Application Security This Week for November 24

Github is starting SecurityLab.  It's part knowledge sharing, part secure coding, part bounty hunting, and it is pretty neat.

https://securitylab.github.com/

 

Stacey on IoT has a good writeup on device and container security citing this Trend Micro report

https://www.trendmicro.com/vinfo/us/security/research-and-analysis/predictions/2020

Subscribe to her newsletter!

https://staceyoniot.com/

 

TrustedSec, an infosec firm in Cleveland run by my friend Dave Kennedy, has open sourced their legal documentation for physical pentesting in order to try and prevent another Iowa.

https://github.com/trustedsec/physical-docs

Read more about why here

https://www.trustedsec.com/blog/a-message-of-support-coalfire-consultants-charged/

 

Cool writeup of a DOM clobbering vulnerability.  I think DOM XSS will become more of a thing as browsers get more and more power.

https://research.securitum.com/xss-in-amp4email-dom-clobbering/

 

That's the news!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList