Once a week or so, someone calls and asks for OWASP Top 10 testing. I have to make the call on...
Read More
An astonishingly well-written article by Google Project Zero on a vulnerability in iPhone's proximit...
Read More
Back in 2018, I wrote about Insecure Binary Deserialization, and I'd like to give an update. Origina...
Read More
Three tools this week. Pretty cool.
Check your S3 Buckets permission:
https://github.co...
Read More
Troy Hunt has another one of his awesome data breach breakdowns. Lots to be learned here.
Troy...
Read More
Portswigger has a really nice new release - update now! Community and pro.
https://portswigger.net/b...
Read More
Compass Security built a really nice Burp plugin that helps with the reporting of findings by copyin...
Read More
Not a lot going on this week. Almost as if everyone has something else to think about.
...
Read More
Microsoft has created the Adversarial ML Threat Matrix. If you are in Machine Learning, it is certai...
Read More
Great explainer on using OWASP ZAP, instead of DotDotPwn, for directory traversal attacks. I h...
Read More
Totally forgot to do this last week, sorry.
Telerik released Fiddler Everywhere
https://www.t...
Read More
A list of Capture The Flags that are on now or forever!
https://captf.com/practice-ctf/
The s...
Read More