Hacking, AppSec, and Bug Bounty newsletter
2017-11-02 | Pentesting hardware, Build better security presentations, and 30K in 30 days
Scott Roberts wants you to build better security presentations (and shows you how)
Missing SSL can leak job token [10 upvotes] - swag awarded for this report to WordPress by @c0rte.
CSRF to change Account Security Keys on secure.login.gov [4 upvotes] - no bounty for this report to TTS Bug Bounty by @zk34911.
You can see all the latest and greatest disclosures and bounties on www.hackerone.com/hacktivity
OTHER ARTICLES WE’RE READING
Exploiting and protecting against race conditions - blog by @cablej
Hackers love a challenge, Ron Chan is up to the task
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
Get this email forwarded to you? Click here to subscribe to the Zero Daily
The simple fix is to not pass user input to the $query parameter to WPDB::prepare() in meta.php...