Application Security This Week for December 1

Fortinet is communicating with static keys and a simple XOR.  Whoops.

https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/

 

An Android gif library has an interesting vulnerability that will affect many application.

https://seclists.org/fulldisclosure/2019/Nov/27

 

An OWASP member made a neat ZAP plugin that helps to attack deployed Kubernetes applications.

https://github.com/omerlh/zap-operator

 

Hope everyone had a great thanksgiving.

S

Comments are closed
Mastodon