Application Security This Week for September 6

Cool 10,000 foot overview of web application vulnerability assessment.  Clearly written and concise.

https://www.codementor.io/@seanhiggins550/the-ins-and-outs-of-penetration-testing-for-web-apps-19jhhqsexo

 

A really well thought through attack on HTML sanitizers.

https://research.securitum.com/prototype-pollution-and-bypassing-client-side-html-sanitizers/

 

El Reg has a good article on spear-phishing developers to get access to back end tools.  This is why the vulnerability analysts tell you to decommission old test systems.

https://www.theregister.com/2020/09/04/disclosure_developer_targeting/

 

Nice into to blind SQL injection.

http://www.mannulinux.org/2020/09/sql-injection-filter-bypass-to-perform.html?m=1

 

That's the news, folks.  Have a good Labor Day!

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList