Application Security This Week for July 28

It’s 1994 again! Encryption is on the table for law enforcement. Be ready for entry in the back door soon.

https://www.theregister.co.uk/2019/07/23/us_encryption_backdoor/

If you want to read about the LAST time we tried this, I recommend Matt Curtin’s book Brute Force.

https://www.amazon.com/Brute-Force-Cracking-Encryption-Standard/dp/1441918957

Very good analysis of the XML eXternal Entity (XXE) attack.

https://www.synack.com/blog/a-deep-dive-into-xxe-injection/

Gitlab’s Global Developer Report has some interesting security insights.

https://learn.gitlab.com/c/2019-global-develope

If you write mobile apps, and your vulnerability assessment mentions “a third party malicious app could exploit this” pay attention to it.  It’s really happening in the wild.

https://www.infosecurity-magazine.com/news/uptick-in-ransomware-mobile/

That’s the news!