Hacking, AppSec, and Bug Bounty newsletter
2018-10-08 | Derbycon 2018 videos, Inconsistency and URL parsing bug, and Draw.io for threat modeling
Monday, October 8
Inconsistency and URL parsing bug: Google Chrome on iOS Universal XSS vulnerability (CVE-2018-6128) and also Google Project Zero’s Ivan Fratric posted Finding and Exploiting Safari Bugs using Publicly Available Tools
GitHub Token Leaked publicly [191 upvotes] - $15,000 bounty for this report to Snap Inc by @th3g3nt3lman.
OTHER ARTICLES WE’RE READING
Disaster Recovery Considerations in AWS by Corey Quinn
Draw.io for threat modeling by Michael Henrikson
Blog discussing trade-offs between security and usability, using Airbnb’s mobile app data gathering as example
ABOUT ZERO DAILY
Zero Daily is a daily newsletter that highlights application security, bug bounty, and hacker focused topics. The content is curated with love by @luketucker and brought to you by HackerOne.
Friends don’t keep good things to themselves - forward this to your homies and co-workers. BTW, want to see who runs bug bounties?
Have a news tip / story to highlight? We’d love to hear about it. Email: firstname.lastname@example.org
When someone tells you that you’ll never be able to do something… simply prove them they’re wrong by doing it.