Application Security This Week for July 12

Big news this week was the F5 zero day, of course, but on the application side you should review the code for the exploit, which is public.  I am not gonna link it here but y’all can google.  DO NOT run this on your corporate machines, use your test box and a VM, and just look.  Here is a link to the CVE:

https://us-cert.cisa.gov/ncas/current-activity/2020/07/04/f5-releases-security-advisory-big-ip-tmui-rce-vulnerability-cve

Bestill my heart, an API driven HTTP server. Haven’t played with it yet but I looks super sexy.

https://httpie.org/

Common thread on this newsletter – DNS is dangerous.  Review your records.

https://www.theregister.com/2020/07/07/microsoft_azure_takeovers/

Very nice collection of testing scripts – well worth the clone and the hour it takes to learn to use them. I’m integrating them into my test scenarios.

https://github.com/wintrmvte/Citadel

That’s the news, folks!