ASW Episode23

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #23

Recorded July 9, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • We just released our 2018 Listener Survey; Please go to securityweekly.com/survey to help us continue to provide you with quality content that doesn't break the build.
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.

    Topic: The Hardest Problem in Application Security

    One of the hardest problems that Application Security practitioners need to solve is the problem of visibility. Not only do they need to uncover all of the different projects under development - they also need to worry about what libraries and frameworks those projects are using. Moreover, even after they have discovered all of the projects under development, they need to figure out how to then proceed through identifying all of the vulnerabilities, deduplicating findings across multiple tools, and provide feedback to development teams in a way that is consumable. You can't fix the vulnerabilities you can't see, and in this episode Keith & Paul talk through the process of uncovering the problems you didn't even know you had.

    News

    Bugs, Breaches, and More!

    1.) Google Patches Critical Remote Code Execution Bugs in Android OS

    2.) GitLab Security Release: 11.0.1, 10.8.5, and 10.7.6

    3.) A new data breach may have exposed personal information of almost every American adult

    4.) Hamas Cyber Ops Spied on Hundreds of Israeli Soldiers Using Fake World Cup, Dating Apps

    If you build it, they will come

    1.) The rise of 'pseudo-AI': how tech firms quietly use humans to do bots' work

    2.) face-api.js — JavaScript API for Face Recognition in the Browser with tensorflow.js

    3.) Facebook Acknowledges it Shared User Data with 61 Companies

    4.) ICANN't get no respect: Europe throws Whois privacy plan in the trash

    Learning & Tools

    1.) Remediate the Flag

    2.) Daniel Cuthbert & Santander Security team Build a simple web app that helps developers understand the ASVS requirements

    3.) Burp Suite: HTTP Smuggler

    4.) AppSecRadar

    Food for Thought

    1.) The impact of the ‘open’ workspace on human collaboration

    2.) Social media apps are 'deliberately' addictive to users

    3.) Balancing Time

    4.) One Talk to Rule Them All


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+