What follows are some of my favorite training opportunities, news bits, tools/scripts and humorous stories to send you into the weekend with!

Training

• The recording from the BHIS Webinar on Web App Security Training is now up on YouTube.

General News

• Did you know your phone’s battery status can lead to online tracking from advertisers and service providers, such as Uber?

• Apple introduces bug bounty program at BlackHat – get $200k for finding vulns in certain Apple products! Wow!

• A group of security researchers found remote code execution and other ugly vulns on PornHub.com (not gonna link to that directly…but in case the name isn’t self-explanatory, it’s not a Disney site).

Tools/Scripts

• Sandstorm.io looks to be a pretty cool way to create your own private cloud (the app collection looks decent as well).

• Here’s a ghetto XSS cheatsheet containing "…XSS payloads that I find to be useful during penetration tests, especially when faced with WAFs or application-based black-list filtering, but feel free to disagree or shoot your AK-74 in the air."

Misc/Humor

• When Google security reacher Tavis Ormandy sets his sights on something boy oh boy do people get passionate!

• I’m thinking of changing Friday’s episode into a newsletter distribution instead. That way I can free up a bit more time to work on tech how-tos and VulnHub walkthroughs that have both audio and video options.