by Bill Sempf
19. July 2020 13:40
The Enterprise Security API for Java went to 2.2.1.0
https://github.com/ESAPI/esapi-java-legacy/blob/esapi-2.2.1.0/documentation/esapi4java-core-2.2.1.0-release-notes.txt
Microsoft's .NET Framework is getting rid of the Binary Formatter, erasing a significant security flaw
https://github.com/dotnet/designs/pull/141
Good writeup on pentesting GitHub source repos - a great place to find bugs in open source packages used by your apps
https://www.errno.fr/Attacking_source_repositories
Portswigger's Burp Suite now includes a pre-configured browser as part of community edition - a game changer if you are doing inhouse training or CTFs
https://portswigger.net/burp/releases/professional-community-2020-7
Unquestionably the funniest POC for an exploit I have ever seen in my life
https://github.com/tinkersec/cve-2020-1350
That's the news, folks. Hope everyone is well.
33a3e335-59a7-4b93-87e7-a811bd21c29f|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
AppSec