Gesamtlänge aller Episoden: 15 days 8 hours 17 minutes
This week in the AppSec News: Apple introduces Lockdown Mode, PyPI hits 2FA trouble, cataloging cloud vulns, practical attacks on ML, NIST's post-quantum algorithms, & more! Appsec starts with the premise that we need to build secure code,...
Both GraphQL and template engines have the potential for injection attacks, from potentially exposing data due to weak authorization in APIs to the slew of OGNL-related vulns in Java this past year. We take a look at both of these technologies in...
This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! IE has gone to 11 and is no more....
HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134 Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that...
Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. Matias Madou joins to talk about how the definition of secure coding varies among developers and appsec teams, why it's...
This week, in the first segment, Brian Glas answers the questions surrounding the next generations of AppSec professionals: What does it look like to try teaching cybersecurity at an undergraduate level? What are the goals and challenges faced when...
This week, Mike and John kick off the show with an interview of Christoph Nagy, the CEO of SecurityBridge! Then, in the AppSec News: Secure coding practices and smart contracts, lessons from the Heroku breach, Real World Crypto conference highlights,...
This week, Mike and John interview Lynn Marks, Product Manager at Imperva, & discuss Bad Bots: The Automated Threat Targeting Your Websites, Apps, & APIs! In the AppSec News: ExtraReplica in Azure, Chrome disfavors document.domain, appsec...
How should we empower developers to embrace the NIST software development practices? Because from here on out, developers need to view themselves as the front lines of defense for the end-consumer. A more secure-aware developer leads to a...
We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the...