Preview Mode Links will not work in preview mode

Application Security Weekly (Audio)

Jan 31, 2023

A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool

 

We talk with Dr. David Movshovitz about There Is No Average Behavior!

Segment Resources:

White paper:


Jan 24, 2023

Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022 Developers write code. Ideally, secure code. But what do we mean by secure code? What should secure code...


Jan 10, 2023

Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust

 

This segment will discuss options for protecting your APIs. First, why protect them? Second, what are...


Jan 3, 2023

How do you mature a team responsible for securing software? What are effective ways to prioritize investments? We'll discuss a set of posts on building talent, building capabilities, and what mature teams look like.

Segment resources:

- https://securing.dev/categories/essentials/

 

Metrics for building a security...


Dec 13, 2022

FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against machine learning systems and AIs like ChatGPT

 

Threat modeling is an important part of a security program, but as companies grow you will choose which features you want to...