Application Security This Week for October 25

Microsoft has created the Adversarial ML Threat Matrix. If you are in Machine Learning, it is certainly worth a look.

https://www.microsoft.com/security/blog/2020/10/22/cyberattacks-against-machine-learning-systems-are-more-common-than-you-think/

 

Fuzzilli is a JS fuzzing library that allows you to write fuzzing patterns in a custom interpreted language to generate errors, find injection points, and do other useful things.

https://www.darknet.org.uk/2020/10/fuzzilli-javascript-engine-fuzzing-library/

 

Hijacking DNS is one of my biggest worries because it slips between the cracks of appsec and devops.

https://github.com/SuperFola/DoNotSend

 

FinalRecon is a recently updated web recon tool. I haven't tried it yet but I'm gonna.

https://github.com/thewhiteh4t/FinalRecon

 

Good writeup on the recent RCE bug patched in Discord.

https://mksben.l0.cm/2020/10/discord-desktop-rce.html?m=1

 

CORS is new (ish) and this is a great breakdown on hacking it from a knowledge perspective.

https://medium.com/bugbountywriteup/hacking-http-cors-from-inside-out-512cb125c528

 

Have a great week everyone.

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList