Application Security Weekly (audio)

This week, we welcome Thomas Hatch, the creator of the Salt open source software project, and is the CTO of SaltStack, the company behind Salt! In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file it wants, Confluence Path traverses to RCE, another Local PrivEsc on Windows, easier sandboxing for C and C++ APIs, and Computer Science plus Ethics!   To learn more about SaltStack, visit: https://securityweekly.com/saltstack Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

This last week was pretty busy with announcements and presentations from the Google Next Conference. In 2018 they previewed some security tools and this year many of them are now GA along with a lot of other developer-focused services. In the news, 3D fingerprints and unlocking Android, Ticking off another command injection, Alexa, audio, and annotations, STS no longer just for HTTP, and Hardenize goes beyond TLS. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome Loris Degioanni from Sysdig to discuss their open source container native runtime security project called Falco! In the News segment, The Matrix turns 20, Containers are Weakest Security Leak Again, The Evolution of Application Security in the Serverless World, and more! To learn more about Sysdig, visit: https://securityweekly.com/sysdig Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly

This week, we welcome Mike Shema, Product Security Lead of Square! Mike joins us on the show to talk about where the wins and challenges are in AppSec! In the Application Security News, XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover, The RedMonk Programming Language Rankings: January 2019, I Deleted Facebook Last Year; Here's What Changed (and What Didn't), CommitStrip: Over-excited, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode55 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jamie Duncan, a recovering history major who has been at Red Hat for just over 7 years! Beginning with his role as a TAM, his focus has increasingly centered on the operations-oriented features of OpenShift, including the May 2018 publication of OpenShift In Action by Manning Publishing. Jamie has had this discussion with customers, OpenShift advocates, and technology fans on multiple continents to date. In the Application Security News, Owner of MAGA-Friendly Yelp Knockoff Threatens to Call FBI After Researcher Exposes Security Holes, Chinese Data Breach Exposes 'Breed Ready' Status Of Almost 2 Million Women, Dozens of companies leaked sensitive data thanks to misconfigured Box accounts, DARPA Is Building a $10 Million, Open Source, Secure Voting System, and much more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode54 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.

This week, Keith and Paul discuss the structure and experiences of 2019's RSA Conference! In the Application Security News, WordPress accounted for 90 percent of all hacked CMS sites in 2018, Japanese police charge 13-year-old for sharing 'unclosable popup' prank online, Facebook exploit – Confirm website visitor identities, NSA's top policy advisor: It's time to start putting teeth in cyber deterrence, study shows programmers will take the easy way out and not implement proper password security, and the CommitStrip for the week on Why check for incognito mode?   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode53 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, many websites threatened by highly critical code-execution bug in Drupal, UK parliament calls for antitrust, data abuse probe of Facebook, CommitStrip: Get rich quick, Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret', and more! In our second segment, we welcome Matt Springfield, is the Founder of 12Feet, Inc., an information security consulting firm based in the Dallas area! Matt has more than 23 years of information security experience spanning operations, architecture and consulting with a focus on large scale retail and service provider environments!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode52 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Matt and Paul interview Gurpreet S. Sachdeva, the Assistant Vice President of Technology for Altran! Gurpreet will be discussing "Integrating Security into DevOps"! In the Application Security News, A PNG Android Vulnerability, 620 million stolen accounts for sale on the dark web, how shifting security left speeds development, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Paul is joined by Joff Thyer to interview Tim Eades, CEO of vArmour, to talk about basic flow of problem, solution, and value! In the Application Security News, many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul discuss the current state of privacy and software development! They discuss how Facebook pays teens to install VPN that spies on them, how Apple blocks Facebook from running its internal iOS apps, and more! In the Application Security News, Three UK customer details exposed in homepage blunder, Microsoft cloud services see global authentication outage, the age of surveillance capitalism, the rise of DevXOps, and much more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul start the show with the Application Security News, discussing concerns about WordPress’ new “White Screen of Death”, Google Chrome changes could ‘destroy’ ad-blockers, Mozilla is adding and ad-blocker to Firefox Focus 9.0, websites can steal browser data via extensions APIs, and a Fortnite security issue would have granted hackers access to accounts! In the second segment, Keith and Paul interview Jing Xie, Product Manager at Venafi, to talk about Static Analysis, Secure Code Signing, and more!!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week on Application Security Weekly, Matt Alderman takes the reigns and is joined by Co-Host James Wickett, who is the Head of Research at Signal Sciences! They talk about the human element of application security training and testing! In the Application Security News, Oracle patches 284 vulnerabilities, a bug in Twitter Android app exposed protected tweets, four tips for better API Security in 2019, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Rey Bango, Security Advocate for Microsoft! Rey is focused on helping the community build secure systems & being a voice for researchers within MS! In the Application Security News, Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Ken Johnson, Application Security Engineer at GitHub! Ken joins us to discuss approaching AppSec the right way, "running a scanner without context", getting the right context/importance of context, and how to figure what's real and what's legit! In the Application Security News, Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Harry Sverdlove, CTO and Founder of Edgewise! Harry joins us to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more! In the Application Security News, Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 To get involved with Edgewise, go to: https://www.edgewise.net/securityweekly   Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! Visit our website: https://www.securityweekly.com   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Follow us on Twitter: ht

This week, Keith and Paul interview Chris Elgee, the Technical Engineer at Counter Hack Challenges! Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it’s been working on the challenge vs. playing it, and more! In the Application Security News, Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Aleksei Tiurin, Senior Security Researcher at Acunetix! Aleksei joins Keith and Paul this week for a Technical Segment on reverse proxies using WebLogic, Nginx, and Tomcat! In the Application Security News, hackers are opening SMB ports on routers to infect PC’s with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer infrastructure is insanely easy, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 To learn more about Acunetix, go to: www.acunetix.com/securityweekly   Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Brent Dukes! Brent is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more! In the Application Security News, Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Follow us on Twitter: https://www.twitter.com/securityweekly

This week, Keith and Paul interview John Kinsella, Vice President of Container Security at Qualys! John discusses Qualys’ Container Security, continuous discovery, and tracking for containers and images! In the Application Security News, Instagram leaks passwords to the public, Clickjacking on Google MyAccount Worth $7,500, James Wickett's thread on Open Source SAST options, an advanced search tool for sensitive information stored in GitHub repos, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Brian Kelly, Head of Conjur Engineering at CyberArk! Brian focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems. In the Application Security News, DJI Drone Vulnerability, Hackers are increasingly destroying logs to hide attacks, Adobe ColdFusion servers under attack from APT group, understanding Open Source Code use in your business, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39 To learn more about Conjur, go to: www.conjur.org/asw   Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly