Application Security This Week for July 12

by Bill Sempf 12. July 2020 12:13

Big news this week was the F5 zero day, of course, but on the application side you should review the code for the exploit, which is public.  I am not gonna link it here but y'all can google.  DO NOT run this on your corporate machines, use your test box and a VM, and just look.  Here is a link to the CVE:

https://us-cert.cisa.gov/ncas/current-activity/2020/07/04/f5-releases-security-advisory-big-ip-tmui-rce-vulnerability-cve

 

Bestill my heart, an API driven HTTP server. Haven't played with it yet but I looks super sexy.

https://httpie.org/

 

Common thread on this newsletter - DNS is dangerous.  Review your records.

https://www.theregister.com/2020/07/07/microsoft_azure_takeovers/

 

Very nice collection of testing scripts - well worth the clone and the hour it takes to learn to use them. I'm integrating them into my test scenarios.

https://github.com/wintrmvte/Citadel

 

That's the news, folks!

 

Tags:

Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

Mastodon