Application Security This Week for January 31

by Bill Sempf 31. January 2021 13:26

Using Machine Learning to perfect SQL Injection

And some practical application of that idea


Didier has a new PDF tool out.  I haven't used it yet but I am certain it is awesome.


OK, this is a weird one.  It appears that threat actors are using project files with built-in vulnerabilities to target the vulnerability researchers themselves, apparently to steal their research.  That's some next level stuff.


Application Security This Week for January 24th

by Bill Sempf 24. January 2021 12:58

A very Interesting list of exploitable "features" in PDFs.


There have been a lot of attacks on Azure's authentication system recently - some of which were even in this newsletter.  Sparrow helps you smoke out vulnerable instances.


Didier has been a regular in this newsletter, and he has updated his tool to support more encoding. Very cool stuff.


Have your kids test your apps.


Stay safe out there.


Application Security This Week for January 17

by Bill Sempf 17. January 2021 12:36

Breakdown of a malicious app that man-in-the-middled the Google Signin.


Good Wired article about tools the fibby uses to get around smartphone encryption.


Oh man, cross-origin images and data leakage.  Certainly adding this to my manual testing.


This has been patched, but a really good explainer on how the RCE in Office 365 was discovered.


Using game hacking to explain the danger of unsigned code.


Have a great week folks!


Application Security This Week for January 10

by Bill Sempf 10. January 2021 13:02

Hey, welcome back from holidays.  Quite a week it has been.


Portswigger has a really good writeup of OAUTH 2 vulnerabilities.


This isn't so much appsec, but it is really interesting code that hacks a game - Cyberpunk 2077 minigame resolver.


SolarWinds just keeps on giving.


Keep on keeping on, folks.


Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites