Application Security Weekly (audio)

This week, we welcome Sundar Krish, CEO & Co-Founder at Sken.ai, to talk about DevOps-First Application Security For Mid-Markets! In the Application Security News, The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer, ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks, Control Flow Guard for Clang/LLVM and Rust, Fuzzing Services Help Push Technology into DevOps Pipeline, and 7 Things to Make DevSecOps a Reality!   Show Notes: https://wiki.securityweekly.com/asw119 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Cesar Rodriguez, Head of Developer Advocacy at Accurics, to discuss Immutable Security For Immutable Infrastructure! In the Application Security News, Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, Re VoL TE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware Boundaries Define Platform Security, How to make your security team more business savvy, and more!   Show Notes: https://wiki.securityweekly.com/asw118 Visit https://securityweekly.com/accurics to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, it's Security Weekly Virtual Hacker Summer Camp 2020! In our first segment, we welcome Mike Rothman, President at DisruptOps, to discuss: How Does Sec Live In A DevOps World? In the Application Security News, Using Amazon GuardDuty to Protect Your S3, OkCupid Security Flaw Threatens Intimate Dater Details, Florida teen charged as mastermind in Twitter hack hitting Biden, Bezos, and others, Sandboxing and Workload Isolation, and Microsoft to remove all SHA-1 Windows downloads next week!   Show Notes: https://wiki.securityweekly.com/asw117 Try it out free of charge and experience the future of security operations. Visit https://disruptops.com/free-evaluation/   Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome John Matherly, Founder of Shodan, to talk about Fixing Vulnerabilities Effectively & Efficiently! In the Application Security News, TaskRouter JS SDK Security Incident, Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability, An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices, Towards native security defenses for the web ecosystem, and more!   Show Notes: https://wiki.securityweekly.com/asw116 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Kris Rajana, President and CTO at Biarca, and Bhasker Nallapothula, Director of Engineering at Biarca, to talk about Cloud Security Posture Management & Governance! In the Application Security News, SIGRed Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers, Introducing Google Cloud Confidential Computing with Confidential VMs, Internet of Things devices: Stick to these security rules or you could face a ban, Google Cloud Unveils 'Confidential VMs' to Protect Data in Use, and more!   Show Notes: https://wiki.securityweekly.com/asw115 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Judy Ngure, Cybersecurity Engineer at Africastalking, to talk about DevSecOps! In the Application Security News, Microsoft OneDrive client for Windows Qt QML module hijack, Zero-day flaw found in Zoom for Windows 7, Protecting your remote workforce from application-based attacks like consent phishing, Verizon Media, PayPal, Twitter Top Bug-Bounty Rankings, Mozilla suspends Firefox Send service while it addresses malware abuse, and Stop Talking About Technical Debt!   Show Notes: https://wiki.securityweekly.com/ASWEpisode114 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Catherine Chambers and Will Hickie from Irdeto, to discuss Protecting Mobile Applications! In the Application Security News, Would you like some RCE with your Guacamole?, Attackers Will Target Critical PAN-OS Flaw, Security Experts Warn, Microsoft releases emergency security update to fix two bugs in Windows codecs, The Current State of Kubernetes Threat Modelling, and How To Build a Culture of Resilience Through Good Habits!   Show Notes: https://wiki.securityweekly.com/ASWEpisode113 To download the white paper, visit: https://securityweekly.com/irdeto   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Cesar Rodriguez, Head of Developer Advocacy at Accurics, to talk about Using IaC to Establish And Analyze Secure Environments! In the Application Security News, DLL Hijacking at the Trend Micro Password Manager, Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms, The State of Open Source Security 2020, Microservices vs. Monoliths: Which is Right for Your Enterprise?, What Modern CI/CD Should Look Like, and Build trust through better privacy!   Show Notes: https://wiki.securityweekly.com/ASWEpisode112 To learn more about Accurics, visit: https://securityweekly.com/accurics   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  

This week, we welcome Michelle Dennedy, CEO of DrumWave, to discuss Data Mapping & Data Value Journey! In the Application Security News, CallStranger hits the horror trope where the call is coming from inside the house, SMBleedingGhost Writeup expands on prior SMB flaws that exposed kernel memory, Misconfigured Kubeflow workloads are a security risk, Verizon Data Breach Investigations Report, and more!   Show Notes: https://wiki.securityweekly.com/ASWEpisode111 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Phillip Maddux, Sr. Technical Account Manager at Signal Sciences, to talk about The Future State of AppSec! In the Application Security News, Two vulnerabilities in Zoom could lead to code execution, Zero-day in Sign in with Apple, Focus on Speed Doesn t Mean Focus on Automation, Apple pushes fix across ALL devices for unc0ver jailbreak flaw, and more!   Show Notes: https://wiki.securityweekly.com/ASWEpisode110 To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we speak with John Chirhart, Customer Experience Engineer at Google Cloud, to discuss How to Prevent Account Takeover Attacks! In our second segment, we welcome Catherine Chambers, Senior Product Manager at Irdeto, to talk about why Apps Are the New Endpoint!   Show Notes: https://wiki.securityweekly.com/ASWEpisode109 To learn more about Irdeto, visit: https://securityweekly.com/irdeto To learn more about Google Cloud and reCAPTCHA, visit: https://securityweekly.com/recaptcha   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jack Zarris, Senior Sales Engineer at Signal Sciences, to talk about Using Rate Limiting to Protect Web Apps and APIs! In our second segment, we welcome Tim Mackey, Principal Security Strategist at Synopsys, to discuss the Highlights From the New Open Source Security and Risk Analysis Report!   Show Notes: https://wiki.securityweekly.com/ASWEpisode108 To learn more about Synopsys, visit: https://securityweekly.com/synopsys To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Joe Garcia, DevOps Security Engineer at CyberArk, to discuss How Can Security Work TOGETHER, Not Against, Developers! In the Application Security News, Cloud servers hacked via critical SaltStack vulnerabilities, Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected, Mitigating vulnerabilities in endpoint network stacks, Microsoft Shells Out $100K for IoT Security, and Secure your team s code with code scanning and secret scanning!   Show Notes: https://wiki.securityweekly.com/ASWEpisode107 To learn more about CyberArk, visit: https://securityweekly.com/cyberark   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Gareth Rushgrove, Director of Product Management at Snyk, to talk about Modern Application Security and Container Security! In the Application Security News, Psychic Paper demonstrates why a lack of safe and consistent parsing of XML is disturbing, Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams, Salt Bugs Allow Full RCE as Root on Cloud Servers, and Love Bug's creator tracked down to repair shop in Manila!   Show Notes: https://wiki.securityweekly.com/ASWEpisode106 To learn more about Snyk, visit: https://securityweekly.com/snyk Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Avi Douglen, Founder and CEO of Bounce Security, to talk about Threat Modeling in Application Security, DevSecOps, and how Application Security is mapping Security culture! In the Application Security News, Nintendo Confirms Breach of 160,000 Accounts via a legacy endpoint, NSA shares list of vulnerabilities commonly exploited to plant web shells, Code Patterns for API Authorization: Designing for Security, Health Prognosis on the Security of IoMT Devices? Not Good, and 8 Tips to Create an Accurate and Helpful Post-Mortem Incident Report!   Show Notes: https://wiki.securityweekly.com/ASWEpisode105 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Rebecca Black, Senior Staff Application Security Engineer at Avalara, to talk about Building an AppSec Ecosystem! This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A process for anticipating cyber attacks!   Show Notes: https://wiki.securityweekly.com/ASWEpisode104 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Brad Geesaman, Co-Founder of Darkbit, to talk about Making Kubernetes a Hostile Place for Attackers! In the Application Security News, Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit, How we abused Slack's TURN servers to gain access to internal services, Moving from reCAPTCHA to hCaptcha, Automate Security Testing with ZAP and GitHub Actions, Shift-Right Testing: The Emergence of TestOps, and Building Secure and Reliable Systems!   Show Notes: https://wiki.securityweekly.com/ASWEpisode103 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Grant Ongers, Co-Founder of Secure Delivery, to discuss why "You re (probably) Doing AppSec Wrong"! In the Application Security News, Zoom is gaining lots of attention for flaws, Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak, 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope, and more!   Show Notes: https://wiki.securityweekly.com/ASWEpisode102 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Adam Hughes, Chief Software Architect at Sylabs Inc., to discuss Singularity: A Different Take on Container Security! In the second segment, we welcome Utsav Sanghani, Senior Product Manager at Synopsys, to discuss Why combining SAST and SCA in your IDE produces higher quality, secure software faster!   To learn more about Synopsys, visit: https://securityweekly.com/synopsys Show Notes: https://wiki.securityweekly.com/ASWEpisode101   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Clint Gibler, Research Director at NCC Group, to discuss DevSecOps and Scaling Security! In the Application Security News, Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open-source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)!   Show Notes: https://wiki.securityweekly.com/ASWEpisode100 Visit https://www.securityweekly.com/asw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly