ASW Episode10

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #10

Recorded March 30, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!
    • We’ve recently added “The State of Security Education and Training” webcast with ITProTV & RWU to our content available On-Demand at: securityweekly.com/ondemand. This material is available free to our security weekly listeners and subscribers. Also, be sure to check out “The State of Penetration Testing” with BHIS and some other previously recorded webcasts you may have missed!
    • BSides Orlando is coming up on April 7th; Tickets are $20, and students can register for free with their student ID. For more information, tickets are available at https://bsidesorlando2018.eventbrite.com/
    • Bugcrowd is Hiring! After closing a Series C funding round at $26 Million, Bugcrowd is expanding headcount across the organization. Checkout Bugcrowd.com/careers, or email Hoodie@SecurityWeekly.com to find out more

    Topic:

    Is it DevOps or DevSecOps?

    - Musings on setting up a Secure DevOps program

    Learning & Tools

    0.) Refined GitHub Extension

    1.) WAVSEP Project by Shay Chen

    2.) changeme: Default Credential scanner

    3.) OWASP Vulnerable Web Applications Directory Project

    4.) Cloudflare Enumeration Tool v1.2

    5.) AWS Bucket Dump

    6.) Red Team Automation by Endgame

    7.) Octo - A unified shared library which aids in building fuzzers for browsers or as complement for an already existing fuzzing framework.

    News

    Bugs, Breaches, and More!

    1.) Abusing Text Editors with Third-party Plugins PDF

    2.) Total Meltdown

    3.) Code Execution by Re-enabling Node.js integration

    5.) Uh Oh! Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes via Disk Utility.app

    6.) Uncovering a Bug in Cloudflare's Minification Service

    7.) Windows Remote Assistance XXE vulnerability

    If you build it, they will come

    1.) How security alerts are keeping your code safer

    2.) Google rewarding for Patching OSS Bugs

    3.) **WARNING: Autoplaying Video** Uber self-driving car kills pedestrian in first fatal autonomous crash

    4.) Protecting Security Researchers

    5.) Facebook scraped call, text message data for years from Android phones

    6.) My Cow Game Extracted Your Facebook Data

    7.) Just when you thought it was safe to go ahead with microservices... along comes serverless

    Food for Thought

    1.) Red Team Wisdom

    2.) When coding style survives compilation: de-anonymizing programmers from executable binaries

    3.) SQL Joins as Venn Diagrams

    4.) One Language to Rule Them All

    5.) The Sprint

    6.) In Progress

    7.) Neither black nor white



    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+