ASW Episode27

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #27

Recorded August 6th, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • James Wickett
    Head of Research at Signal Sciences.


    • We just released our 2018 Listener Survey; Please go to to help us continue to provide you with quality content that doesn't break the build.
    • Come to the Security Weekly Pool Cabana @ Black Hat and Def Con to pick up a free copy of "Cyber Hero Adventures". Here you will be able to get the comic book signed by Gary Berman.
    • Thermo Fisher Scientific is Hiring! Specifically, I have two openings for Application Security Engineering roles on my team - including a Senior Application Security Engineer, as well as an Entry-Level role.

    Interview: Galen Hunt, Microsoft

    Galen Hunt
    is a Distinguished Engineer & Director at Microsoft.
    He founded and lead the team building the Azure Sphere, announced at RSA Conference 2018. Our goal is to make IoT safe for society. Azure Sphere provides an end-to-end solution that enables any device manufacturer to create highly-secured devices; devices possessing all 7 Properties of Highly-Secured Devices.

    He is part of the launch team for Microsoft Research New Experiences and Technologies organization (MSR NExT). In addition to building Azure Sphere, he also manages the Operating Systems Technologies Group. Previously, he led the Operating Systems and Distributed Systems Group as Principal Researcher.


    The Seven Properties of Highly Secure Devices

    1. Hardware-based Root of Trust
    2. Small Trusted Computing Base
    3. Defense in Depth
    4. Compartmentalization
    5. Certificate-based Authentication
    6. Renewable Security
    7. Failure Reporting


    Bugs, Breaches, and More!

    1.) React v16.4.2: Server-side vulnerability fix

    2.) Hackers automate the laundering of money via Clash of Clans

    3.) Are hacking tutorials illegal? YouTube seems to think so

    If you build it, they will come

    1.) Epic Games sidesteps the Play Store with Fortnite for Android launch

    2.) How to Approach Security with Node.js

    3.) Serverless DevOps: Security

    Learning & Tools

    1.) Infer: a tool to detect bugs in Java and C/C++/Objective-C code before it ships

    2.) GitHub Best Practices for Account Security and Recoverability

    3.) The new month of Burp pr0n

    Food for Thought

    1.) The Cost of JavaScript

    2.) New open source effort: Legal code to make reporting security bugs safer

    3.) The most exciting game

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+