- 1 Application Security Weekly Episode #110 - June 08, 2020
- 2 1. Interview - The Future State of AppSec - 12:30 PM-01:00 PM
- 3 2. News - Zoom Vulns, Apple 0-Days, & Abandoned Domains - 01:00 PM-01:30 PM
Application Security Weekly Episode #110 - June 08, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Interview - The Future State of AppSec - 12:30 PM-01:00 PM
- Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
- Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
Application Security is changing rapidly, and with changes to automation and tooling will look vastly different 5 years from now than it does today. Discuss what those changes will look like, including what we're already seeing today.
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
Phillip Maddux is a Trusted AppSec Advisor at Signal Sciences. He has over 10 years of experience in information security, with the majority of that time focused on application security in the financial services sector. In his spare moments, he enjoys converting ideas to code and committing them to Github.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. News - Zoom Vulns, Apple 0-Days, & Abandoned Domains - 01:00 PM-01:30 PM
- We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
- Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Our second June webcast will be with Google Cloud teaching you how to prevent account takeover attacks! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Two vulnerabilities in Zoom could lead to code execution, Zero-day in Sign in with Apple, Focus on Speed Doesn’t Mean Focus on Automation, Apple pushes fix across ALL devices for “unc0ver” jailbreak flaw, and more!
John Kinsella's Content:
Matt Alderman's Content:
Mike Shema's Content:
- Vulnerability Spotlight: Two vulnerabilities in Zoom could lead to code execution, but only one leads to my favorite: path traversal within their Giphy support.
- Zero-day in Sign in with Apple and The Real Cause of the Sign In with Apple Zero-Day explain how a privacy-protecting step in an authentication flow and a mistaken assumption exposed users to account takeover.
- Apple pushes fix across ALL devices for “unc0ver” jailbreak flaw
- Why abandoned domain names are so dangerous, especially in a world of cookie-based authentication, dependencies, and user-generated content.
- Focus on Speed Doesn’t Mean Focus on Automation, but it shouldn't mean forgetting about testing and security, either.
- Who’s Responsible for Security? Apparently, It Depends on how you read the Mapping the DevSecOps Landscape 2020 Survey Results from GitLab.