by Bill Sempf
19. January 2020 10:47
Good Twitter thread on JavaScript based redirection and Cross-site Scripting.
https://twitter.com/hakluke/status/1216524131421655041
I use Burp Suite for a lot of my testing (though I do love ZAP as well). Here is their roadmap for the next year or so.
https://portswigger.net/blog/burp-suite-roadmap-for-2020
You have probably heard that Microsoft's CryptoAPI has a bug. The US Government has a good writeup.
https://www.us-cert.gov/ncas/alerts/aa20-014a
Speaking of governments, the UK cybercommand has a really creat article on security antipatterns.
https://www.ncsc.gov.uk/whitepaper/security-architecture-anti-patterns
And finally: SHA-1 is now proveably broken. Time to move on from it as a session identifier.
https://eprint.iacr.org/2020/014.pdf
That's the news, folks.
b2b37447-4b07-408c-82f7-8269beb338c2|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags: ASTW
Subscribe