Bill Sempf

May 30, 2018

Update git. It has an RCE vulnerability

There is a new version of git, including for Windows, including VSTS, that you should move to immedi...

May 27, 2018

Application Security Weekly for May 27

Portswigger (who builds Burp Suite) has a great article about finding vulnerabilities in bug bounty...

May 20, 2018

Welcome to BlogEngine.NET

If you see this post it means that BlogEngine.NET is running and the hard part of creating your own blog is done. There is only a few things left to do....

May 20, 2018

Application Security Weekly for May 20

Pretty big encryption news this week. A well known flaw in HTML emails that are encrypted with...

May 13, 2018

Application Security Weekly for May 13

Thousands of Companies Are Still Downloading the Vulnerability That Wrecked Equifax http://fortune.c...

May 11, 2018

Telling Developers About Vulnerabilities Isn't Enough

To many security firms, a web application vulnerability assessment is a list of confirmed exploitabl...

May 06, 2018

Application Security Weekly for May 6

Good intro to fingerprinting web servers. This has been codified in the past but the tools are...

May 03, 2018

Base64 is not encryption

I posted a silly tweet after finding a vulnerability in an Android app the other day. It grew...

Apr 29, 2018

Application Security Weekly for April 29

My favorite thing this week, how HTTPS works, via a cartoon of cats. https://howhttps.works/ ...

Apr 22, 2018

Application security weekly for April 22

More news than usual today. There is a new WebLogic RCE. I'll be adding it to Nikto this week...

Apr 15, 2018

Application Security Weekly for April 15

The Verizon Data Breach Investigations Report is out. It's a good read. https://www.verizonenterpris...

Apr 09, 2018

Some neat events I'll be participating in this spring

There are some neat developer and security events this spring that I'll be speaking at or otherwise...

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

2025
- March (1)
- February (1)
2024
- November (1)
- April (1)
- March (2)
- February (2)
2022
- June (1)
- April (1)
- March (1)
- February (1)
2021
- April (3)
- March (3)
- February (3)
- January (4)
2020
- December (5)
- November (5)
- October (3)
- September (4)
- August (5)
- July (4)
- June (5)
- May (6)
- April (3)
- March (5)
- February (4)
- January (5)
2019
- December (5)
- November (4)
- October (4)
- September (3)
- August (5)
- July (4)
- June (4)
- May (2)
- April (4)
- March (6)
- February (3)
- January (3)
2018
- December (5)
- November (4)
- October (3)
- September (3)
- August (4)
- July (6)
- June (5)
- May (8)
- April (7)
- March (2)
- January (1)
2017
- December (1)
- November (2)
- October (1)
- September (2)
- June (2)
2016
- January (1)
2015
- December (6)
- September (2)
- August (1)
- July (1)
- March (1)
- January (1)
2014
- October (1)
- September (3)
- August (2)
- July (1)
- March (2)
- January (3)
2013
- December (2)
- November (1)
- October (2)
- May (1)
- April (1)
- March (2)
- January (1)
2012
- December (1)
- August (1)
- July (6)
- June (1)
- May (2)
- April (1)
- March (3)
- February (2)
- January (1)
2011
- December (1)
- November (1)
- October (4)
- September (2)
- August (1)
- June (1)
- May (1)
- April (2)
- March (1)
- February (1)
- January (3)
2010
- November (1)
- October (2)
- September (6)
- August (8)
- June (5)
- May (1)
- April (4)
- March (4)
- February (5)
- January (4)
2009
- December (2)
- November (3)
- October (4)
- September (4)
- August (2)
- July (3)
- June (6)
- May (2)
- March (1)
- February (4)
2008
- November (2)
- October (1)
- August (1)
- July (1)
- June (2)
- May (2)
- April (2)
- February (2)
- January (1)
2007
- September (1)
- July (6)
- June (4)
2006
- November (3)
- October (1)
- June (2)
- May (2)
- April (2)
- March (1)
2005
- September (1)
- August (2)

Mastodon