Application Security This Week for February 28

by Bill Sempf 28. February 2021 13:23

Portswigger published their Top 10 Hacking Techniques for 2020.

https://portswigger.net/research/top-10-web-hacking-techniques-of-2020

 

Vulnerabilities in malware!

https://malvuln.com/advisory/4932471df98b0e94db076f2b1c0339bd.txt

 

Github is doubling down on security tools, which I think is awesome.

https://venturebeat.com/2021/02/26/github-cso-pledges-more-security-tools-features-for-developers/amp/

 

Have a great week!

Tags:

Application Security This Week for February 21

by Bill Sempf 21. February 2021 14:48

Microsoft has some guidance for containers using .NET

https://devblogs.microsoft.com/dotnet/staying-safe-with-dotnet-containers/

 

Another interesting dependency management tool, but this one if for Python!

https://github.com/visma-prodsec/confused

 

AWS isn't the only cloud that has blob storage permission problems.

https://github.com/cyberark/BlobHunter

 

Have a good week!

Tags:

Application Security This Week Valentines Day edition

by Bill Sempf 14. February 2021 12:45

Apparently I failed to publish last week. Sorry about that.

 

Rolling shellcode from objects in memory.

https://github.com/paranoidninja/PIC-Get-Privileges

 

The Swiss say they can break encryption using quantum computing.

https://www.bloomberg.com/amp/news/articles/2021-02-07/a-swiss-company-says-it-found-weakness-that-imperils-encryption?__twitter_impression=true

 

Remember how everyone has been warning about internet-connected industrial control systems?  Whelp.

https://www.tampabay.com/news/pinellas/2021/02/08/someone-tried-to-poison-oldsmars-water-supply-during-hack-sheriff-says/

 

Look, more supply chain attacks!

https://thehackernews.com/2021/02/dependency-confusion-supply-chain.html

In related news, I'll be speaking on the topic at the Cincinnati Security Users Group on Thursday

https://www.meetup.com/TechLife-Cincinnati/events/hjjlrryccdbxb/

 

Oh look!  Another one!  We might have a trend here.

https://www.bleepingcomputer.com/news/security/researcher-hacks-over-35-tech-firms-in-novel-supply-chain-attack/

 

 

Tags:

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

Mastodon