Application Security This Week for July 26

by Bill Sempf 26. July 2020 06:37

They dropped Open Redirection from the OWASP Top 10 but, like CSRF, it is still out there. Here is a neat tool to help find it.

https://github.com/0xNanda/Oralyzer

 

FireEye has a neat new toolset to crowdshare malware patterns.  I haven't dug into this yet, but I am fascinated.  Malware isn't my thing - I am a web guy - but this is a cool idea.

https://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-identify-malware-capabilities.html

 

Microsoft has started killing off TLS 1.0 and 1.1 really for real this time.  Really.  Interesting take, because in poorer countries who are still using old Android and iOS devices are effectively losing access to the tools.  Acceptable losses? Seems so.

https://docs.microsoft.com/en-us/microsoft-365/compliance/tls-1.0-and-1.1-deprecation-for-office-365?view=o365-worldwide

 

Gotta love a sanitizer bypass in ... a sanitizer tool.

https://research.securitum.com/html-sanitization-bypass-in-ruby-sanitize-5-2-1/

 

That's the news.  Hope everyone is well.

 

Tags:

Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

Mastodon