ASW Episode28

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #28

Recorded August 13th, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Doug White
    Cybersecurity professor, President of Secure Technology, and Security Weekly network host.
  • Annoucements:

    • Our Webcast with Endgame is being held on August 16, 2018 from 3:00 p.m. - 4:00 p.m. on Phishing Prevention. Go to securityweekly.com/endgame to register!
    • Thermo Fisher Scientific is Hiring! Specifically, I have two openings for Application Security Engineering roles on my team - including a Senior Application Security Engineer, as well as an Entry-Level role.

    Topic: Secure Coding Practices



    News

    Bugs, Breaches, and More!

    1.) Alibaba Cloud Security Team Discovers Apache Spark Rest API Remote Code Execution (RCE) Exploit

    1.) Comcast Security Flaws Exposed Partial Address & Social Security Numbers for 26 Million customers

    2.) How a Security Researcher gained Commit Access to Homebrew in 30 Minutes

    If you build it, they will come

    1.) IETF Releases their Official TLS 1.3 Announcement Cloudflare's Detailed Look at RFC 8446 (a.k.a TLS 1.3)

    2.) Facebook's Plan to Partner with Banks Raises Privacy concerns

    3.) Hacker Finds Hidden 'God Mode' in Old x86 CPUs

    Learning & Tools

    1.) U.K. Home Office releases Repo Security Scanner

    2.) Bypassing CSP using polyglot JPEGs

    3.) Practical Web Cache Poisoning

    Food for Thought

    1.) In the Land of Security - Be Fast

    2.) Amazon plans to move completely off Oracle software by early 2020

    3.) Let There Be Light


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+