Application Security This Week for April 28

Another Weblogic deserialization bug.

https://securityaffairs.co/wordpress/84450/breaking-news/oracle-weblogic-zeroday.html

I have a PR in for Nikto for it

https://github.com/sullo/nikto/pull/607

 

A reminder that application security is more than SQL Injection: good analysis of the bugs that caused the 737 Max wrecks. I had to drop it in Pastebin because IEEE put it behind the paywall.

https://pastebin.com/QEiKvvMM

 

Using Git dotfiles to bypass authentication.

https://blog.assetnote.io/bug-bounty/2019/04/23/getting-access-zendesk-gcp/

 

ZDNet, of all places, has a really good, plain language explainer of credential stuffing.

https://www.zdnet.com/article/an-inside-look-at-how-credential-stuffing-operations-work/

 

Little more on the dev side - 10 articles reviewed about using Python in machine learning.

https://hackernoon.com/10-great-articles-on-python-development-6f54dd38437f

 

And that 's the news!  I'll be on vacation next week, so see you on the 12th.

 

 

Comments are closed
Mastodon