Application Security This Week for July 28

It's 1994 again! Encryption is on the table for law enforcement. Be ready for entry in the back door soon.

https://www.theregister.co.uk/2019/07/23/us_encryption_backdoor/

If you want to read about the LAST time we tried this, I recommend Matt Curtin's book Brute Force.

https://www.amazon.com/Brute-Force-Cracking-Encryption-Standard/dp/1441918957

 

Very good analysis of the XML eXternal Entity (XXE) attack.

https://www.synack.com/blog/a-deep-dive-into-xxe-injection/

 

Gitlab's Global Developer Report has some interesting security insights.

https://learn.gitlab.com/c/2019-global-develope

 

If you write mobile apps, and your vulnerability assessment mentions "a third party malicious app could exploit this" pay attention to it.  It's really happening in the wild.

https://www.infosecurity-magazine.com/news/uptick-in-ransomware-mobile/

 

That's the news!

 

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList