Preview Mode Links will not work in preview mode

Application Security Weekly (Audio)


Nov 15, 2022

CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews

 

Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- “CI/CD Goat”. Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures.

Segment Resources:

- https://www.cidersecurity.io/top-10-cicd-security-risks/

- https://github.com/cider-security-research/top-10-cicd-security-risks

- https://www.cidersecurity.io/blog/research/ci-cd-goat/

- https://github.com/cider-security-research/cicd-goat

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

Show Notes: https://securityweekly.com/asw220