Application Security This Week for November 11

by Bill Sempf 11. November 2018 09:26

Happy Veterans Day. Please make sure that this isn't the only day of the year that you take the time to do something for a veteran in your life.

 

The OWASP Top 10 project has added the Serverless Application Top 10 to the collection.

https://github.com/OWASP/Serverless-Top-10-Project/

 

Here's a good analysis of a live example of an Android banking trojan.

https://lukasstefanko.com/2018/11/video-analysis-of-android-banking-trojan-found-on-google-play.html

 

A malicious FaceTime caller can cause a kernal panic in some devices.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1641

 

Squally is a purposefully vulnerable video game to teach hacking of games.  Neat idea.

https://squallygame.com/

 

Struts has yet another RCE bug.

https://www.theregister.co.uk/2018/11/07/flaw_in_apache_struts/

 

There is a XSS bug in Evernote!

https://securityaffairs.co/wordpress/77789/hacking/evernote-xss-flaw.html

 

And that's the news.

Tags:

E-Mail | Kick it! | DZone it! | del.icio.us
Permalink | Comments (0)
Comments are closed

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

PageList

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites

MonthList

TagCloud

Mastodon