It has come to my attention that one of Paul Asadoorian's Security Weekly broadcasts is titled Application Security Weekly! I had no idea. It's good too, you should listen. I caught up with the last few weeks when I drove over to Indianapolis to chat with the Indy Software Artisans meetup. Anyway, I am changing the title of this recurring series of posts to Application Security This Week because of the mixup.
Interesting discussion over at El Reg about the weakest link in software security.
https://www.theregister.co.uk/2018/07/16/who_is_the_weakest_link_in_software_security/
Oracle addressed 334 security vulnerabilities in its latest patch series.
https://www.us-cert.gov/ncas/current-activity/2018/07/17/Oracle-Releases-July-2018-Security-Bulletin
Shape Security did the math, and 9 out of 10 login attempts on the web are bypass attempts.
http://info.shapesecurity.com/rs/935-ZAM-778/images/Shape_Credential_Spill_Report_2018.pdf?aliId=7269967