Application Security This Week for March 24

Bruce has some thoughts on a well-circulated article suggesting that application security isn't that important after all.

https://www.schneier.com/blog/archives/2019/03/an_argument_tha.html

 

Solid analysis of SimBad, a rogue malware campaign that infiltrated the Google Play store.

https://research.checkpoint.com/simbad-a-rogue-adware-campaign-on-google-play/

 

Terrifying tool that creates a spoofed cert for any website and signs an executable for AV Evasion.

https://github.com/paranoidninja/CarbonCopy

 

More awesome research from Rapid7, on deserialization bugs.  A topic, as regular readers know, that is near and dear to my heart.

https://www.rapid7.com/research/report/exploiting-jsos/

 

And that's the news!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList