Application Security This Week for May 3

Really awesome article on automating application scanning with OWASP ZAP:

https://www.zaproxy.org/blog/2020-04-09-automate-security-testing-with-zap-and-github-actions/

 

Interesting model on how Chrome extensions can be used for man-in-the-middle attacks.

https://github.com/mandatoryprogrammer/cursedchrome

 

DLL Hijacking is one of those thick-client attacks that everyone dismisses, but they shouldn't.  This is why:

https://itm4n.github.io/windows-dll-hijacking-clarified/

 

Another information disclosure vulnerability - this time through the Referrer header.

https://www.theregister.co.uk/2020/04/30/email_http_leakage/

 

That's the news folks.  Hope everyone is healthy!

 

 

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList