Application Security This Week for June 21

Happy Father's Day!

 

Sn1per is not new, but has some updates, and is with adding to your vulnerability assessment routine, or even your SSDLC CICD process

https://github.com/1N3/Sn1per

 

Seeker is a cool social engineering tool that makes it easy to collect geopositioning from users.  This blog isn't about SE, but they used some neat programming tactics and it is worth a look.

https://github.com/thewhiteh4t/seeker

 

"There are 14 people with this item in their cart" is probably a lie.  Press F12 and see for yourself! Might be worth a look.

https://medium.com/dev-genius/are-14-people-currently-looking-at-this-product-e7fe8412f16b

 

ProxyJump lets you pivot from one SSH host to another.  It's pretty neat.

https://medium.com/maverislabs/proxyjump-the-ssh-option-you-probably-never-heard-of-2d7e41d43464

 

Cool new XSS vulnerability in Angular.  Update your framework!

https://securitylab.github.com/advisories/GHSL-2020-099-mxss-angular

 

One of the "ilities" of application security is "availability".  The Dark Tangent (Jeff Moss, founder of DefCon) is using this tool for stress testing the new forums.

https://www.paessler.com/tools/webstress/sample_performance_tests

 

Have a great week everyone.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList