ASW Episode30

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #30

Recorded August 27th, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Make sure you register for our webcast with Javelin Networks entitled "How to Get Attackers to Contain Themselves", which will be airing on August 30th from 12 pm to 1pm EST. Go to to sign up today!

    The Apache Struts2 RCE Vulnerability - A DevOps Case Study

    • CVE-2018-11776
    • How the 3 Ways of DevOps can guide us toward better security practices
    • Shared Version Control
    • Test Environments
    • Shared Ticketing
    • ChatOps
    • Buying Time


    Bugs, Breaches, and More!

    1.) Using Signal Sciences to Defend against Apache Struts CVE-2018-11776

    2.) 'Fortnite' developer had sharp words for Google after an Exploit was discovered

    3.) PHP Flaw puts WordPress Sites at Risk

    4.) Node.js August 2018 Security Releases

    If you build it, they will come

    1.) Oracle Will Charge for Java Starting in 2019

    2.) Imposter 'Fortnite' Android Apps are Already Spreading Malware

    3.) How Netflix does Failovers in 7 minutes Flat

    4.) How I Hacked Black Hat 2018

    Learning & Tools

    1.) CVE-2018-11776 Python PoC

    2.) WebSocket Fuzzer

    3.) Burp Suite 2.0 Beta released

    4.) Windows 95 - running in Electron

    Food for Thought

    1.) From Dev to InfoSec - Part 1

    2.) Even Anonymous Coders Leave Fingerprints

    3.) Burp Suite Enterprise Edition?

    4.) Commit Strip: Profiling

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+