Application Security This Week for May 3

by Bill Sempf 3. May 2020 07:19

Really awesome article on automating application scanning with OWASP ZAP:

https://www.zaproxy.org/blog/2020-04-09-automate-security-testing-with-zap-and-github-actions/

 

Interesting model on how Chrome extensions can be used for man-in-the-middle attacks.

https://github.com/mandatoryprogrammer/cursedchrome

 

DLL Hijacking is one of those thick-client attacks that everyone dismisses, but they shouldn't.  This is why:

https://itm4n.github.io/windows-dll-hijacking-clarified/

 

Another information disclosure vulnerability - this time through the Referrer header.

https://www.theregister.co.uk/2020/04/30/email_http_leakage/

 

That's the news folks.  Hope everyone is healthy!

 

 

Tags:

Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

Mastodon