Application Security Weekly (Video)
580 episodes - English - Latest episode: 5 days ago - ★★★★ - 5 ratingsThe Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.
Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
A DevOps Perspective on Risk Tolerance & Risk Transfer - Caroline Wong - ASW #164
August 30, 2021 21:00 - 32 minutes - 148 MB VideoIn the segment Mike and Caroline will discuss Risk Tolerance and Risk Transfer. They'll touch on the following: risk ranking, risk transfer in supply chain, how to diversify security controls, time vs risk reduction vs vulnerability exposure all from a DevOps perspective. While also touching upon how security is not (and should not) be a gate. Show Notes: https://securityweekly.com/asw164 Visit https://www.securityweekly.com/asw for all the latest episodes!
BlackBerry's BadAlloc, Glibc's NULL, Backtick Command Injection, & ProxyLogon Details - ASW #163
August 24, 2021 09:00 - 36 minutes - 166 MB VideoThis week Mike & John discuss: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf misuse that leads to command injection, ProxyLogon technical details, & more in the AppSec News! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw163
Challenges in Open Source Application Security - Shubhra Kar - ASW #163
August 23, 2021 21:00 - 35 minutes - 161 MB VideoOpen Source is the new mainstream of software development. However not much attention is paid on security in the upstream community for creating robust and secure software. At the LF, we are working on some initiatives and tools to help bridge the gap between functional and secure code, so that the benefits flow downstream to all users of OSS. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw163
Cracked Concatenation, Injection Against DNS, Allstar GitHub, & DEF CON Highlights - ASW #162
August 17, 2021 09:00 - 35 minutes - 164 MB VideoThis week in the AppSec News: Bug bounty report that cleverly manipulates a hash for profit, Allstar GitHub app to enforce security policies, choosing a programming language, what an app should log, adding security to DevOps, & manipulating natural-language models! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw162
DevSecOps - Making It Real - Mike Rothman - ASW #162
August 16, 2021 21:00 - 32 minutes - 150 MB VideoDevSecOps is an aspirational vision for many teams. With a number of macro changes occurring in modern application development, this segment will explore what tangible, practical things can be done today by security teams that add immediate value. This segment is sponsored by DisruptOps. Visit https://securityweekly.com/disruptops to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw162
Securing Modern Web Apps: Development Techniques are Changing - Tom Hudson - ASW #161
August 16, 2021 17:52 - 32 minutes - 147 MB VideoThe use of web apps, SPAs, and APIs are growing steadily and traditional scanning methods don't provide enough coverage. The appsec tools need to innovate and become smarter and more contextual in order to test modern apps and APIs at scale. Tom Hudson, Security Research Team Lead at Detectify, will give a peek into how Detectify is innovating to help solve these modern app and API developer challenges. Segment Resources: - Sign up for updates and be the first to know about Detectify API...
Router Auth Bypass, Weak IoT RNG, HTTP/2 Request Smuggling, & Kindle Fuzzing - ASW #161
August 10, 2021 09:00 - 34 minutes - 158 MB VideoThis week in the AppSec News: Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Checklist, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw161
PunkSpider, Bug Bounties, RCE in PyPI, Kernel Pwning With eBPF, & Top Vulns From CISA - ASW #160
August 03, 2021 09:00 - 35 minutes - 163 MB VideoThis week in the AppSec News: PunkSpider coming to DEF CON, Google matures its VRP, $50K bounty for an access token, RCE in PyPI, kernel vuln via eBPF, top vulns reported by CISA, & the importance of testing! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw160
Platform Firmware Security - Maggie Jauregui - ASW #160
August 02, 2021 21:00 - 36 minutes - 169 MB VideoFirmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: - https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/ - https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/ - https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal - https://chipsec.g...
Platform Firmware Security - Magggie Jauregui - ASW #160
August 02, 2021 21:00 - 36 minutes - 169 MB VideoFirmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: - https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/ - https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/ - https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal - https://chipsec.g...
CWE Top 25, Bugs in Inconstancies, Sequoia Vuln, Twitter Transparency, & Cloud Risks - ASW #159
July 27, 2021 17:03 - 41 minutes - 189 MB VideoThis week in the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw159
Navigating the Seas of Security in Serverless Functions - Peter Klimek - ASW #159
July 27, 2021 17:02 - 33 minutes - 165 MB VideoAdoption of serverless functions is rapidly growing, which means security teams will be challenged to deliver protection for data and applications in these complex environments in the coming months and years. Peter Klimek is helping Imperva customers address these challenges and will offer guidance on how to get protection for functions without slowing DevOps. Segment Resources: Details on Imperva Serverless Protection: https://www.imperva.com/company/press_releases/imperva-launches-new...
Code Comments, Decision Trees, Windows Hello, Telegram Analysis, & Cloud Risks - ASW #158
July 20, 2021 09:00 - 38 minutes - 177 MB VideoThis week in the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw158
The Role of Open Source in DevSecOps - David DeSanto - ASW #158
July 19, 2021 21:00 - 36 minutes - 168 MB VideoIn the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future. This segment is sponsored by GitLab. Visit https://securit...
Password Mismanager, Trusted Types vs. DOM XSS, PrintNightmare, & Fault Injections - ASW #157
July 13, 2021 18:19 - 44 minutes - 67.7 MB VideoIn the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw157
Web App and API Security Needs to Be Modernized: Here’s How - Sean Leach - ASW #157
July 13, 2021 18:18 - 28 minutes - 129 MB VideoThe truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren’t bogged down by the limitations of legacy solutions. It’s never been more clear that it’s time for a change. Sean will outline new rules for web application and API security that respect the way modern applications are built. ...
Semgrep, Microsoft Signs With Rootkits, ATT&CK/D3FEND, & Injured Android - ASW #156
June 29, 2021 09:00 - 38 minutes - 175 MB VideoThis week in the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw156
Scaling Your Application Security Program - Clint Gibler - ASW #156
June 28, 2021 21:00 - 38 minutes - 179 MB VideoIn this segment with Clint Gibler, learn: * Why secure defaults are higher ROI than finding vulnerabilities * How modern AppSec teams are working with their engineering counterparts * Targeting vulnerability classes, avoiding bug whack-a-mole * The latest innovations in lightweight static analysis Segment Resources: https://semgrep.dev/ https://github.com/returntocorp/semgrep https://github.com/returntocorp/semgrep-rules 2020 GlobalAppSec SF https://docs.google.com/present...
Supply Chain Integrity, Format Strings, Systemd Bug, Instagram Bounty, & Refactoring - ASW #155
June 22, 2021 09:00 - 35 minutes - 162 MB VideoThis week in the AppSec Weekly News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155
Challenges of DAST Scanners / Adoption by Developers - Nuno Loureiro, Tiago Mendo - ASW #155
June 21, 2021 21:00 - 39 minutes - 181 MB VideoWhat are some of the DAST scanners challenges, like coverage of modern apps, point & shoot, scan time, partial scans, or scanning at scale? What do developers look for in a DAST scanner? This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155
ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics - ASW #154
June 15, 2021 09:00 - 32 minutes - 150 MB VideoThis week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw154
OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW #154
June 14, 2021 21:00 - 37 minutes - 171 MB VideoWe will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity...
HTTP Goes QUIC, Security & Humans, Amazon Sidewalk Privacy, & Product Abuse - ASW #153
June 08, 2021 09:00 - 38 minutes - 176 MB VideoThis week in the AppSec News, Tyler Robinson joins Mike & John to discuss: HTTP/3 and QUIC, bounties for product abuse, Amazon Sidewalk security & privacy, security & human behavior, authentication bypass postmortem, M1RACLES, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw153
API Security: Understanding Threats to Better Protect Your Organization - Daniel Hampton - ASW #153
June 07, 2021 21:00 - 35 minutes - 162 MB VideoWhile web application security is a highly researched topic with a lot of subject familiarity among security professionals, it’s still not easy for security and development teams to navigate modern threats, and understand the differences, and more importantly, the similarities between securing web apps and securing APIs. In the endless battle to keep networks and applications safe, organizations need to rely on real-time data to better understand the differences between attacker behavior and...
IIS Bug, Browsers & Androids & Supply Chains Oh My! - ASW #152
May 25, 2021 09:00 - 32 minutes - 148 MB VideoThis week in the AppSec News segment, Mike and John talk: HTTP bug bothers IIS, Android platform security, supply chain security (new and old), brief (very brief) history of browser security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw152
Bringing AppSec to a Modern CI Pipeline - Manish Gupta - ASW #152
May 24, 2021 21:00 - 38 minutes - 180 MB VideoAppsec in a modern CI pipeline needs a combination of tools, collaboration, and processes to be successful. Importantly, it also needs to scale. We can't just shift responsibility left and assume that will be successful. So, how can an appsec team bring tools and security knowledge to developers? This segment is sponsored by ShiftLeft. Visit https://securityweekly.com/shiftleft to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Note...
CNCF Supply Chain, Frag Attacks, Securing Webhooks, & Complexity vs. Security - ASW #151
May 18, 2021 21:00 - 37 minutes - 171 MB VideoCNCF releases a whitepaper on supply chain security, Frag attacks against WiFi devices, security webhooks, trusting terraform plans, shared credentials and app access, complexity vs. security vs. design. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw151
Third Party Software Risk on the Web - Aanand Krishnan - ASW #151
May 18, 2021 09:00 - 37 minutes - 172 MB VideoWeb applications are highly dependent on third party content and JavaScript. This creates a significant set of vulnerabilities that attackers are exploiting. How do you prevent a Solarwinds type hack on your website? Segment Resources: https://go.talasecurity.io/blog/data-in-the-browser-is-data-at-risk https://www.talasecurity.io/protect/#how https://go.talasecurity.io/blog/how-i-hacked-your-website This segment is sponsored by Tala Security. Visit https://securityweekly.com/t...
AirTags & Threat Models, Qualcomm Modem Vuln, Exim RCE(s), & Binary Hardening - ASW #150
May 11, 2021 09:00 - 38 minutes - 176 MB VideoThis Week in the AppSec News, Mike and John talk: "Find My threat model" with AirTags, Qualcomm modem vuln hits lots of Android, an Exim update patches lots of vulns, measuring hardened binaries, a maturity model for k8s, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw150
Delivering On the Promise of Application Security - Ankur Shah - ASW #150
May 10, 2021 21:00 - 36 minutes - 167 MB VideoWhile the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user entitlements—make for complex systems. In this episode, we discuss the challenge in addressing each piece independently and consider how consolidated, multi-purpose tools may present an emerging solution. This segment is sponsored by Prisma Cloud/ ...
BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches - ASW #149
May 04, 2021 09:00 - 35 minutes - 162 MB VideoThis week in the AppSec News: Microsoft discloses "BadAlloc" bugs, macOS Gatekeeper logic falters, authentication issues in KDCs and ADs, Spectre gains another vector, followup on the UMN Linux kernel vulns study! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw149
Why Developers Need to Think Differently About Software Security - Rey Bango - ASW #149
May 03, 2021 21:00 - 36 minutes - 167 MB VideoRey will be digging into the developer security training conundrum based on his own experiences with secure coding and security training. He'll cover: • The types of security training that work • The role of security champions • How the security and development teams can work together to ensure code is create securely from the start Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw149
Signal Aesthetics, AirDrop Privacy, Safety vs. Security, & Data Ordering Attacks - ASW #148
April 27, 2021 09:00 - 35 minutes - 161 MB VideoThis week in the AppSec News: Signal points out parsing problems, privacy preserving improvements to AirDrop, Homebrew disclosure, WhatsApp workflows, adversarial data ordering for ML, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw148
Deceptive Diffs From Subversive Submitters - ASW #148
April 26, 2021 21:00 - 38 minutes - 176 MB VideoWe start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out that bad actors can attempt to introduce subtle and exploitable bugs. More generally, we've also seen impacts from package owners who have revoked their code, like NPM leftpad, or who transfer ownership to actors who later on abuse the package's r...
Rust in Android, Vuln Disclosure, Postmortems, & BootHole Follow-Up - ASW #147
April 20, 2021 09:00 - 34 minutes - 159 MB VideoThis week in the AppSec News, Mike and John discuss Rust in Android and the Linux kernel, vuln disclosure policy changes from Project Zero, security and DevOps collaboration, XSS with NULL, & a BootHole follow-up! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw147
Supply Chain Management - Doug Barbin - ASW #147
April 19, 2021 21:00 - 33 minutes - 155 MB VideoSupply chain security isn't new, despite the renewed attention from the Solar Winds attack. It has old challenges, like having an accurate asset or app inventory, and new opportunities, like Software Bill of Materials. From consequences to code integrity, DevOps teams need to understand how to protect their own code from others' components. Additional resources: - National Supply Chain Integrity Month, https://www.cisa.gov/supply-chain-integrity-month - SCRM vendor template, https://w...
Malicious PHP Commits, OAuth Attacks & XML Injection, & Zines For DevSecOps - ASW #146
April 06, 2021 09:00 - 32 minutes - 151 MB VideoPHP deals with two malicious commits, SSO and OAuth attack vectors to remember for your threat models, zines for your DevSecOps education! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw146
Shifting Right: What Security Engineers Can Learn From DevSecOps - Leif Dreizler - ASW #146
April 05, 2021 21:00 - 40 minutes - 184 MB VideoThe security industry generally agrees on the value of enabling developers in an agile environment—although we don't agree on what to call it… “Shifting Left,” “Creating a Paved Path,” “DevSecOps.” Regardless of the name, we tend to focus on teaching developers how to Sec, but there’s less focus on security engineers learning how to Dev. This segment will focus on how to create a meaningful partnership between security and software engineers. Segment Resources: https://segment.com/blog/shi...
TikTok Analysis, Patching Patches, CI/CD Integrity, Faster Fuzzing, & Slack Safety - ASW #145
March 30, 2021 09:00 - 34 minutes - 159 MB VideoSecurity and privacy technical analysis of TikTok, subtle parsing problems, chain of trust through a CI/CD pipeline, faster fuzzing even without source code, interplay of application security and application safety! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw145
OWASP Top 10 of 2021 - Andrew van der Stock - ASW #145
March 29, 2021 21:00 - 37 minutes - 171 MB VideoThe OWASP Top 10 2021 is in development. A public survey has just been released. We have finished collecting data. I would like to discuss what the plans are for the OWASP Top 10 2021, and when it will be released, and how you can get involved. https://owasp.org/www-project-top-ten/ https://github.com/OWASP/Top10 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw145
Supply Chains in Azure SDK/Xcode, GitHub Sessions, & GCP VRP - ASW #144
March 23, 2021 09:00 - 31 minutes - 144 MB VideoIn the AppSec News: Supply chain security in Azure SDK and macOS Xcode, GitHub's postmortem on a session handling flaw, six GCP vulns from 2020, & information resources for hacking the cloud! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw144
Approaching AppSec Like a Hacker - Johanna Ydergard, Roberto Giachetta - ASW #144
March 22, 2021 21:00 - 36 minutes - 168 MB VideoSecurity is struggling to keep up with securing modern web applications and the fast pace of wild web hacks. Detectify is building automated app scanners that can think like a hacker and shorten vulnerability detection time down to minutes and hours, whilst helping ethical hackers do bug bounty/disclosures in a scalable way. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/asw for all...
Unauth'd RCE, "Regexploits", Post-Spectre Web, & SigStore Signing - ASW #143
March 16, 2021 09:00 - 28 minutes - 132 MB VideoSoftware safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts, 8 roles for today's security teams. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw143
Cloud Native Security Platforms - John Morello - ASW #143
March 15, 2021 21:23 - 33 minutes - 155 MB VideoModern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy must integrate with DevOps tools and workflows. Security solutions need to come from a cohesive platform that addresses the problems DevOps teams face in how they're building apps today. This segment is sponsored by Prisma Cloud/ Palo Alto Networks. Visit https://securityweekly.com/prismacloud to learn more about them! Visit https://www.securityweekly.com/asw fo...
Security Engineering, Evil Packages, Exchange SSRF, & Observability - ASW #142
March 09, 2021 10:00 - 31 minutes - 143 MB VideoMaking security engineering successful, Go's supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw142
Privacy, Data Security & Compliance - Cynthia Burke - ASW #142
March 08, 2021 22:00 - 32 minutes - 148 MB VideoIn most IT shops, privacy, data security and compliance often resided under the same umbrella of ownership. While all 50 States in the US have data breach notification laws, we are seeing a shift in focus on data privacy globally. Privacy and data security compliance are often used interchangeably but this misuse in terminology (and the associated requirements for all IT organizations) creates a lot of confusion in an already complicated industry. Cynthia will explore some of the key factors...
JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141
March 02, 2021 10:00 - 33 minutes - 153 MB VideoThis week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw141
Hackable; How to do Application Security Right - Ted Harrington - ASW #141
March 01, 2021 22:00 - 34 minutes - 158 MB VideoIn looking at how to do application security right we talk about understanding the difference between defining types of security testing and the goals that security testing should be aiming for. Plus, we highlight how doing security right also means shifting left in terms of addressing security issues in the design phase. And throughout all this is the importance of being able to communicate security principles and how your design and testing reduces risk. Register for the DevSecOps eS...
Dependency Confusion, Suspender Falls, Web Shells, & AppSec Scale - ASW #140
February 23, 2021 10:00 - 33 minutes - 154 MB VideoThis week on the Application Security News, Dependency confusion for internal packages, Chrome pulls down the Great Suspender, Microsoft highlights web shells, some strategies on scaling AppSec, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw140
Targeting, Exploiting, & Defending Linux - Brandon Edwards - ASW #140
February 22, 2021 22:00 - 34 minutes - 157 MB VideoLinux is all over the place (sometimes surprising), why is targeting it different? What types of attacks are used? How can we defend against attacks on Linux? We can incorporate recent attacks against SUDO as a timely reference. This segment is sponsored by Capsule8. Visit https://securityweekly.com/capsule8 to learn more about them! To register for Capsule8's upcoming webcast "Preparing Linux Hosts for Unexpected Threats" visit https://attendee.gotowebinar.com/register/105614510334...