Application Security This Week for November 11

Happy Veterans Day. Please make sure that this isn't the only day of the year that you take the time to do something for a veteran in your life.

 

The OWASP Top 10 project has added the Serverless Application Top 10 to the collection.

https://github.com/OWASP/Serverless-Top-10-Project/

 

Here's a good analysis of a live example of an Android banking trojan.

https://lukasstefanko.com/2018/11/video-analysis-of-android-banking-trojan-found-on-google-play.html

 

A malicious FaceTime caller can cause a kernal panic in some devices.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1641

 

Squally is a purposefully vulnerable video game to teach hacking of games.  Neat idea.

https://squallygame.com/

 

Struts has yet another RCE bug.

https://www.theregister.co.uk/2018/11/07/flaw_in_apache_struts/

 

There is a XSS bug in Evernote!

https://securityaffairs.co/wordpress/77789/hacking/evernote-xss-flaw.html

 

And that's the news.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList