ASW Episode20

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #20

Recorded June 18, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Michael Santarcangelo
    Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at:


    Bugs, Breaches, and More!

    1.) Decades-old PGP bug allowed hackers to spoof just about anyone’s signature

    2.) Microsoft Windows Remote Kernel Crash Vulnerability

    3.) Another flaw hits Tapplock smart locks, thanks to leaky server

    4.) Security Advisory 2018-03-02 – WebUSB Bypass of U2F Phishing Protection Exploit demoed at OffensiveCon prior to Yubico disclosure

    If you build it, they will come

    1.) Cops Are Confident iPhone Hackers Have Found a Workaround to Apple’s New Security Feature

    2.) Spain's La Liga app caught using fans' phone mics and GPS to detect illegal football broadcasts

    3.) Server-Side Spreadsheet Injection – Formula Injection to Remote Code Execution

    4.) Want to Break Into a Locked Windows 10 Device? Ask Cortana (CVE-2018-8140)

    Food for Thought

    1.) VueJS passes ReactJS in GitHub stars

    2.) Securing the cloud in the face of skills shortages

    3.) How to Build a Successful Career in Cybersecurity

    4.) On the Myth of the 10X Engineer and the Reality of the Distinguished Engineer

    5.) Why Expos are Great

    Paul's Stories
    1. The Shift Left Approach to DevOps Security
    2. DevOps Security: Its Everyones Responsibility Now
    3. Securing DevOps Without Undermining It
    4. How Aqua Security is Helping to Secure Docker Containers

    Interview: Ron Gula, Gula Tech Adventures

    Ron Gula
    is the Founder of Tenable and Gula Tech Adventures.
    Serial Cyber Security Entrepreneur. Founded Tenable Network Security and Network Security Wizards. 15+ years experience as CEO in cyber security industry.

    Ron started his cybersecurity career as a network penetration tester for the NSA. At BBN, he developed network honeypots to lure hackers and he ran US Internetworking's team of penetration testers and incident responders. As CTO of Network Security Wizards, Ron pioneered the art of network security monitoring and produced the Dragon Intrusion Detection System which was recognized as a market leader by Gartner in 2001. As CEO and co-founder of Tenable Network Security, Ron led the company's rapid growth and product vision from 2002 through 2016. He helped them scale to more than 20,000 customers worldwide, raise $300m in venture capital and achieve revenues in excess of $100m annually.

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+