SSH-Agent RCE, CTFs & bug bounties, Satellite Security, Cyber Trust Mark, Bad.Build - ASW #248
SSH-Agent RCE, CTFs & bug bounties, Satellite Security, Cyber Trust Mark, Bad.Build - ASW #248
RCE in ssh-agent forwarding, finding zero-days in CTFs, Node's vm2 can't be secured, NPM packaging ambiguities, privileg... Read more
25 Jul 2023
•
39mins
Navigating the Complexities of Development to Create Secure APIs with Kristen Bell - Kristen Bell - ASW #248
Navigating the Complexities of Development to Create Secure APIs with Kristen Bell - Kristen Bell - ASW #248
Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams... Read more
25 Jul 2023
•
38mins
Kubernetes and silentbob strike back, EV charger hacking, fake POCs - ASW #247
Kubernetes and silentbob strike back, EV charger hacking, fake POCs - ASW #247
It's a busy news week - We explore what happens when people trust plugging cables into their EVs in public, how an APT i... Read more
18 Jul 2023
•
41mins
Securing Non-Election Election Systems, Modernizing AppSec Education - Brian Glas - ASW #247
Securing Non-Election Election Systems, Modernizing AppSec Education - Brian Glas - ASW #247
While much has been written and argued about the security of election systems - the things that do the actual ballot cou... Read more
18 Jul 2023
•
39mins
Developer-Focused Security - Melinda Marks - ASW #246
Developer-Focused Security - Melinda Marks - ASW #246
Melinda will share results from her study last year on developer-focused security, "Walking the Line: Shift Left and Git... Read more
11 Jul 2023
•
41mins
Software Trust & Adversaries - Shannon Lietz - ASW #246
Software Trust & Adversaries - Shannon Lietz - ASW #246
Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon ... Read more
11 Jul 2023
•
34mins
The Psychology of Training - Matias Madou - ASW Vault
The Psychology of Training - Matias Madou - ASW Vault
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published ... Read more
5 Jul 2023
•
35mins
XSS in Azure, Choosing Web Research Topics, Security Dev-in-Residence, More Myths - ASW #245
XSS in Azure, Choosing Web Research Topics, Security Dev-in-Residence, More Myths - ASW #245
Two XSS vulns via postMessage methods in Azure, how to choose (and move on from) a web research topic, OpenSSF finances ... Read more
27 Jun 2023
•
37mins
Invicti AppSec Indicator: Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245
Invicti AppSec Indicator: Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245
Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who bro... Read more
27 Jun 2023
•
37mins
Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault
Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault
Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the area... Read more
20 Jun 2023
•
37mins