Application Security This Week for November 29

by Bill Sempf 29. November 2020 14:47

Three tools this week.  Pretty cool.


Check your S3 Buckets permission:


Information Disclosure research requires OSInt.  Take a look at IntelOwl:


I might have reported on this before - it isn't new.  It is a purposefully vulnerable Android app, for practice purposes:


Hope everyone had a good and safe thanksgiving.



Application Security This Week for November 22

by Bill Sempf 22. November 2020 14:06

Troy Hunt has another one of his awesome data breach breakdowns.  Lots to be learned here.

Troy Hunt: Inside the Cit0Day Breach Collection


Awesome paper on unwanted app distribution on Android.

2010.10088.pdf (


In the department of information disclosure department, we have a Go project that will look for URLs exposed by shortner services like

utkusen/urlhunter: a recon tool that allows searching on URLs that are exposed via shortener services (


Have a great thanksgiving!


Application Security This Week for November 15

by Bill Sempf 15. November 2020 13:12

Portswigger has a really nice new release - update now! Community and pro.


OWASP ZAP has a fantastic new plugin to help test SPAs and the like.


Everything old is new again.  DNS Cache Poisoning is back.


That's the news!


Application Security This Week for November 8

by Bill Sempf 8. November 2020 14:59

Compass Security built a really nice Burp plugin that helps with the reporting of findings by copying the request and response pair from various tools.


Container Security is all the rage.  Here is a good primer.


Random vulnerability names ... so hawt right now.


One of the Big 4 consulting/audit firms helpfully built a "test your Hacker IQ" quiz that exposes the DB username and password.


I have written in this humble publication many times about my disdain over cryptic TLS vulnerabilities (pun intended) and now Let's Encrypt is going to cut off 30% of Android devices.


That's the news, folks.


Application Security This Week for November 1

by Bill Sempf 1. November 2020 11:51

Not a lot going on this week.  Almost as if everyone has something else to think about.


Get your debugger on.  Good two parter on getting your feet wet with a little close-to-the-metal code.


For the bounty hunters - Harvard publicked a guide to the legal risk involved in bug hunting.


Writing Go code? Here's a new fuzzer for your Go apps.


That's the news folks. Have a great week!



Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites