AppSec

Application Security This Week for October 6

This is a blog entirely dedicated to security analysis of mobine apps.  No idea who writes it but it is good.

https://theappanalyst.com/

 

Neat writeup on going from SQL Injection to Remote Code Execution.

https://medium.com/bugbountywriteup/sql-injection-to-lfi-to-rce-536bed29a862

 

I've been on a PHP project recently, and I learned about this cool tool to bypass disable_functions.

https://github.com/mm0r1/exploits/tree/master/php7-gc-bypass

 

Speaking of PHP, the statis code analysis tool I learned to use was Exakat.  Steep learning curve but unbelievable reports.  And open source!

https://github.com/exakat/exakat

 

That's the news, folks.

 

Comments are closed
Mastodon