Application Security This Week for June 21

by Bill Sempf 21. June 2020 20:45

Happy Father's Day!

 

Sn1per is not new, but has some updates, and is with adding to your vulnerability assessment routine, or even your SSDLC CICD process

https://github.com/1N3/Sn1per

 

Seeker is a cool social engineering tool that makes it easy to collect geopositioning from users.  This blog isn't about SE, but they used some neat programming tactics and it is worth a look.

https://github.com/thewhiteh4t/seeker

 

"There are 14 people with this item in their cart" is probably a lie.  Press F12 and see for yourself! Might be worth a look.

https://medium.com/dev-genius/are-14-people-currently-looking-at-this-product-e7fe8412f16b

 

ProxyJump lets you pivot from one SSH host to another.  It's pretty neat.

https://medium.com/maverislabs/proxyjump-the-ssh-option-you-probably-never-heard-of-2d7e41d43464

 

Cool new XSS vulnerability in Angular.  Update your framework!

https://securitylab.github.com/advisories/GHSL-2020-099-mxss-angular

 

One of the "ilities" of application security is "availability".  The Dark Tangent (Jeff Moss, founder of DefCon) is using this tool for stress testing the new forums.

https://www.paessler.com/tools/webstress/sample_performance_tests

 

Have a great week everyone.

Tags:

Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

Mastodon