In the Application Security News, a nasty DHCPv6 packet can Pwn vulnerable Linux Boxes, 'Stalkerware' website let anyone intercept texts of tens of thousands of people, twelve malicious Python libraries found and removed from PyPI, the U.S. Department of Defense Guide for "Detecting Agile BS", and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Follow us on Twitter: https://www.twitter.com/securityweekly
Daniel Cuthbert is the Global Head of Security Research for Banco Santander. He joins Keith and Paul this week for an interview!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Follow us on Twitter: https://www.twitter.com/securityweekly
Millions of passengers affected by Cathay Pacific Airline Hack, China has been hijacking the internet backbone of Western countries, how proficient are developers at fixing Application Security flaws, WordPress team working to wipe-out older versions from existence on the Internet, MicroTik Router Bug is as bad as it gets, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Follow us on Twitter: https://www.twitter.com/securityweekly
Keith, Paul, and Johnny Xmas discuss airport security, penetration testing, the top 5 payment apps, and DevOps infused conversation!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Follow us on Twitter: https://www.twitter.com/securityweekly
Hackers hide Cryptocurrency malware in Adobe flash updates, the government is finally rolling out 2 Factor Authentication for Federal Agency Domains, and Disney is helping women from across their company to become Developers!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Follow us on Twitter: https://www.twitter.com/securityweekly
Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, and a remote code implantation flaw found in Medtronic Cardiac Programmers.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Follow us on Twitter: https://www.twitter.com/securityweekly
Garrett Gross received his first modem at age six and has been plugged in ever since. Today, Garrett is a Senior Solutions Engineer with a specialization in application security at Rapid7. He serves as an escalation layer to the applied engineering department, provides technical enablement, and facilitates cross-departmental functionality. Garrett joins Keith and Paul this week for an interview!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
In the Application Security News, Git Project patches Remote Code Execution Vulnerability, Google is Shutting Down Google+ after 500k accounts potentially affected by a data breach, Facebook wants people to Invite its cameras into their homes, GitHub introduces user blocking notifications, DevOps producing more insecure apps than ever, Climate Change being taught on Fortnite Twitch stream, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Facebook discloses the loss of at least 50M Access Tokens also covered by Motherboard Formjacking is on the rise, Google admits to allowing hundreds of companies read your email, FireFox Monitor will alert you when your accounts have been Pwned, Microsoft releases MS-DOS v1.25 and v2.0 as Open Source, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly
Attend local meetups and conferences, practice your coding skills, get educated by World Class security researchers, do your homework, there's no substitute for Practice, OWASP Juice Shop, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34 Follow us on Twitter: https://www.twitter.com/securityweekly
In the Application Security News, Hackers stole customer credit cards in Newegg data breach, John Hancock now requires monitoring bracelets to buy insurance, the man who broke Ticketmaster, new security settings available in iOS 12, State Department confirms data breach exposed employee data, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Ron started his cybersecurity career as a network penetration tester for the NSA, and is the Founder of Tenable and Gula Tech Adventures. He joins Keith and April for an interview to talk about security in the upcoming elections, how to maintain separation of duties, attack simulation, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33
Follow us on Twitter: https://www.twitter.com/securityweekly
Alpine Linux hit with bug that can lead to Poisoned Containers, data breaches affect stock performance in the long run, Bluebox-ng, a Node.js VoIP pentesting framework, and CommitStrip: It's Not an App!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly
Keith Hoodlet and Paul Asadoorian interview April Wright. They discuss people connected by apps, workplace reward systems, and the importance of building/practicing the process before documenting it. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Follow us on Twitter: https://www.twitter.com/securityweekly
U.S. Government releases post-mortem on Equifax, MacOS security baseline script by Jerry Gamblin, Equifax mega-breach and nothing has changed, Docker hacking challenge, and Bug Bounties and mental health.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly
Zane Lackey is the Founder/Chief Security Officer at Signal Sciences. Zane Lackey explains how we the security industry needs to shift left when it comes to applications and patching.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31 Follow us on Twitter: https://www.twitter.com/securityweekly
In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly
Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover:
- CVE-2018-11776
- How the 3 Ways of DevOps can guide us toward better security practices
- Shared Version Control
- Test Environments
- Shared Ticketing
- ChatOps
- Buying
Time Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30
Follow us on Twitter: https://www.twitter.com/securityweekly
Matt Alderman and Paul sat down at DEF CON to talk all of the AppSec vendors that they held briefings with at our Pool Cabana. They sat down with companies like Synopsis, Signal Sciences, and discussed how their products influence the AppSec world.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29 Follow us on Twitter: https://www.twitter.com/securityweekly
Tom is the founder of ServerlessOps (https://www.serverlessops.io/) and an experienced operations engineer. He started ServerlessOps after he asked the question, what would he do if servers went away? At a loss for an answer and interested in the future of his profession, he decided to pursue the answer. Tom is actively engaged in promoting serverless infrastructure and engaging with the community to learn more about their thoughts, wants, and concerns are around the topic.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29 Follow us on Twitter: https://www.twitter.com/securityweekly
After arriving back from Black Hat and DEF CON 2018, Doug joins Keith to share some of his stories about attending the world famous security conferences. They discuss, secure coding practices.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode28
Follow us on Twitter: https://www.twitter.com/securityweekly
Alibaba Cloud Security team discovers Apache spark rest API remote code execution exploit, Comcast security flaws exposed partial address, Hacker finds hidden 'God Mode' in old x86 CPUs, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode28
Follow us on Twitter: https://www.twitter.com/securityweekly
Hardware-based Root of Trust, Small Trusted Computing Base, React v16.4.2, GitHub shows best practices for account security and recoverability, and the cost of JavaScript, and Food for Thought!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode27
Follow us on Twitter: https://www.twitter.com/securityweekly
Galen founded and lead the team building the Azure Sphere, announced at RSA Conference 2018. Our goal is to make IoT safe for society. Azure Sphere provides an end-to-end solution that enables any device manufacturer to create highly-secured devices; devices possessing all 7 Properties of Highly-Secured Devices.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode27
Follow us on Twitter: https://www.twitter.com/securityweekly
New Spectre attack can remotely steal secrets, Microsoft discovers supply chain attack at unnamed maker of PDF Software, XSS filter in edge, OWASP iGoat is a vulnerable swift application for iOS, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode26 Follow us on Twitter: https://www.twitter.com/securityweekly