Application Security Weekly (Video)
578 episodes - English - Latest episode: about 12 hours ago - ★★★★ - 5 ratingsThe Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.
Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Doing Application Security Right - Farshad Abasi - ASW #188
March 14, 2022 21:00 - 37 minutes - 173 MB VideoCybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no attention to Application Security. Security providers usually tack-on AppSec services to their existing menu of offering without understanding the domain, and their team of professionals have little or no experience with software development or inner workings of modern application architectures. As the world turns Digital at a rapid pace accelerat...
Vulns in Markdown Parsers, Census II & Open Source Security, iCloud Private Relay - ASW #187
March 08, 2022 10:00 - 30 minutes - 141 MB VideoIn the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw187
Deep Visibility & Understanding the Underlying Data Layer - Lebin Cheng - ASW #187
March 07, 2022 22:00 - 36 minutes - 171 MB VideoAs the volume of API traffic increases, it becomes a greater threat to an organization’s sensitive data. Motivated attackers will increasingly target APIs as the pathway to the underlying infrastructure and database. Imperva API Security is a new product that delivers rapid API discovery and data classification -- helping an organization truly protect all paths to the data, without slowing down the application development lifecycle. This segment is sponsored by Imperva. Visit https://s...
Bug Bounty Costs, GitHub's Advisory Database, ICS Vulns of 2021, CNCF Secure Software - ASW #186
March 01, 2022 10:00 - 41 minutes - 64.7 MB VideoSalesforce reveals their bounty totals for 2021, GitHub opens its advisory database for collaboration, a year in review of ICS vulns, automating WordPress plugin security analysis, the Secure Software Factory from CNCF, Samsung's encryption mistakes, filling in the missing semester of Computer Science Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw186
Integrating Appsec Tools for DevOps Teams - Steve Wilson - ASW #186
February 28, 2022 22:00 - 36 minutes - 170 MB VideoDevOps teams have often been underserved by security tools. Modern appsec solutions need to fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline isn't sufficient -- there are apps that haven't migrated to modern build processes or framework and many cloud-native apps demand different approaches to deployment. We'll cover the different approaches to adapting security tools to the needs of the developers. This segmen...
Cassandra RCE, Pixelation Is Poor Redaction, Rust's Useful Errors, & Hardening Edge - ASW #185
February 22, 2022 10:00 - 32 minutes - 147 MB VideoThis week in the Application Security News: RCE in Cassandra, why pixelization isn't good redaction, Rust's compiler is friendly, Edge adds arbitrary code guard to its WASM interpreter, & the difference between secure code and a secure product (as demonstrated by a DAO) Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw185
The DIY AppSec Lab - ASW #185
February 21, 2022 22:00 - 32 minutes - 148 MB VideoLots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearly complete toolkit. But nearly complete means there's still room for improvement. We'll talk about the tools to keep on hand, setting up practice targets, participating in bug bounties, and more resources to help you learn along the way. For tips on labs beyond just appsec, be sure to check out the Security Weekly webcast on "Do It Yourself: Bu...
Docker Boundaries, Google Bounties, 2021's Top Web Hacks, Apple AirTags, AI vs. RFCs - ASW #184
February 15, 2022 10:00 - 38 minutes - 177 MB VideoIn the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition research! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw184
The Modern Developer Must be Security Minded, Too - Doug Kersten - ASW #184
February 14, 2022 22:00 - 42 minutes - 65.5 MB VideoIn light of the far-reaching Log4j vulnerability, it’s become increasingly clear that the modern developer can’t operate without a solid level of security expertise. Vulnerability management is not just about responding quickly but should be top-of-mind during all stages of software development from inception to delivery. Modern threats mean developers can’t assume security isn’t part of their job and push the burden of responsibility to their infrastructure teams. Doug Kersten, CISO of Appf...
HTTP/3 Streams, Argo CD Paths, Log4j Devs, Cyber Safety Review Board, OSSF Projects - ASW #183
February 08, 2022 10:00 - 36 minutes - 168 MB VideoVulns in an HTTP/3 server, path traversal in Argo CD, Log4Shell from the perspective of Log4j devs, DHS launches Cyber Safety Review Board, OSSF launches Alpha and Omega projects, resources for learning reverse engineering and appsec Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw183
Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW #183
February 07, 2022 22:00 - 40 minutes - 184 MB VideoSecurity is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulnerability Disclosure (CVD), and IoT or Connected Products Regulations are among the most active and developing areas of security policy around the world. This evolving landscape also serves as an opportunity for innovation and research collaboration. Elazari will walk us through some of the most recent ...
PwnKit, Qubit Hack, Multichain Hack, Safari Bounty, & Python NaN - ASW #182
February 01, 2022 10:00 - 36 minutes - 168 MB VideoPwnKit LPE in Linux, two different smart contract logic flaws in two different hacks, a $100K bounty for Safari, Python NaN coercion, appsec games Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw182
Shift Left, NOT S#!T LEFT - Larry Maccherone - ASW #182
January 31, 2022 22:00 - 39 minutes - 179 MB VideoIf you attempt to shift security left without adaptation, it'll feel a lot more like S#!T LEFT to the development teams but most security groups lack the mindset and skills to do it in a way that works well with modern development approaches and tools but directly focuses on gradual methodical practice and culture change. Larry Maccherone led the Dev(Sec)Ops transformation program in the highly diverse environment at Comcast using Agile and Digital Transformation approaches. Teams that onboa...
IndexedDB Leak, Linux Kernel Bug, Zoom Security, SSRF & Allow Lists, Security Courses - ASW #181
January 25, 2022 10:00 - 34 minutes - 158 MB VideoIn the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engineering course and lectures, 25 years of HTTP/1.1 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw181
API Security (Shadow APIs) - Himanshu Dwivedi - ASW #181
January 24, 2022 22:00 - 35 minutes - 162 MB VideoIt is hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against flaws in code that receives little review. For example, a “dated trend” by effective yet lazy hackers is to search for APIs unknown by security teams, coined “Shadow APIs”, then connect to these APIs and extract data. SQL Injection used to be the hac...
Scams and Security in Web3*, URL Parsing Problems, AWS Glue, CI/CD Compromises - ASW #180
January 19, 2022 10:00 - 27 minutes - 125 MB VideoScams and security flaws in (so-called) web3 and when decentralization looks centralized, SSRF from a URL parsing problem, vuln in AWS Glue, 10 vulns used for CI/CD compromises Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw180
Investing in Open Source Security - ASW #180
January 18, 2022 22:00 - 36 minutes - 168 MB VideoThis isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's behavior from its expected functionality to printing garbage messages. The library was exhibiting the type of malicious activity that typically comes from a compromised package. Only this time users of the library, which easily number in the thousands, discovered this was sabotage by the package maintainer himself. This opens up a broader discus...
Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes - ASW #179
January 11, 2022 10:00 - 36 minutes - 170 MB VideoThe FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security in mind, the Q4 2021 ThinkstScape quarterly, Salesforce to require MFA Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw179
Broadening What We Call AppSec - Christien Rioux - ASW #179
January 10, 2022 22:00 - 37 minutes - 172 MB VideoThere's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about moving on from niche offerings into successful appsec programs. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw179
Latest Log4j, Outages & Availability, FPGA Security Concepts, & Bug Bounty Awards - ASW #178
December 21, 2021 10:00 - 39 minutes - 180 MB VideoLog4j has more updates and more vulns (but probably not more heartburn...), revisiting outages and whether availability has made it into your threat models, deep dive into hardware security, another data point on bug bounty awards, and looking at risk topics for the next year. This completes another year of the podcast! A very heartfelt thank you to all our listeners! And a special thank you and shout out to the crew that helps make this possible every week -- Johnny, Gus, Sam, and Renee. We...
Evolving Security Testing - Dan Guido - ASW #178
December 20, 2021 22:00 - 35 minutes - 164 MB VideoWhat does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability mitigation to vulnerability elimination, then appsec would be able to demonstrate some significant wins -- and they need a partnership with DevOps teams in order to do this successfully. Segment Resources https://blog.trailofbits.com/ Visit https://www.securityweekly.com/asw for all the late...
Log4Shell, Mozilla's BigFix & New Sandbox, Rust in Linux Kernel, Path Traversal in Go - ASW #177
December 14, 2021 10:00 - 35 minutes - 163 MB VideoThis week in the AppSec News, Mike & John talk: All about Log4Shell, Mozilla's BigFix bug and new sandbox, Rust in the Linux kernel, path traversals, reflections on the security profession, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw177
DevSecOps, Compliance GRC, and the Future of Application Security - Francesco Cipollone - ASW #177
December 13, 2021 22:00 - 34 minutes - 160 MB VideoDevSecOps has been traditionally very people centric. It is hard to measure software security and the landscape is becoming increasingly more complex with container, cloud, and infrastructure. Driving an appsec program at scale is often an art that only few can master and the majority of organizations remain uncovered from an appsec perspective. Measuring DevSecOps and evolving risk-based vulnerability management is a must. Bringing along risk people and GRC has traditionally been challengin...
Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176
November 30, 2021 10:00 - 38 minutes - 178 MB VideoThis week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw176
Solving Systemic Risk in Software Development - Chris Wysopal - ASW #176
November 29, 2021 19:55 - 37 minutes - 172 MB VideoIn today’s session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and security teams can work together to meet common goals and solve the speed vs. security dilemma. Specifically, they’ll discuss processes for fixing more vulnerabilities faster and tools for ensuring developer success. And they’ll talk about improving the overall maturity of DevOps teams through good development practices, good testing, remediation,...
CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175
November 23, 2021 10:00 - 35 minutes - 162 MB VideoThis week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw175
wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175
November 22, 2021 22:00 - 34 minutes - 158 MB VideoCNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely. Segment Resources: - https://webassembly.org/ - https://wasmcloud.com/ Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw175
PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174
November 16, 2021 18:07 - 38 minutes - 177 MB VideoIn the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw174
Mobile Application Security - Ryan Lloyd - ASW #174
November 15, 2021 22:00 - 32 minutes - 149 MB VideoMobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats. This segment is sponsored by Guardsquare. Visit https://securityweekly.com/quardsquare to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw174
Linux Kernel TIPC RCE, NPM Malware, OTP 2FA Bots, & Security Labels - ASW #173
November 09, 2021 10:00 - 38 minutes - 178 MB VideoThis week in the AppSec News, Mike and John talk: Excel gains support for JavaScript data types and functions, arbitrary code execution in Linux kernel TIPC, more malware in npm packages, threat models and OTP/2FA bots, NIST Security Labels! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw173
A Standardized Approach to SBOM - Dan McKinney - ASW #173
November 08, 2021 22:00 - 35 minutes - 162 MB VideoIn this segment, Mike and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chain, the history of provenance, GPG Keys & signing commits, package consumption, understanding threat modeling, and knowing the roles and responsibilities when it comes to security of your assets. This segment is sponsored by Cloudsmith. Visit https://securityweekly.com/cloudsmith to learn mo...
Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172
November 02, 2021 09:00 - 39 minutes - 181 MB VideoThis week in the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw172
Untangling API Security in 2022 - Peter Klimek - ASW #172
November 01, 2021 21:00 - 37 minutes - 174 MB VideoPeter will talk to the challenges he's hearing from customers and partners about managing the security of APIs and what considerations organizations need to make in 2022 to better protect these growing ecosystems. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw172
UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171
October 26, 2021 09:00 - 38 minutes - 179 MB VideoThis week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw171
Security Champions in an Online First World - Ashish Rajan - ASW #171
October 25, 2021 21:00 - 35 minutes - 163 MB VideoAshish will talk about building a security champion in an online world and how SAST as it stands today will die in the world of DevOps and Cloud. Segment Resources: www.cloudsecuritypodcast.tv Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw171
View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170
October 19, 2021 09:00 - 37 minutes - 174 MB VideoThis Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw170
Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170
October 18, 2021 21:00 - 38 minutes - 176 MB VideoThere's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier. ...
Twitch Breach, HTTPd Path Traversal, Disabling Macros, & Great Cybersecurity Programs - ASW #169
October 12, 2021 09:00 - 38 minutes - 175 MB VideoThis week in the AppSec News, Mike and John talk: The Twitch breach, a path traversal in Apache httpd, Microsoft disables macros by default after almost 30 years, factors in a great cybersecurity program, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw169
Modernizing the Management of Your Software Supply Chain - Tom Gibson - ASW #169
October 11, 2021 21:00 - 35 minutes - 164 MB VideoSBOM: What does it really tell you and the importance of having one for your organization. - Finding and fixing known vulnerabilities in dependencies and container images - Building a source of truth for packages to avoid malicious packages getting through - Combining continuous packaging and security into a CI/CD pipeline - Establishing Trust & Provenance in your Software Supply Chain - Visibility in your Software Supply Chain with upstreams and signatures This segment is sp...
Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168
October 05, 2021 09:00 - 37 minutes - 171 MB VideoIn the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw168
The Power of Developer-First Security - Hillary Benson - ASW #168
October 04, 2021 21:00 - 33 minutes - 152 MB VideoDevelopers want to write good code. Secure code. Security tools that optimize developer workflows for handling security issues can take a large burden off security practitioners and make triaging, understanding, prioritizing, and resolving vulnerabilities much easier and faster for the developer. We will discuss GitLab's views on what it means to provide developer-first security and see how these views manifest in GitLab's security offerings. This segment is sponsored by GitLab. Visit http...
AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167
September 28, 2021 13:08 - 37 minutes - 174 MB VideoIn its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations: efficiency, scalability, and accountability. We will take a closer look at these benefits and discuss it can help your DevSecOps team function better. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to lea...
Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167
September 27, 2021 19:44 - 34 minutes - 157 MB VideoThis week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th anniversary, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw167
OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166
September 21, 2021 09:00 - 31 minutes - 145 MB VideoThis week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka nutrition labels), & more! Show Notes: https://securityweekly.com/asw166 Visit https://www.securityweekly.com/asw for all the latest episodes!
Transforming Modern Software Development with Developer-First AppSec - Jeff Williams - ASW #166
September 20, 2021 21:30 - 38 minutes - 177 MB VideoModern software development demands a different approach to application security. Contrast’s developer-first Application Security Platform empowers developers to accelerate the release of secure code with highly accurate results that include context-aware, how-to-fix vulnerability remediation guidance. Show Notes: https://securityweekly.com/asw166 Segment Resources: 2021 Application Security Observability Report: https://view-su2.highspot.com/viewer/612ff3a8c6485f4687834782 White...
OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165
September 14, 2021 09:00 - 37 minutes - 171 MB VideoThis week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw165
Findings From the 2021 AppSec Shift Left Progress Report - Manish Gupta - ASW #165
September 13, 2021 21:00 - 36 minutes - 168 MB VideoData from the ShiftLeft customer report shows that companies that have rebuilt their core testing processes around faster and more accurate static analysis are able to release more secure code at scale, scan more frequently, fixes earlier in the software development life cycle, have less security debt, and maintain more security fixes overall. Segment Resources: http://shiftleft.io/resources/appsec-shift-left-progress-report-2021?utm_source=cyber_risk_alliance&utm_medium=podcast T...
ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164
August 31, 2021 09:00 - 34 minutes - 160 MB VideoThis week in the Application Security News, Mike and John talk: Flaws in Azure's CosmosDB, OpenSSL vulns in string handling, dating app location security, cloud security orienteering, detailed S3 threat model, & more! Show Notes: https://securityweekly.com/asw164 Visit https://www.securityweekly.com/asw for all the latest episodes!
A DevOps Perspective on Risk Tolerance & Risk Transfer - Caroline Wong - ASW #164
August 30, 2021 21:00 - 32 minutes - 148 MB VideoIn the segment Mike and Caroline will discuss Risk Tolerance and Risk Transfer. They'll touch on the following: risk ranking, risk transfer in supply chain, how to diversify security controls, time vs risk reduction vs vulnerability exposure all from a DevOps perspective. While also touching upon how security is not (and should not) be a gate. Show Notes: https://securityweekly.com/asw164 Visit https://www.securityweekly.com/asw for all the latest episodes!
BlackBerry's BadAlloc, Glibc's NULL, Backtick Command Injection, & ProxyLogon Details - ASW #163
August 24, 2021 09:00 - 36 minutes - 166 MB VideoThis week Mike & John discuss: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf misuse that leads to command injection, ProxyLogon technical details, & more in the AppSec News! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw163