Application Security Weekly for March 25

HSTS tracking beats even incognito mode in browsers, and it more and more often used by advertisers.  In the most recent edition of OSX, Safari has two mitigations in place for this issue.  Let's hope other browsers follow suit shortly.

https://thehackernews.com/2018/03/hsts-supercookie-tracking.html

 

Here's a really good writeup by as researcher that discovered an XML External Entity vulnerability in Windows Remote Assistance.

https://krbtgt.pw/windows-remote-assistance-xxe-vulnerability/

 

Dropbox and Netflix join the growing group of large technology organizations promising not to sue white hat security researchers.

https://www.theregister.co.uk/AMP/2018/03/22/netflix_bounty_dropbox_promise/

 

Here's another application vulnerability analysis procedure, well written and organized.

https://jdow.io/blog/2018/03/18/web-application-penetration-testing-methodology/

Comments are closed
Mastodon