Application Security Weekly for March 25

HSTS tracking beats even incognito mode in browsers, and it more and more often used by advertisers.  In the most recent edition of OSX, Safari has two mitigations in place for this issue.  Let's hope other browsers follow suit shortly.

https://thehackernews.com/2018/03/hsts-supercookie-tracking.html

 

Here's a really good writeup by as researcher that discovered an XML External Entity vulnerability in Windows Remote Assistance.

https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/

 

Dropbox and Netflix join the growing group of large technology organizations promising not to sue white hat security researchers.

https://www.theregister.co.uk/AMP/2018/03/22/netflix_bounty_dropbox_promise/

 

Here's another application vulnerability analysis procedure, well written and organized.

https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/

Add comment

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

 

 

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList