ASW Episode01

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #1

Recorded January 12, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements

    • Also check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: Currently On-Demand we have webcasts with: Cybereason, Onapsis, Signal Sciences, BHIS, and Stealthbits!
    • If you work in IT and want to have access to an awesome library of OnDemand training head on over to ITPro.TV/securityweekly! They are now accepting requests for demos of the IT Team solution that allows you and your co-workers to access over 3300 hours of training at any time! Use the code SecWeekly30 for the 7-day free trial and 30% off!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW! You can catch talks from Adrian Sanabria, Diana Kelley and Ed Moyle, Jennifer Manella, Joseph Zacharias, Mark Arnold, Matias Madou, and Summer Fowler. Good job!
    • Check out our DomainTools Webcast Pivoting Through Malicious Infrastructure. Hosted by Paul Asadoorian, Michael Santarcangelo, and Taylor Wilkes-Pierce. Join Michael and Paul as they explore, using domain names and DNS information in a candid discussion with Taylor Wilkes-Pierce from DomainTools. We’ll deep-dive into one of 2017's most notorious phishing attacks to show you how to use domain data and pivoting to profile threat actors and prevent future attacks.

    Topic: OWASP Top 10 (2017) Overview

    OWASP Top 10 (2017)

    Learning & Tools (GitHub)


    How malicious NPM packages could harvest credit card numbers and passwords from your site.

    Epic Games reports huge CPU usage spike after applying Meltdown patches on backend servers

    Epic Games blames Meltdown CPU performance issues for Fortnite downtime

    NVIDIA updates video drivers to help address CPU memory security (Meltdown / Spectre related)

    Oracle WebLogic Vulnerability Being Exploited by Bitcoin Miners

    Website Glitch Let Me Overstock My Coinbase

    AMD-PSP: Firmware Trusted Platform Module Remote Code Execution via crafted EK certificate

    Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

    Multiple Vulnerabilities found in Western Digital My Cloud

    JSON Remote Procedure Call (RPC) allows malicious websites to execute Electrum wallet commands

    New 'Cybersecurity Office' Would Oversee Companies Like Equifax and Dole Out Fines for Slipshod Security

    Application fuzzing in the era of Machine Learning and AI

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+