This week, we welcome Michelle Dennedy, CEO of DrumWave, to discuss Data Mapping & Data Value Journey! In the Application Security News, CallStranger hits the horror trope where the call is coming from inside the house, SMBleedingGhost Writeup expands on prior SMB flaws that exposed kernel memory, Misconfigured Kubeflow workloads are a security risk, Verizon Data Breach Investigations Report, and more! Show Notes: https://wiki.securityweekly.com/ASWEpisode111 Visit https://www.securityweekly...
Jun 15, 2020•1 hr 8 min
This week, we welcome Phillip Maddux, Sr. Technical Account Manager at Signal Sciences, to talk about The Future State of AppSec! In the Application Security News, Two vulnerabilities in Zoom could lead to code execution, Zero-day in Sign in with Apple, Focus on Speed Doesn t Mean Focus on Automation, Apple pushes fix across ALL devices for unc0ver jailbreak flaw, and more! Show Notes: https://wiki.securityweekly.com/ASWEpisode110 To learn more about Signal Sciences, visit: https://securityweekl...
Jun 09, 2020•1 hr 7 min
This week, we speak with John Chirhart, Customer Experience Engineer at Google Cloud, to discuss How to Prevent Account Takeover Attacks! In our second segment, we welcome Catherine Chambers, Senior Product Manager at Irdeto, to talk about why Apps Are the New Endpoint! Show Notes: https://wiki.securityweekly.com/ASWEpisode109 To learn more about Irdeto, visit: https://securityweekly.com/irdeto To learn more about Google Cloud and reCAPTCHA, visit: https://securityweekly.com/recaptcha Visit http...
Jun 01, 2020•1 hr 8 min
This week, we welcome Jack Zarris, Senior Sales Engineer at Signal Sciences, to talk about Using Rate Limiting to Protect Web Apps and APIs! In our second segment, we welcome Tim Mackey, Principal Security Strategist at Synopsys, to discuss the Highlights From the New Open Source Security and Risk Analysis Report! Show Notes: https://wiki.securityweekly.com/ASWEpisode108 To learn more about Synopsys, visit: https://securityweekly.com/synopsys To learn more about Signal Sciences, visit: https://s...
May 18, 2020•1 hr 12 min
This week, we welcome back Joe Garcia, DevOps Security Engineer at CyberArk, to discuss How Can Security Work TOGETHER, Not Against, Developers! In the Application Security News, Cloud servers hacked via critical SaltStack vulnerabilities, Samsung Confirms Critical Security Issue For Millions: Every Galaxy After 2014 Affected, Mitigating vulnerabilities in endpoint network stacks, Microsoft Shells Out $100K for IoT Security, and Secure your team s code with code scanning and secret scanning! Sho...
May 11, 2020•1 hr 10 min
This week, we welcome Gareth Rushgrove, Director of Product Management at Snyk, to talk about Modern Application Security and Container Security! In the Application Security News, Psychic Paper demonstrates why a lack of safe and consistent parsing of XML is disturbing, Beware of the GIF: Account Takeover Vulnerability in Microsoft Teams, Salt Bugs Allow Full RCE as Root on Cloud Servers, and Love Bug's creator tracked down to repair shop in Manila! Show Notes: https://wiki.securityweekly.com/AS...
May 04, 2020•1 hr 13 min
This week, we welcome Avi Douglen, Founder and CEO of Bounce Security, to talk about Threat Modeling in Application Security, DevSecOps, and how Application Security is mapping Security culture! In the Application Security News, Nintendo Confirms Breach of 160,000 Accounts via a legacy endpoint, NSA shares list of vulnerabilities commonly exploited to plant web shells, Code Patterns for API Authorization: Designing for Security, Health Prognosis on the Security of IoMT Devices? Not Good, and 8 T...
Apr 27, 2020•1 hr 6 min
This week, we welcome Rebecca Black, Senior Staff Application Security Engineer at Avalara, to talk about Building an AppSec Ecosystem! This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A process for anticipating cyber attacks! Show Notes: https://wiki.securityweekly.com/ASWEpisode104 Visit https://www.sec...
Apr 20, 2020•1 hr 11 min
This week, we welcome Brad Geesaman, Co-Founder of Darkbit, to talk about Making Kubernetes a Hostile Place for Attackers! In the Application Security News, Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit, How we abused Slack's TURN servers to gain access to internal services, Moving from reCAPTCHA to hCaptcha, Automate Security Testing with ZAP and GitHub Actions, Shift-Right Testing: The Emergence of TestOps, and Building Secure and Reliable Systems! Show Notes: https://wiki.securityw...
Apr 14, 2020•1 hr 12 min
This week, we welcome Grant Ongers, Co-Founder of Secure Delivery, to discuss why "You re (probably) Doing AppSec Wrong"! In the Application Security News, Zoom is gaining lots of attention for flaws, Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak, 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope, and more! Show Notes: https://wiki.securityweekly.com/ASWEpisode102 Visit ht...
Apr 06, 2020•1 hr 12 min
This week, we welcome Adam Hughes, Chief Software Architect at Sylabs Inc., to discuss Singularity: A Different Take on Container Security! In the second segment, we welcome Utsav Sanghani, Senior Product Manager at Synopsys, to discuss Why combining SAST and SCA in your IDE produces higher quality, secure software faster! To learn more about Synopsys, visit: https://securityweekly.com/synopsys Show Notes: https://wiki.securityweekly.com/ASWEpisode101 Visit https://www.securityweekly.com/asw for...
Mar 23, 2020•1 hr 12 min
This week, we welcome Clint Gibler, Research Director at NCC Group, to discuss DevSecOps and Scaling Security! In the Application Security News, Data of millions of eBay and Amazon shoppers exposed as another supply chain casualty, Announcing Bottlerocket, a new open-source Linux-based operating system purpose-built to run containers, and The DevOps Sweet Spot: Inserting Security at Pull Requests (Part 1)! Show Notes: https://wiki.securityweekly.com/ASWEpisode100 Visit https://www.securityweekly...
Mar 17, 2020•1 hr 12 min
This week, we welcome Guy Podjarny, Snyk's Founder and President! In the Application Security News, Revoking certain certificates on March 4 and Why 3 million Let s Encrypt certificates are being killed off today, Gandalf: An Intelligent, End-To-End Analytics Service for Safe Deployment in Large-Scale Cloud Infrastructure and slides, and CISOs Who Want a Seat at the DevOps Table Better Bring Value! Show Notes: https://wiki.securityweekly.com/ASWEpisode99 Visit https://www.securityweekly.com/asw ...
Mar 11, 2020•1 hr 14 min
This week, we welcome Dan Petit, to discuss his upcoming 2-day workshop at InfoSec World 2020! The workshop is a "deep survey" into all things DevSecOps. In the Application Security News, CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple s Safari and how this can drive secure DevOps behaviors, and 5 k...
Mar 03, 2020•1 hr 10 min
This week, live from RSAC 2020, we interview Chris Eng, Chief Research Officer at Veracode! Chris provides an update on Veracode including 2019 growth, new product announcements, Veracode Security Labs, and booth activities at RSA Conference 2020! In the RSAC Application Security News, 6 of the 10 vendors at Innovation Sandbox are application security companies, F5 Empowers Customers with End-to-End App Security, Checkmarx Simplifies Automation of Application Security Testing for Modern Developm...
Feb 26, 2020•1 hr 3 min
This week, we welcome Doug DePerry, Director of Defense at Datadog, to discuss Lessons Learned From The DevSecOps Trenches! In the Application Security News, SweynTooth: Unleashing Mayhem over Bluetooth Low Energy, RetireJS, What Is DevSecOps and How to Enable It on Your SDLC? and more! Show Notes: https://wiki.securityweekly.com/ASWEpisode96 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: htt...
Feb 18, 2020•1 hr 13 min
This week, Mike and John interview Shaun Lamb about strategies for how to best design applications so they are "secure by default" and have fewer incidents and vulnerabilities, and more! In the Application Security News, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and more! Show Notes: https://wiki.securityweekly.com/ASWEpisode...
Feb 11, 2020•1 hr 8 min
This week, Mike, John, and Matt review the presentation given by Clint Gilber at AppSec Cali, An Opinionated Guide to Scaling Your Company's Security! In the Application Security News, Xbox Bounty Program, Magento 2.3.4 Patches Critical Code Execution Vulnerabilities, Remote Cloud Execution - Critical Vulnerabilities in Azure Cloud Infrastructure, RCE in OpenSMTPD library impacts BSD and Linux distros, Fintechs divided on screen scraping ban, and Zero trust architecture design principles! Show N...
Feb 04, 2020•55 min
This week, we welcome John Butler, Solutions Engineer at Guardsquare, to discuss Dynamically Protecting Mobile Applications with RASP! In the Application Security News, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on Mitigating Cloud Vulnerabilities, Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information, and more! Show Notes: https://wiki.securityweekly.com/A...
Jan 28, 2020•1 hr 8 min
This week in our first segment, Mike, Matt, and John, discuss Protecting Data in Apps and Protecting Apps from Data! In the Application Security News, PoC Exploits Published For Microsoft Crypto Bug disclosed by NSA, Introducing Microsoft Application Inspector, Vulnerability management requires good people and patching skills, and DevSecOps: 10 Best Practices to Embed Security into DevOps are more like 10 verbs related to DevOps responsibilities! Show Notes: https://wiki.securityweekly.com/ASWEp...
Jan 21, 2020•1 hr 9 min
This week, we welcome Hillel Solow, CTO at Check Point, to discuss The Evolution of DevSecOps and AppSec Trends in 2020! In the Application Security News, Policy and Disclosure: 2020 Edition, A look back & forward for bug bounties over the past decade, 4 Ring Employees Fired For Spying on Customers, Exploit Fully Breaks SHA-1, Lowers the Attack Bar, The Open Source Licence Debate: Comprehension Consternations & Stipulation Frustrations, Synopsys Buys Tinfoil, and Rotate Your Amazon RDS, ...
Jan 14, 2020•1 hr 9 min
This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles! In the Application Security News, Featured Flaws and Big Breaches, Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs)! S...
Jan 07, 2020•57 min
This week, we welcome Dave Ferguson, Director of Product Management and WAS at Qualys! Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers. In the Application Security News, GitLab Doles Out Half a Million Bucks to White Hats, How can we integrate security into the DevOps pipelines?, Go passwordless to strengthen security and reduce costs - and design your app to support these ty...
Dec 17, 2019•1 hr 12 min
This week, we welcome Allan Friedman, Director of Cybersecurity Initiatives at the NTIA US Department of Commerce, to talk about the Software Bill of Materials! In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update toolset, and Java vs. Python: Which should you choose? Show Notes: https://wiki.securityweekly.com/ASWEpisode88 Visit https://www.securityweekl...
Dec 10, 2019•1 hr 8 min
This week, we welcome Sandy Carielli, Principal Analyst at Forrester Research, to discuss the impact of good and bad bots on enterprises and how it is both a security and customer experience problem! In the Application Security News, Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud, DevSecOps Adoption and the Web Security Myth, Facebook, Twitter profiles slurped by mobile apps using malicious SDKs, Firefox gets tough on tracking tricks that sneakily sap your privacy, and Decoding the...
Dec 03, 2019•1 hr 4 min
This week, we welcome Tim Mackey, Principal Security Strategist at Synopsys! In the Application Security News, $1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail s AMP4Email via DOM Clobbering, and more! Show Notes: https://wiki.securityweekly.com/ASWEpisode86 To learn more about Synopsys, visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/asw for all the latest episodes! F...
Nov 26, 2019•1 hr 6 min
This week, we welcome back Pawan Shankar, Senior Product Marketing Manager of Sysdig, to announce the launch of Sysdig Secure 3.0! In the Application Security News, Mirantis' Docker Enterprise acquisition a lifeline as industry shifts to Kubernetes, Attackers' Costs Increasing as Businesses Focus on Security, Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed, and Three Ways Developers Can Worry Less About Security! Show Notes: https://wiki.securityweekly.com/ASWEpisode85 To learn more abo...
Nov 19, 2019•1 hr 6 min
This week, in the first segment, Mike, Matt, and John talk Security Testing! In the Application Security News, Pwn2Own Tokyo Roundup: Amazon Echo, Routers, Smart TVs Fall to Hackers, Robinhood Traders Discovered a Glitch That Gave Them 'Infinite Leverage', Bugcrowd Pays Out Over $500K in Bounties in One Week, GWP-ASan: Sampling heap memory error detection in-the-wild, and more! Show Notes: https://wiki.securityweekly.com/ASWEpisode84 Visit https://www.securityweekly.com/asw for all the latest ep...
Nov 13, 2019•1 hr 6 min
This week, we interview Daniel Lowrie and Justin Dennison, Edutainers at ITProTV, to discuss how to bridge the gap between a Developer and Security! In the Application Security News, Stable Channel Update for Desktop Chrome users should upgrade to, Overcoming the container security conundrum: What enterprises need to know, Security Think Tank: In the cloud, the buck stops with you, PHP Bug Allows Remote Code-Execution on NGINX, Servers and patch details at Sec Bug #78599, Raising Security Awaren...
Nov 05, 2019•1 hr 7 min
This week, Mike Shema, Matt Alderman, and John Kinsella talk about Bug Bounties, Pentesting, & Scanners! In the Application Security News, Top cloud security controls you should be using, State of Software Security X, Developers: The Cause of and Solution to Security's Biggest Problems, and much more! Show Notes: https://wiki.securityweekly.com/ASWEpisode82 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like ...
Oct 29, 2019•1 hr 6 min
