Application Security This Week for November 10

Microsoft has a really good article on using a semantic query language to find exploitable DOM XSS findings. Honestly the whole series is recommended, but the DOM XSS one here is particularly good.

https://msrc-blog.microsoft.com/2018/08/16/vulnerability-hunting-with-semmle-ql-part-1/

 

Google Project Zero revealed a UAF bug in Android a bit ago, and here is an awesome analysis of how it happened.  Good reading for mobile devs especially, but I certainly learned stuff too.

https://dayzerosec.com/posts/analyzing-androids-cve-2019-2215-dev-binder-uaf/

 

In continuing supply chain news, Armor has a good article on Managed Service Providers being a strong candidate for Malware Distributers of the Year.

https://www.armor.com/reports/new-msps-compromised-reports-armor/

 

That's the news!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList