Preview Mode Links will not work in preview mode

Application Security Weekly (Audio)

Dec 13, 2022

FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against machine learning systems and AIs like ChatGPT

 

Threat modeling is an important part of a security program, but as companies grow you will choose which features you want to...


Dec 6, 2022

Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety in Android

 

Finding the balance between productivity and security is...


Nov 29, 2022

Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team

 

MongoDB recently announced the industry’s first encrypted search scheme using breakthrough cryptography engineering called Queryable Encryption. This...


Nov 15, 2022

CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews

 

Cider Security’s recently published research of the Top 10...


Nov 8, 2022

While APIs enable innovation, they’re increasingly targeted as a pathway to data. API abuses are often carried out through automated attacks, in which a botnet floods the API with unwanted traffic—seeking vulnerable applications and unprotected data. In this discussion, Karl Triebes shares what you need to know...