Application Security Weekly (Video)
580 episodes - English - Latest episode: 5 days ago - ★★★★ - 5 ratingsThe Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.
Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
BBPLR, API Security Trends, Memory Unsafety, & Patching 0-Days - ASW #139
February 09, 2021 10:00 - 30 minutes - 141 MB VideoFunding bounties or finding bugs, how should we invest? Talks from Enigma Conference on memory unsafety and 0-days. Coming trends in API security and a review of research from 2020. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw139
Being a Serial Entrepreneur, Business Leader, & Hacker - Alissa Knight - ASW #139
February 08, 2021 22:00 - 38 minutes - 175 MB VideoAlissa Knight has spent her career going against industry and social norms as both a Transgendered and Lesbian business leader and hacker. Learn more about her, her achievements as a published author, her recent vulnerability research in hacking law enforcement vehicles, mHealth apps and APIs, her recent screenplay for her new TV series, her life as a hacker, and barriers she's broken down in business. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: ...
Sudo Vuln, Libgcrypt, BlastDoor on iMessage, & AWS Lambda security - ASW #138
February 02, 2021 10:00 - 32 minutes - 149 MB VideoThis week in the Application Security News, Sudo sure does, Libgcrypt flaw, iMessage demonstrates security by design, AWS Lambda shares a message on its design security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw138
Groundhog Day - It's Time to Reset the Script on Vulnerabilities - John Delaroderie - ASW #138
February 01, 2021 22:00 - 35 minutes - 163 MB VideoIn honor of the movie Groundhog Day, John will take a look at the top 10 most routinely exploited vulnerabilities through a web app security lens. This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw138
KindleDrip, State of Messaging State Machines, DoH, & Data Security Strategies - ASW #137
January 26, 2021 10:00 - 38 minutes - 178 MB VideoAn overflow and a flawed regex paint an RCE picture for Kindle, messaging apps miss the message on secure state machines, three pillars of a data security strategy for the cloud, where DoH might fit into appsec, and all the things that can go wrong when you give up root in your Kubernetes pod. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw137
Reading Industry Analyst Tea Leaves To Predict The Future - Taylor McCaslin - ASW #137
January 25, 2021 22:00 - 31 minutes - 146 MB VideoIt's analyst season with the new Forrester Wave on SAST recently published as well as Gartner's Application Security Testing Magic Quadrant publishing in April. We'll talk about what are analyst reports, how should you use them, and how should you interpret placement on them as I like to call it, reading the analyst tea leaves. This segment is sponsored by GitLab. Visit https://securityweekly.com/GitLab to learn more about them! Visit https://www.securityweekly.com/asw for all th...
Google 2FA Cloning, Speed vs. Security, & "Hack The Army" Bug Bounty 3.0 - ASW #136
January 12, 2021 10:00 - 31 minutes - 142 MB VideoSignificant source code leak from misconfigured repo, side-channel attack on hardware authentication keys, a third bug bounty for the U.S. Army, the cost of poor software quality, the benefits of DevOps approaches to building systems. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw136
Fuzz Testing - Andrei Serban - ASW #136
January 11, 2021 22:00 - 36 minutes - 165 MB VideoFuzzing can be successful appsec strategy for finding software bugs. And deploying a fuzzer no longer needs to be a cumbersome process. Find out how fuzzing can help secure software beyond just memory safety issues and what the future holds for making this strategy more effective for modern apps. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw136
Kubernetes Clusters, Microsoft Solarigate, & Apple's Security DIY - ASW #135
January 05, 2021 10:00 - 32 minutes - 148 MB VideoMicrosoft purges malicious SolarWinds presence and highlights a threat model around their source code, the tl;drsec crew provides a hardening guide for Kubernetes, Apples provides a user guide for hardening accounts, Firefox provides a new storage system to defeat side channel abuse. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw135
Security By Design - ASW #135
January 04, 2021 22:00 - 35 minutes - 164 MB VideoA premise of adding security to DevOps is we can "shift left" AppSec responsibilities, one of which is building apps so they're secure by design. Yet what resources does the AppSec community provide for this approach to design? We take a look at the OWASP Top 10, Web Security Testing Guide, and Application Security Verification Standard to find a way forward for DevOps teams. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/...
Atheris Python Fuzzer, Bronze Bit Attack, & FireEye Highlights - ASW #134
December 15, 2020 10:00 - 36 minutes - 165 MB VideoFireEye shares supply chain subterfuge, researchers show repeated mistakes in TCP/IP stacks, Google open sources Python fuzzing, Cisco and Microsoft patch their patches for vulns in Jabber and printer modules. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw134
Freedom From Computing Environments - Ev Kontsevoy - ASW #134
December 14, 2020 22:43 - 38 minutes - 176 MB VideoWe built OSS Teleport to provide a Unified Access Plane that consolidates access controls and auditing across all environments - infrastructure, applications, and data. This segment is sponsored by TelePort. Visit https://securityweekly.com/teleport to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw134
Google Play Bug, GitHub, iPhone Radio Reboots, & Docker Hub Vulns - ASW #133
December 08, 2020 10:00 - 32 minutes - 150 MB VideoAn old security bug in the Play library still affects 8% of apps in Google Play, Project Zero researcher spends six months to reboot an iPhone (in an epic manner), GitHub looks at the security of repos within its Octoverse, the OWASP Web Security Testing Guide gets a minor bump, and XS-Leaks get more attention. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw133
Security Web Applications Against Modern Threats - John Delaroderie, Mike Manrod - ASW #133
December 07, 2020 22:14 - 32 minutes - 151 MB VideoMike Manrod, CISO of Grand Canyon University, joined by John Delaroderie, Security Solutions Architect at Qualys, will discuss his approach to web application security with an emphasis on improving knowledge of web application vulnerabilities and the external attack surface, and his approach to reducing the number of opportunities an attacker has to compromise our information and infrastructure. This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more ...
Top CyberSec Skills for 2021, Xbox Gamertag Bug, & MobileIron RCE Flaw - ASW #132
December 01, 2020 10:00 - 30 minutes - 142 MB VideoXbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw132
Security Decisions During Application Development - Tim Mackey - ASW #132
November 30, 2020 22:00 - 37 minutes - 172 MB VideoThe security of any application is a function of the decisions made during development. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app. This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: http...
Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper - ASW #131
November 24, 2020 10:00 - 31 minutes - 146 MB VideoIn the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw131
Threat Modeling Deep Dive - ASW #131
November 23, 2020 22:00 - 32 minutes - 148 MB VideoWe threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models? Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw131
'Platypus' Attack, IDOR DOD Bug, & 2 More Chrome 0-Days - ASW #130
November 17, 2020 10:00 - 31 minutes - 144 MB VideoIn the Application Security News, The Platypus Attack Threatens Intel SGX, a Revitalized Attack Makes for Sad DNS, Bug Hunter Hits DOD With an IDOR, Steps for Devops, Testing in Prod, Two More Chrome Bugs, and Open Source K8s Tools From Capital One! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw130
Automated Hacker Knowledge - Rickard Carlsson - ASW #130
November 16, 2020 22:00 - 34 minutes - 160 MB VideoIn a fast-paced tech environment, keeping up with security research can be overwhelming for companies. Automation is a must to keep up - but you also need human ingenuity to make sure automation adds value and not noise. Combining software automation with the knowledge of elite hackers is the key to ensure both speed and relevance. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/asw ...
Security Is a Feature - Keith Hoodlet - ASW #129
November 10, 2020 10:00 - 41 minutes - 65.1 MB VideoWhat does it take to manage security teams and security initiatives? Find out the importance of people in security, whether it's keeping a team engaged or encouraging a team to rethink how they approach security. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw129
China's Top Hacking Contest, GitHub Actions, & Vulnonym - ASW #129
November 09, 2020 22:00 - 34 minutes - 158 MB VideoChina's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software from multiple vendors, and CVE naming turns into wibbly wobbly timey wimey stuff! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw129
Lax IoT, Adobe Flash Croaks, Link Preview Vulns, & Security Theatre! - ASW #128
November 03, 2020 10:00 - 33 minutes - 153 MB VideoLax IoT security exposes smart-irrigation systems, Adobe Flash goes truly end of line in one last update, confidential computing gets a turbo boost with Nitro, link previews show security and privacy problems, and security theatre gets an encore! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw128
Azure App Service & Cloud-Native Signal Sciences Deployments - Alfred Chung - ASW #128
November 02, 2020 22:00 - 35 minutes - 162 MB VideoDiscussing what enterprises have to do while adapting legacy apps in to Azure, while doing in a secure, steady way without leaving any gaps. Signal Sciences site extension makes sure your apps are covered across the board, and will protect any app in Azure. This segment is sponsored by Signal Sciences. Visit https://securityweekly.com/signalsciences to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityw...
Cyber Risk in Industrial IoT, Firefox 'Site Isolation', & Chrome 0-Day Bug - ASW #127
October 27, 2020 09:00 - 35 minutes - 165 MB VideoNSA publishes list of top vulnerabilities currently targeted by Chinese hackers, Nvidia Warns Gamers of Severe GeForce Experience Flaws, Addressing cybersecurity risk in industrial IoT and OT, Firefox 'Site Isolation' feature enters user testing, expected next year, Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser, and Exit Stage Left: Eradicating Security Theater! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityw...
Cyber Resiliency Through Self-Healing Cloud Infrastructure - Cesar Rodriguez - ASW #127
October 26, 2020 21:00 - 34 minutes - 159 MB VideoWith the increased development velocity in cloud environments, cyber resilience is now more important than ever. To achieve cyber resiliency, security needs to be codified through the development life-cycle and security controls need to be implemented through self-healing infrastructure. This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: http...
Windows "Ping of Death", SonicWall VPN RCE , & MediaTek BootROM Glitch - ASW #126
October 20, 2020 09:00 - 31 minutes - 146 MB VideoPatch Your Windows - “Ping of Death” bug revealed, 800,000 SonicWall VPNs vulnerable to remote code execution bug, T2 Exploit Team Creates Cable That Hacks Mac, Zoom Rolling Out End-to-End Encryption, and 'BleedingTooth' Bluetooth flaw! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw126
The Future of Application Security Testing (AST) - Taylor McCaslin - ASW #126
October 19, 2020 21:00 - 35 minutes - 163 MB VideoJoin Taylor McCaslin, Security Product Manager at GitLab to discuss current trends in the application security testing industry. We'll chat about where the industry is at today and discuss advances in the field and what the future might hold. We've seen an explosion of security offerings from traditional security testing vendors to general source code management platforms, we'll discuss current pain points and opportunities for developers, security experts, and executives navigating all thes...
Fortinet SIEM RCE, Facebook Bug Bounty, & Anti-Virus Vulnerabilities - ASW #125
October 13, 2020 09:00 - 30 minutes - 140 MB VideoRedefining Impossible: XSS without arbitrary JavaScript, API flaws in an "unconventional" smart device, Facebook Bug Bounty Announces "Hacker Plus", Anti-Virus Vulnerabilities, and Chrome Introduces Cache Partitioning! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw125
Application Security Best Practices - James Manico - ASW #125
October 12, 2020 21:00 - 40 minutes - 186 MB VideoManaging passwords is a critical developer task. Developers tasked with building or augmenting legacy authentication systems have a daunting task when facing modern adversaries. This session will review some of the changes suggested in NIST SP800-63b the "Digital Identity Guideline on Authentication and Lifecycle Management regarding password policy". Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw125
DOMOS 5.8 OS Command Injection, API Shield, & TRB245 Vulnerabilities - ASW #124
October 06, 2020 09:00 - 36 minutes - 166 MB VideoDOMOS 5.8 - OS Command Injection, 4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies, Google sets up research grant for finding bugs in browser JavaScript engines, Announcing the launch of the Android Partner Vulnerability Initiative, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw124
Things Every Developer Should Know About Security - Chris Romeo - ASW #124
October 05, 2020 21:00 - 35 minutes - 164 MB VideoDevelopers are at the center of properly securing applications. A large number of security issues bury developers. We must understand the things every developer must know about security in order to help them. We must practice developer empathy, walking a mile in their shoes. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw124
Bypassing TikTok's MFA, Instragram RCE, & Chrome Security Updates - ASW #123
September 29, 2020 09:00 - 28 minutes - 133 MB Video6 Things to Know About the Microsoft 'Zerologon' Flaw, You can bypass TikTok's MFA by logging in via a browser, Instagram RCE: Code Execution Vulnerability in Instagram App for Android and iOS, Shopify discloses security incident caused by two rogue employees, and Microsoft Advances DevOps Agenda! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw123
The Difference Between Finding Vulns & Securing Apps - ASW #123
September 28, 2020 21:00 - 34 minutes - 159 MB VideoThere's a big difference between finding vulns and securing apps. When we hear the phrase "shift left", what are we actually shifting? Maybe there's something more that security can learn when we look at the vulns popularized by the OWASP Top 10 and the major breaches DevOps teams are dealing with in cloud environments. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw123
Project OneFuzz, Bluetooth Spoofing Bug, & Safeguarding Secrets - ASW #122
September 22, 2020 09:00 - 32 minutes - 149 MB VideoMicrosoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale, Bluetooth Spoofing Bug Affects Billions of IoT Devices, Firefox bug lets you hijack nearby mobile browsers via WiFi, Safeguarding Secrets Within the Pipeline, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw122
Visualizing & Detecting Threats For Your Custom Application - Justin Massey - ASW #122
September 21, 2020 21:00 - 40 minutes - 187 MB VideoApplication logs are critical to DevOps teams for monitoring the performance and health of their apps. Those same logs are just as critical to understanding the security of apps, whether detecting attacks or responding to them. So, it's important that app logs contain the information needed for teams to collect useful signals and make informed decisions. This segment is sponsored by Datadog. Visit https://securityweekly.com/datadog to learn more about them! Visit https://www.secu...
RCE via BACKBLAZE, Microsoft Patch Tuesday, & CRYLOGGER - ASW #121
September 15, 2020 09:00 - 36 minutes - 168 MB VideoBLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys, Microsoft Patch Tuesday, Sept. 2020 Edition, XSS->Fix->Bypass: 10000$ bounty in Google Maps, Academics find crypto bugs in 306 popular Android apps, none get patched, using CRYLOGGER to detect crypto misuses dynamically, Remote Code Execution as SYSTEM/root via Backblaze, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw121
The People & Process of DevOps - Frank Catucci - ASW #121
September 14, 2020 21:00 - 36 minutes - 168 MB VideoDeveloper friendly appsec; the people, process and culture of DevSecOps. The basics for some and struggles for others. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw121
GitHub to Ruby 2.7, CISO Success, & Lessons From Uber - ASW #120
September 01, 2020 09:00 - 34 minutes - 156 MB VideoA Tale of Escaping a Hardened Docker container, Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform, Upgrading GitHub to Ruby 2.7, Upgrading GitHub to Ruby 2.7, Redefining What CISO Success Looks Like, and Lessons from Uber: Be crystal clear on the law and your bug bounty policies! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw120
Detecting Threats & Avoiding Misconfigs In The Cloud-Age - Marc Tremsal - ASW #120
August 31, 2020 21:00 - 37 minutes - 171 MB VideoWhat are challenges for companies moving to the cloud in forms of security? Marc Tremsal, Director of Product Management - Security at Datadog, will discuss these challenges and how he helps security teams overcome them throughout their cloud transformation. This segment is sponsored by Datadog. Visit https://securityweekly.com/datadog to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw120
ATM Attacks, gcploit, & ClusterFuzz - ASW #119
August 25, 2020 09:00 - 33 minutes - 153 MB VideoThe Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer, ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks, Control Flow Guard for Clang/LLVM and Rust, Fuzzing Services Help Push Technology into DevOps Pipeline, and 7 Things to Make DevSecOps a Reality! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw119
DevOps-First Application Security For Mid-Markets - Sundar Krish - ASW #119
August 24, 2020 21:00 - 35 minutes - 160 MB VideoMid-markets do have AppSec expertise, the current AppSec products are focused on large enterprises and require AppSec expertise. Sken.ai is the new and the only AppSec scan tool, focused on mid-markets where DevOps can get started without any AppSec expertise. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw119
AWS S3 Crypto SDK, ReVoLTE Attack, & Microsoft Bug Bounties - ASW #118
August 18, 2020 09:00 - 32 minutes - 150 MB VideoMicrosoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware Boundaries Define Platform Security, How to make your security team more business savvy, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw118
Immutable Security For Immutable Infrastructure - Cesar Rodriguez - ASW #118
August 17, 2020 21:00 - 34 minutes - 159 MB VideoCesar will demonstrate breach path prediction as well as other features. This segment is sponsored by Accurics. Visit https://securityweekly.com/accurics to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw118
SWVHSC: Amazon GuardDuty, Sandboxing & Workload Isolation, & No More SHA-1 - ASW #117
August 04, 2020 21:00 - 29 minutes - 137 MB VideoUsing Amazon GuardDuty to Protect Your S3, OkCupid Security Flaw Threatens Intimate Dater Details, Florida teen charged as “mastermind” in Twitter hack hitting Biden, Bezos, and others, Sandboxing and Workload Isolation, and Microsoft to remove all SHA-1 Windows downloads next week! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw117
SWVHSC: How Does Sec Live In A DevOps World? - Mike Rothman - ASW #117
August 04, 2020 09:00 - 33 minutes - 155 MB VideoAs you go full DevSecOps, where does that leave security operations? Who makes changes that are required? How do you empower (or deputize) app folks or ops folks (DevOps) to make those operational changes? What kind of tooling is going to meet the need for that requirement? DisruptOps puts the concepts into action, empowering developers and ops folks to make the needed security changes quickly, consistently and within the tools they use for their daily tasks. Try it out free of charge ...
TaskRouter JS SDK, EL1/EL3 Vulnerability, & 234 Alexa Skills Store Violations - ASW #116
July 28, 2020 09:00 - 33 minutes - 151 MB VideoTaskRouter JS SDK Security Incident, Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability, An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices, Towards native security defenses for the web ecosystem, Academics smuggle 234 policy-violating skills on the Alexa Skills Store, Apple Security Research Device Program, and What is DevSecOps? Why it's hard to do well! Visit https://www.security...
Fixing Vulnerabilities Effectively & Efficiently - John Matherly - ASW #116
July 27, 2020 21:00 - 34 minutes - 158 MB VideoWhat does it take to fix vulns effectively and efficiently? There's no lack of vulns identified from bug bounties and vuln reporting programs, but not every vuln needs the same attention and not every vuln gets the attention it deserves. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/asw116
SIGRed RCE, Google Cloud 'Confidential VMs', & Twitter Hack Crypto Scam - ASW #115
July 21, 2020 09:00 - 35 minutes - 166 MB VideoThis week, SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more! Show Notes: https://wiki.securityweekly.com/asw115 Visit https://www.securityweekly.com/asw for all the latest episodes!
Cloud Security Posture Management & Governance - Bhasker Nallapothula, Kris Rajana - ASW #115
July 20, 2020 21:00 - 40 minutes - 63.2 MB VideoDigital transformation is taking the IT industry by storm. As the pace of adoption of public cloud increases, security posture management and governance is usually not top of the mind of cloud engineering teams. Cost of leaving the misconfiguration undetected and not rectified sure adds up and what to say about compromise to reputation. Biarca Patrol grew organically in close collaboration with our customers to address this gap. Biarca Patrol is now being offered widely. Show Notes: ht...