ASW Episode15

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #15

Recorded April 30 , 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Go to and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
    • Check out SOURCE Boston 2018 from May 9th - 10th! Go to and register using the code SW75WMKW to get a $75 discount!
    • Our content available On-Demand at: This material is available free to our security weekly listeners and subscribers. Also, be sure to check out “The State of Penetration Testing” with BHIS and some other previously recorded webcasts you may have missed!
    • Bugcrowd is Hiring! After closing a Series C funding round at $26 Million, Bugcrowd is expanding headcount across the organization. Checkout, or email to find out more

    Learning & Tools

    1.) Snipe-IT: Open Source Asset Management

    2.) Astra: Automated Security Testing for REST APIs

    3.) GREP: A whiteboard by Julia Evans

    4.) Honeycast: Cast your own Honeypots to share and display with others

    5.) DerbyCon Slack Channel


    Bugs, Breaches, and More!

    1.) A Boeing 757 was hacked remotely while it sat on the runway

    2.) 7-Zip: From Uninitialized Memory to Remote Code Execution

    3.) Twitter says all 336 million users should change their passwords

    4.) Meltdown patches return kernel page table directory to user space

    If you build it, they will come

    1.) Somebody Tried to Hide a Backdoor in a Popular JavaScript npm Package

    2.) You Can Finally Encrypt Slack Messages So Your Boss Can't Read Them

    3.) This Russian Company Sells Zero-Day Exploits for Hospital Software

    Food for Thought

    1.) The Evolving Developer Mindset

    2.) Considering an RSAC Expo booth? Our Experience, in 5,000 words or less

    3.) VS Code Extensions for Happier JavaScript Coding

    4.) VuePress: Vue-powered Static Site Generator

    5.) Reading an article on your phone in 2018

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+