SANS Penetration Testing: Monthly Archives: Aug 2016

Azure 0day Cross-Site Scripting with Sandbox Escape

[Editor's Note: Chris Dale is an amazing gentleman. He finds Cross-Site Scripting (XSS) flaws in the most interesting and wonderful places. In this article, Chrisshares some insights into his methods and how he applied them in finding a zero-day XSS flaw associated with Microsoft Asure. Good reading! -Ed.] By Chris Dale Earlier in 2016, I … Continue reading Azure 0day Cross-Site Scripting with Sandbox Escape


iOS 10 is Apple's Gift to Android Users

How the latest update to iOS 10 will dramatically improve Android security At the Apple WWDC conference in June, Ivan Krstic, Apple Head of Security Engineering & Architecture, made a bold declaration: "At the end of 2016, Apple will make ATS mandatory for all developers who hope to submit their apps to the App Store." … Continue reading iOS 10 is Apple's Gift to Android Users