Application Security Weekly (Audio)

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

https://securityweekly.com/category-shows/application-security-weekly/

Eine durchschnittliche Folge dieses Podcasts dauert 1h8m. Bisher sind 263 Folge(n) erschienen. Dies ist ein wöchentlich erscheinender Podcast.

Gesamtlänge aller Episoden: 12 days 7 hours 23 minutes

subscribe
share






recommended podcasts


ASW #226 - Marudhamaran Gunasekaran


Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022 Developers write code. Ideally, secure code....


share








   1h17m
 
 

Throwback Episode - Dev(Sec)Ops Scanning Challenges & Tips - ASW170


We're aren't recording this holiday week, so enjoy this ASW throwback episode! Main host Mike Shema selected this episode to share as it's still relevant to the AppSec community today.    This week, we welcome Nuno Loureiro, CEO at Probely,...


share








   1h9m
 
 

ASW #225 - Dan Moore


Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust   This segment will discuss...


share








   1h20m
 
 

ASW #224 - Keith Hoodlet


How do you mature a team responsible for securing software? What are effective ways to prioritize investments? We'll discuss a set of posts on building talent, building capabilities, and what mature teams look like. Segment resources: -  ...


share








   1h16m
 
 

ASW #223 - Jeevan Singh


FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against machine learning systems and AIs like ChatGPT   Threat modeling is an important part of a security...


share








 2022-12-13  1h20m
 
 

ASW #222 - Aviv Grafi


Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety...


share








 2022-12-06  1h21m
 
 

ASW #221 - Kenn White


Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team   MongoDB recently announced the industry’s first encrypted search scheme...


share








 2022-11-29  1h20m
 
 

ASW #220 - Daniel Krivelevich


CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code...


share








 2022-11-15  1h27m
 
 

ASW #219 - Karl Triebes


While APIs enable innovation, they’re increasingly targeted as a pathway to data. API abuses are often carried out through automated attacks, in which a botnet floods the API with unwanted traffic—seeking vulnerable applications and unprotected...


share








 2022-11-08  1h21m
 
 

ASW #218 - Sandy Carielli, Martha Bennett


A critical OpenSSL vuln is coming this Tuesday, a SQLite vuln, Apple blogs about memory safety and bug bounties, determining a random shuffle   The Web3 ecosystem is chock full of applications and projects that have lost money (and their...


share








 2022-11-01  1h21m