ASW Episode05

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #5

Recorded February 9, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements

    • Also check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: Currently On-Demand we have webcasts with: Cybereason, Onapsis, Signal Sciences, BHIS, and Stealthbits!
    • If you work in IT and want to have access to an awesome library of OnDemand training head on over to ITPro.TV/securityweekly! They are now accepting requests for demos of the IT Team solution that allows you and your co-workers to access over 3300 hours of training at any time! Use the code SecWeekly30 for the 7-day free trial and 30% off!
    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW! You can catch talks from Adrian Sanabria, Diana Kelley and Ed Moyle, Jennifer Manella, Joseph Zacharias, Mark Arnold, Matias Madou, and Summer Fowler. Good job!

    Topic: OWASP ASVS pt.2

    OWASP Application Security Verification Standard

    Learning & Tools

    1.) Replicator helps developers to reproduce issues discovered by pen testers

    2.) Web Application Firewall (WAF) Evasion Techniques

    3.) Burp Suite Pro Wordpress Scanner released

    4.) Hacking Tutorials Best Hacking Books 2018

    5.) Rapid7 Launches a Threat Intel Book Club


    Bugs, Breaches, and More!

    1.) All Ledger Hardware Wallets Vulnerable to Man in the Middle Attack

    2.) NSA Exploits Ported to Work on All Windows Versions Released Since Windows 2000

    3.) WordPress users – do an update now, and do it by hand!

    4.) Cisco investigation reveals ASA vulnerability is worse than originally thought

    If you build it, they will come

    1.) Key iPhone Source Code Gets Posted Online in 'Biggest Leak in History'

    2.) How (Google) fought bad apps and malicious developers in 2017

    3.) Beware the looming Google Chrome HTTPS certificate apocalypse!

    4.) Facebook Is Investigating Bitcoin Ads Bypassing Its New Ban

    Food for Thought

    1.) Microsoft open sources a new Kubernetes GPU and device scheduling extension

    2.) Cisco, Apple, Aon, Allianz introduce a first in cyber risk management

    3.) Introducing AthenaX, Uber Engineering’s Open Source Streaming Analytics Platform

    4.) Intel Made Smart Glasses that Look Normal

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+