Application Security Weekly #26
Recorded July 30, 2018 at G-Unit Studios in Rhode Island!
- We just released our 2018 Listener Survey; Please go to securityweekly.com/survey to help us continue to provide you with quality content that doesn't break the build.
- Come to our Pool Cabana @ Black Hat and Def Con to pick up a free copy of "Cyber Hero Adventures". Here you will be able to get the comic book signed by Gary Berman.
Interview: Jessica Rozhin, Marqeta
Jessica Rozhin is currently a Security Engineer at an Oakland financial tech start up called Marqeta. This is her first role in the security space, but she is no stranger to technical operations and incident response. Before Marqeta she spent several years working the the Network Operations Center at Box, focused on preventing, responding to and resolving large scale customer impacting site incidents. Jessica has a passion for crisis management and investigation, a questionable sense of humor and is a self professed silly dancing aficionado.
Bugs, Breaches, and More!
1.) New Spectre attack can remotely steal secrets, researchers say
2.) Vulnerability in Hangouts Chat: from open redirect to code execution
3.) Microsoft Discovers Supply Chain Attack at Unnamed Maker of PDF Software
If you build it, they will come
1.) Microsoft retiring XSS Filter in Edge
2.) Big tech warns of 'Japan's millennium bug' ahead of Akihito's abdication
3.) Flaw let researchers snoop on Swann smart security cameras
Learning & Tools
1.) OWASP iGoat (Swift) - A Damn Vulnerable Swift Application for iOS
2.) WTF - A personal terminal-based dashboard utility
3.) Front-End Performance Checklist
Food for Thought
1.) Student's Code could've stopped the Equifax Hack
2.) Code Prediction with a Neural Network
3.) CommitStrip: Choosing the right stack]