Profile cover photo
Profile photo
Timothy Morgan
2 followers
2 followers
About
Timothy's posts

Post has attachment
Advisory: HTTP Header Injection in Python urllib
Overview Python's built-in URL library (" urllib2 " in 2.x and " urllib " in 3.x) is vulnerable to protocol stream injection attacks (a.k.a. "smuggling" attacks) via the http scheme. If an attacker could convince a Python application using this library to f...

Post has attachment
Security Warnings in API Docs are not Enough
May 25, 1979: American Airlines flight 191 started down the runway at Chicago O'Hare Airport. Just before takeoff, the left engine tore itself completely off of the wing. This severed four critical hydraulic lines as well as disabling several safety systems...

Post has attachment
Multiple LDAP APIs are Asking for Trouble
LDAP filter injection is a classic injection flaw that occurs when user-supplied values find their way into LDAP search filters ("queries") without proper encoding or input validation. The issue has been publicly described since at least 2002 [1] and I stil...

Post has attachment
Why the Security Community Should Focus More on API Design
Every year, billions of lines of software code are written and deployed into production. While software security experts frantically review code and conduct penetration tests on some of these applications, a vanishingly small percentage ever undergo serious...

Post has attachment
Wait while more posts are being loaded