Application Security Weekly (audio)

This week on Application Security Weekly, Matt Alderman takes the reigns and is joined by Co-Host James Wickett, who is the Head of Research at Signal Sciences! They talk about the human element of application security training and testing! In the Application Security News, Oracle patches 284 vulnerabilities, a bug in Twitter Android app exposed protected tweets, four tips for better API Security in 2019, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Rey Bango, Security Advocate for Microsoft! Rey is focused on helping the community build secure systems & being a voice for researchers within MS! In the Application Security News, Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Ken Johnson, Application Security Engineer at GitHub! Ken joins us to discuss approaching AppSec the right way, "running a scanner without context", getting the right context/importance of context, and how to figure what's real and what's legit! In the Application Security News, Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Harry Sverdlove, CTO and Founder of Edgewise! Harry joins us to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more! In the Application Security News, Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 To get involved with Edgewise, go to: https://www.edgewise.net/securityweekly   Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! Visit our website: https://www.securityweekly.com   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Follow us on Twitter: ht

This week, Keith and Paul interview Chris Elgee, the Technical Engineer at Counter Hack Challenges! Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it’s been working on the challenge vs. playing it, and more! In the Application Security News, Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Aleksei Tiurin, Senior Security Researcher at Acunetix! Aleksei joins Keith and Paul this week for a Technical Segment on reverse proxies using WebLogic, Nginx, and Tomcat! In the Application Security News, hackers are opening SMB ports on routers to infect PC’s with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer infrastructure is insanely easy, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 To learn more about Acunetix, go to: www.acunetix.com/securityweekly   Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Brent Dukes! Brent is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more! In the Application Security News, Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Follow us on Twitter: https://www.twitter.com/securityweekly

This week, Keith and Paul interview John Kinsella, Vice President of Container Security at Qualys! John discusses Qualys’ Container Security, continuous discovery, and tracking for containers and images! In the Application Security News, Instagram leaks passwords to the public, Clickjacking on Google MyAccount Worth $7,500, James Wickett's thread on Open Source SAST options, an advanced search tool for sensitive information stored in GitHub repos, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Brian Kelly, Head of Conjur Engineering at CyberArk! Brian focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems. In the Application Security News, DJI Drone Vulnerability, Hackers are increasingly destroying logs to hide attacks, Adobe ColdFusion servers under attack from APT group, understanding Open Source Code use in your business, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39 To learn more about Conjur, go to: www.conjur.org/asw   Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Daniel Cuthbert, Global Head of Security Research for Banco Santander! In the Application Security News, a nasty DHCPv6 packet can Pwn vulnerable Linux Boxes, 'Stalkerware' website let anyone intercept texts of tens of thousands of people, twelve malicious Python libraries found and removed from PyPI, the U.S. Department of Defense Guide for "Detecting Agile BS", and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Johnny Xmas, Director of Field Engineering at Kasada.io! In the Application Security News, Millions of passengers affected by Cathay Pacific Airline Hack, China has been hijacking the internet backbone of Western countries, how proficient are developers at fixing Application Security flaws, MicroTik Router Bug is as bad as it gets, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode37 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Paul and April Wright discuss a jQuery Plugin that has been exploited for years is finally getting patched, a flaw in LibSSH leaves thousands of servers at risk, a remote code implantation flaw found in Medtronic Cardiac Programmers, hackers hiding Cryptocurrency malware in Adobe flash updates, how the government is finally rolling out 2 Factor Authentication for Federal Agency Domains, and how Disney is helping women from across their company to become Developers!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode36 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly 

This week, Keith and Paul interview Garrett Gross, Senior Solutions Engineer at Rapid7! They talk about catching bugs earlier in the process of development, what can lead to certain successes in development, and more! In the Application Security News, Git Project patches Remote Code Execution Vulnerability, Google is shutting down Google+ after 500k accounts potentially affected by a data breach, Facebook wants people to Invite its cameras into their homes, GitHub introduces user blocking notifications, DevOps producing more insecure apps than ever, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode35   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul talk about landing a job in Application Security! They discuss attending local meetups and conferences, practicing your coding skills, getting educated by World Class security researchers, doing your homework, and much more! In the Application Security News, Facebook discloses the loss of at least 50 millions access tokens, Google admits to allowing hundreds of companies to read your email, FireFox Monitor will alert you when your accounts have been Pwned, Microsoft releases MS-DOS v1.25 and v2.0 as Open Source, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode34   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and special guest host April Wright interview Ron Gula, Founder of Tenable and Gula Tech Adventures! They discuss security in the upcoming elections, how to maintain separation of duties, attack simulation, and more! In the Application Security News, Hackers stole customer credit cards in Newegg data breach, John Hancock now requires monitoring bracelets to buy insurance, the man who broke Ticketmaster, new security settings available in iOS 12, State Department confirms data breach exposed employee data, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode33   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith Hoodlet and Paul Asadoorian interview April Wright from ArchitectSecurity.org! Next, bugs, breaches, and more in the Application Security News! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode32 Visit https://www.securityweekly.com/asw for all the latest episodes!

This week, Keith and Paul interview Zane Lackey, Chief Security Officer and Founder of Signal Sciences! In the news, U.S. government releases Post-mortem on Equifax, Microsoft Windows Zero-Day found in Task Scheduler, British Airways breached via XSS, Windows subsystem Linux for Linux Distros, Bug Bounties and mental health, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode31   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul discuss The Apache Struts2 RCE Vulnerability! In the news, Using Signal Sciences to defend against Apache Struts, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, Burp Suite 2.0 Beta released, even anonymous coders leave fingerprints, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith and Paul interview Tom McLaughlin, Founder of ServerlessOps! In the final segment, we air a Pre-Recorded segment with Paul and Matt Alderman, as they sat down at DEF CON to talk all things AppSec, vendors that were there, and companies they had briefings with from our pool cabana!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode29   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, Keith is joined by Dr. Doug White to discuss Secure Coding Practices! In the news, Comcast security flaws, Facebook plans to partner with banks, hacker finds ‘God Mode’ in x86 CPU’s, bypassing CSP using polyglot JPEGs, and more on this episode of Application Security Weekly!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode28   Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter!   →Visit our website: https://www.securityweekly.com →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly