Application Security This Week for July 21

Awesome paper presented in France covering XXE - really good research.  Worth a read.

https://www.gosecure.net/blog/2019/07/16/automating-local-dtd-discovery-for-xxe-exploitation

 

Those who have taken my training know how I talk about protecting the soft meaty middle - well, Slack is proving that user accounts are the gift that keeps on giving.  They reset passwords - from a breach 4 years ago.  

https://thehackernews.com/2019/07/slack-password-data-breach.html

https://www.theregister.co.uk/2019/07/19/2015_database_hack_slack/

 

Really neat tool for hooking executables in Windows.  I tried it, it's super neat.  

https://github.com/everdox/InfinityHook

 

Here's an I-wish-it-was-an-OWASP-project example.  Tons of research on Command injection.

https://hackersonlineclub.com/command-injection-cheatsheet/

 

That's the news folks.  Stay safe out there.

Comments are closed
Mastodon