Tuesday, November 21, 2017

3 new entries in OWASP top 10

OWASP have updated their top 10.  3 new entries have been added.  They are XXE and Insecure Deserialisation, as well as Broken Access Control.  See below.

For more details check out https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf

Sunday, November 5, 2017

'You Cast' Working Again

Our app 'you cast' experienced a crippling issue earlier this year whereby it just started playing the sound but no picture. This was caused by a chromecast firmware update that didn't seem to play nice with our method of casting videos.

As the 1 star reviews started piling up I spent a lot of time trying to get around this issue. I tried two main main methods:
1. Analysing LAN traffic with wireshark created by android apps which use the official chromecast API.
2. Scouring the web for various open source projects which claim to allow users to cast using the latest chromecast protocol but without using the official API. Most of these were node.js projects on git hub which never seemed to actually cast anything. The closest I got was with this one which connected to my chomecast but then crashed when I actually tried to cast a video.

After quite a few roadblocks other priorities got in the way and I basically gave up. The little bit of advertising revenue we'd been making didn't exactly seem worth the hassle.

However recently I noticed my chromecast device received a firmware update. I tried 'you cast' out and sure enough it is now working again. Last week I made a minor fix to the app and published it to the store just so that users are aware its working again.

Oh well, glad its fixed, and at least I'm an expert in node.js now.