Simjacker – Next Generation Spying Over Mobile, Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack and NetCAT: Practical Cache Attacks from the Network, What is PSD2? And how it will impact the payments processing industry, Better Together: Why Software-Development Toolmakers Should Embrace Integration, and more!
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The excel tool Jay Durga developed can be used to measure metric or as a guidance document for testing effectiveness of security controls put in place in your SDLC and DevOps process.
A very deep dive into iOS Exploit chains found in the wild followed by Heap Exploit Development, Twitter turns off SMS texting after @Jack hijacking, CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim, 7 Steps to Web App Security, Fuzzing 101: Why Bug Hunters Still Love It After All These Years, and more!
Ty Sbano is the Cloud Chief Information Security Officer of Sisense. Ty will be discussing Tools in the DevOps Pipeline, Component Analysis, and Anything Application Security!
We interview Azi Cohen the Co-founder of WhiteSource. He will be talking about Application security has undergone a transition in recent years, as information security teams testing products before release became irrelevant, developers started playing a leading role in the day-to-day operational responsibility for application security. We then interview Jeff Hudson the CEO of Venafi. He will talk about code signing that has been used to verify the integrity of software, and nearly every organization relies on it to confirm their code has not been corrupted with malware.
Pawan Shankar is the Senior Product Marketing Manager of Sysdig. Sysdig is very excited to announce the launch of Sysdig Secure 2.4! With this release, Sysdig adds runtime profiling to enhance anomaly detection and introduces brand new interfaces that improve runtime security policy creation and vulnerability reporting.
To learn more about Sysdig, visit: https://securityweekly.com/sysdig Full Show Notes: https://wiki.securityweekly.com/ASW_Episode74 Visit https://www.securityweekly.com/asw for all the latest episodes!
CVE-2019-1162 showcases elevation of privilege in an ancient Windows component. HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS. We talked more about ephemeral access and SSH in episode 71, Polaris Points the Way to Kubernetes Best Practices, and much more!
At Black Hat 2019, we interviewed: Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure!
Outline of Interview: Leaders want to be successful, what are the "6 Secrets of Success" As a leader, what's my body language and how do I improve it: "Body Language of Leaders" "Myths About Body Language" "Confident Body Language Boosters" As a leader, I need to know "How to Increase Your Influence" Finally, as a leader, I need to know "How to Capture an Audience by Using the Body Language Secrets"
Mike Shema and Matt Alderman discuss Hacker Summer Camp as the Security Weekly team has returned from Las Vegas.
Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about The state of container security in the enterprise. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!
Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more!
SupPy Chain Malware - Detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, Enables Tracking on Windows 10, iOS & macOS Devices, 2019 Global Developer Report: DevSecOps finds security roadblocks divide teams and GitLab Survey Surfaces Major DevSecOps Challenges Ahead.
Ian Eyber is the CEO of NanoVMs. Unikernels are an emerging trend in software deployment because of their isolation, performance and size. However they are still very much new so it's good to learn what benefits they bring and what their current drawbacks are. Listeners might be surprised to learn how many unikernel implementations there are and what organizations are actively using them.
Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj is coming on the show to discuss security in multi-cloud environments.
To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti
Yes, the zoom thing, 50 Ways to Leak Your Data in 1,300 Popular Android Apps Access Data, Without Proper Permissions, GE Aviation exposed internal configs via open Jenkins instance, Preparing your enterprise to eliminate passwords, DevSecOps Survey Finds Failure to Communicate, What Quality Metrics Matter Most for DevOps?
WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more!
Mike Shema, John Kinsella, and Matt Alderman talk cloud native from an application perspective.
Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs!
GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, Developers and Security Teams Under Pressure to Collaborate!
API are now over 80% of the HTTP traffic and enterprise application breaches through compromised APIs are mounting!. A guide to API Security. They also discuss Public VS Private APIs and if the best practice should be segregation of the two.
Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions!
Mike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps.
There's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps!
"Waiting for the worms to come." -- Pink Floyd and RDP's CVE-2019-0708. Even the NSA warns about the population of exposed systems, A patch commands attention for mail servers, In macOS Catalina and iOS 13, Apples finds a way to find devices and not lose privacy, iOS App Transport Security has strong benefits, but weak adoption, and much more!