Application Security This Week for May 3

Really awesome article on automating application scanning with OWASP ZAP:

https://www.zaproxy.org/blog/2020-04-09-automate-security-testing-with-zap-and-github-actions/

 

Interesting model on how Chrome extensions can be used for man-in-the-middle attacks.

https://github.com/mandatoryprogrammer/cursedchrome

 

DLL Hijacking is one of those thick-client attacks that everyone dismisses, but they shouldn't.  This is why:

https://itm4n.github.io/windows-dll-hijacking-clarified/

 

Another information disclosure vulnerability - this time through the Referrer header.

https://www.theregister.co.uk/2020/04/30/email_http_leakage/

 

That's the news folks.  Hope everyone is healthy!

 

 

Comments are closed
Mastodon