by Bill Sempf
3. March 2019 15:02
A new tool for finding malicious JavaScript and securely using external libraries.
https://blog.focal-point.com/a-new-tool-for-finding-malicious-javascript-and-securely-using-external-libraries
Acunetix has it's annual report out. Gotta give them your dox though, sorry.
https://www.acunetix.com/acunetix-web-application-vulnerability-report/?utm_source=hacktools&utm_campaign=security&utm_medium=content
Portswigger has their annual report out too. You do NOT need to give them your dox. Just sayin.
https://portswigger.net/blog/top-10-web-hacking-techniques-of-2018
Really cool video that shows the non-FUD dangers of digital exploitation, without using a single website, computer, or black hoodie.
https://www.grahamcluley.com/cybersecurity-video-no-computers/
New Google Translate exploit. Funny, because I used Google Translate as a counter-example in my REST security talk.
https://github.com/ljmf00/google-translate-exploit
Universal RCE with Ruby YAML.load()
https://staaldraad.github.io/post/2019-03-02-universal-rce-ruby-yaml-load/
And that's the news!
da2b1931-30fd-443e-a044-b764bb522824|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
AppSec