Application Security This Week for March 3

A new tool for finding malicious JavaScript and securely using external libraries.

https://blog.focal-point.com/a-new-tool-for-finding-malicious-javascript-and-securely-using-external-libraries

 

Acunetix has it's annual report out.  Gotta give them your dox though, sorry.

https://www.acunetix.com/acunetix-web-application-vulnerability-report/?utm_source=hacktools&utm_campaign=security&utm_medium=content

 

Portswigger has their annual report out too.  You do NOT need to give them your dox.  Just sayin.

https://portswigger.net/blog/top-10-web-hacking-techniques-of-2018

 

Really cool video that shows the non-FUD dangers of digital exploitation, without using a single website, computer, or black hoodie.

https://www.grahamcluley.com/cybersecurity-video-no-computers/

 

New Google Translate exploit. Funny, because I used Google Translate as a counter-example in my REST security talk.

https://github.com/ljmf00/google-translate-exploit

 

Universal RCE with Ruby YAML.load()

https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/

 

And that's the news!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList