Application Security This Week for July 19

by Bill Sempf 19. July 2020 13:40

The Enterprise Security API for Java went to 2.2.1.0

https://github.com/ESAPI/esapi-java-legacy/blob/esapi-2.2.1.0/documentation/esapi4java-core-2.2.1.0-release-notes.txt

 

Microsoft's .NET Framework is getting rid of the Binary Formatter, erasing a significant security flaw

https://github.com/dotnet/designs/pull/141

 

Good writeup on pentesting GitHub source repos - a great place to find bugs in open source packages used by your apps

https://www.errno.fr/Attacking_source_repositories

 

Portswigger's Burp Suite now includes a pre-configured browser as part of community edition - a game changer if you are doing inhouse training or CTFs

https://portswigger.net/burp/releases/professional-community-2020-7

 

Unquestionably the funniest POC for an exploit I have ever seen in my life

https://github.com/tinkersec/cve-2020-1350

 

That's the news, folks.  Hope everyone is well.

Tags:

AppSec

E-Mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0)
Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

PageList

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

TagCloud

Mastodon