Big, big news out of Portswigger this week. I'm a huge fan of OWASP ZAP, and use it daily, but this is a major uptick in web analysis tools.
A new API for Burp Suite (something ZAP has had for years) https://portswigger.net/blog/burps-new-rest-api
The introduction of 2.0 https://portswigger.net/blog/burp-suite-2-0-beta-now-available
And finally the introduction of Enterprise Edition, which effectively adds scalibility https://portswigger.net/blog/burp-suite-enterprise-edition
Really solid week of announcements.
In other news, AppSec consulting hits it out of the park again with advice on securing third-party JavaScript.
https://www.appsecconsulting.com/blog/securing-third-party-javascript
A major flaw was found in GhostScript. If you are parsing document formats like PDF or XPS, get your patch on!
https://www.kb.cert.org/vuls/id/332928
Another Struts RCE vulnerability. "I'm shocked!" said nobody, ever.
https://cwiki.apache.org/confluence/display/WW/S2-057
Bitdefender published a whitepaper on the next phase of Android malware, and it is worth a read.
https://www.bitdefender.com/files/News/CaseStudies/study/234/Bitdefender-Whitepaper-Triout-The-Malware-Framework-for-Android-That-Packs-Potent-Spyware-Capabilities.pdf
And that's the news!