Author

 Vincent Liu
Twitter
LinkedIn
RSS
E-Mail

Profile of Vincent Liu

Partner, Bishop Fox
News & Commentary Posts: 16

Vincent Liu (CISSP) is a Partner at Bishop Fox, a cyber security consulting firm providing services to the Fortune 500, global financial institutions, and high-tech startups. In this role, he oversees firm management, client matters, and strategy consulting.

Vincent is a recognized expert, having presented at Black Hat and Microsoft BlueHat. He is regularly cited by the press, and has been interviewed by media outlets like Al Jazeera and NPR. Vincent has also co authored seven books including several industry best-sellers, such as: Hacking Exposed Wireless 1st and 2nd Edition; Hacking Exposed Web Applications 3rd Edition, and most recently Web Application Security: A Beginner's Guide. He serves as returning faculty at the Practicising Law Institute, and sits on the advisory boards for the University of Advancing Technology and the cyber security accelerator, Mod N Labs.

Articles by Vincent Liu

The What And The Why Of Professional Penetration Testing

9/20/2010
Welcome to the first in a series of posts on professional penetration testing. During the course of the next few entries, I will shed light on the often confusing and rarely straightforward world of penetration testing based on my experience during the past decade as both a professional penetration tester and a manager of penetration testing teams.

Post a Comment
Weaponizing IPv6 to Bypass IPv4 Security
John Anderson, Principal Security Consultant, Trustwave Spiderlabs,  6/12/2018
'Shift Left' & the Connected Car
Rohit Sethi, COO of Security Compass,  6/12/2018
Microsoft Fixes 11 Critical, 39 Important Vulns
Kelly Sheridan, Staff Editor, Dark Reading,  6/12/2018
Register for Dark Reading Newsletters
White Papers
Video
All Videos
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1060
PUBLISHED: 2018-06-18
python before versions 2.7.15, 3.4.9, 3.5.6 and 3.7.0 is vulnerable to catastrophic backtracking in pop3lib's apop() method. An attacker could use this flaw to cause denial of service.
CVE-2018-1090
PUBLISHED: 2018-06-18
In Pulp before version 2.16.2, secrets are passed into override_config when triggering a task and then become readable to all users with read access on the distributor/importer. An attacker with API access can then view these secrets.
CVE-2018-1152
PUBLISHED: 2018-06-18
libjpeg-turbo 1.5.90 is vulnerable to a denial of service vulnerability caused by a divide by zero when processing a crafted BMP image.
CVE-2018-1153
PUBLISHED: 2018-06-18
Burp Suite Community Edition 1.7.32 and 1.7.33 fail to validate the server certificate in a couple of HTTPS requests which allows a man in the middle to modify or view traffic.
CVE-2018-12530
PUBLISHED: 2018-06-18
An issue was discovered in MetInfo 6.0.0. admin/app/batch/csvup.php allows remote attackers to delete arbitrary files via a flienamecsv=../ directory traversal. This can be exploited via CSRF.