Christian Pedersen wrote a cool scanner for the Netscaler Gateway flaw, and is hosting it on Azure.&...

Simon Bennetts reminds me that OWASP ZAP also has a shiny new web presence, and an upgraded executab...

You know that open S3 buckets are one of my pet peeves - well guess what.  Azure isn't any...

Good Twitter thread on JavaScript based redirection and Cross-site Scripting. https://twitter.com/ha...

Austin Schertz won the CodeMash CTF this year, and he dropped off his answers to all 19 challenges.&...

Post-CodeMash edition!   The Government of Gibraltar had a SQL Injection vulnerability in the s...

Pre-CodeMash Edition!   Adam Caudill is a personal friend of mine and has forgotten more about...

It's the holiday edition!  No I'm kidding it's the same stuff as usual.  Sorry.   App...

Hope everyone has a good holiday.   You probably heard that the Russian offices of ngnix were r...

Nice writup that explains a pivot from and iPhone app all the way through to domain access via chain...

My favorite thing this week: SwiftOnSecurity accidentally dropped a Confluence 0-day on Twitter.&nbs...

Fortinet is communicating with static keys and a simple XOR.  Whoops. https://sec-consult.com/e...