by Bill Sempf
26. July 2020 06:37
They dropped Open Redirection from the OWASP Top 10 but, like CSRF, it is still out there. Here is a neat tool to help find it.
https://github.com/0xNanda/Oralyzer
FireEye has a neat new toolset to crowdshare malware patterns. I haven't dug into this yet, but I am fascinated. Malware isn't my thing - I am a web guy - but this is a cool idea.
https://www.fireeye.com/blog/threat-research/2020/07/capa-automatically-identify-malware-capabilities.html
Microsoft has started killing off TLS 1.0 and 1.1 really for real this time. Really. Interesting take, because in poorer countries who are still using old Android and iOS devices are effectively losing access to the tools. Acceptable losses? Seems so.
https://docs.microsoft.com/en-us/microsoft-365/compliance/tls-1.0-and-1.1-deprecation-for-office-365?view=o365-worldwide
Gotta love a sanitizer bypass in ... a sanitizer tool.
https://research.securitum.com/html-sanitization-bypass-in-ruby-sanitize-5-2-1/
That's the news. Hope everyone is well.
ea0417e9-629c-44c4-a23a-a03ece4c6f1f|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
Subscribe