ASW #220 - Daniel Krivelevich - podcast episode cover

ASW #220 - Daniel Krivelevich

Application Security Weekly (Audio)
Nov 15, 20221 hr 28 min
--:--
--:--
Listen in podcast apps:
Metacast
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews

 

Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- “CI/CD Goat”. Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures.

Segment Resources:

- https://www.cidersecurity.io/top-10-cicd-security-risks/

- https://github.com/cider-security-research/top-10-cicd-security-risks

- https://www.cidersecurity.io/blog/research/ci-cd-goat/

- https://github.com/cider-security-research/cicd-goat

 

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

 

Show Notes: https://securityweekly.com/asw220

For the best experience, listen in Metacast app for iOS or Android
Open in Metacast
ASW #220 - Daniel Krivelevich | Application Security Weekly (Audio) podcast - Listen or read transcript on Metacast