ASW Episode12

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #12

Recorded April 13th, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Go to and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to and register using the code SW75WMKW to get a $75 discount!
    • Our content available On-Demand at: This material is available free to our security weekly listeners and subscribers. Also, be sure to check out “The State of Penetration Testing” with BHIS and some other previously recorded webcasts you may have missed!
    • The webcast with Distil Networks on 9 Ways To Protect Your Business, is being held on Wednesday, April 25th. Register now at
    • Bugcrowd is Hiring! After closing a Series C funding round at $26 Million, Bugcrowd is expanding headcount across the organization. Checkout, or email to find out more

    Open Source:

    With GitHub's 10-year Anniversary, it's about time we talk Open Source

    Learning & Tools

    1.) JSon Compare site - a fully featured JSON tool that allows you to directly input and validate JSON code, upload and validate multiple (batch) JSON files simultaneously, and also compare (diff) and merge two JSON objects.

    2.) Snallygaster - A tool to scan for secret files on HTTP servers

    3.) Docker Classroom

    4.) Rapid7 Open Data


    Bugs, Breaches, and More!

    1.) A Dive into Ruby CVE-2017-17405: Identifying a Vulnerability in Ruby’s FTP Implementation

    2.) Attacking an FTP Client: MGETting more than you bargained for

    3.) Heap overflow in the necp_client_action syscall

    4.) Warning: Your Windows PC Can Get Hacked by Just Visiting a Site

    If you build it, they will come

    1.) npm, Inc. acquires ^Lift Security and the Node Security Platform

    2.) New MacOS Backdoor Linked to OceanLotus

    3.) This Tool Can Help Identify Leakers Who Copy and Paste Secret Info Original article

    4.) Web Application Bugs, from Disclosure to Exploit

    5.) Attitudes to security in the JavaScript community

    Food for Thought

    1.) New Michigan Law Makes Possession of Ransomware Illegal

    2.) You are smart enough to be a software developer

    3.) Matrix Digital Rain by Emily Xie

    4.) What's the solution for this Massive Problem?

    5.) The Price of Backups

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+