Application Security Weekly #37
Recorded October 29, 2018 at G-Unit Studios in Rhode Island!
- Special Thanks to Julian Burton, Pamela O'Shea, and the whole OWASP Melbourne crew - AppSecDay was incredible!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- Join us for our Webcast with Signal Sciences about Which way should you shift testing in the SDLC?, November 8th @3-4pm EST. Go to securityweekly.com/signalsciences to register now!
Interview: Johnny Xmas, Kasada.io
Johnny is a predominant thought leader in the US and European information Security community, most well-known for his work on the TSA Master Key leaks between 2014 and 2018. Currently working as a Director of Field Engineering with the Australian firm ‘Kasada.io' to provide unprecedented defense against the automated abuse of web infrastructure, he was previously the lead consultant on Uptake’s Industrial Cybersecurity Platform. Prior to this, he spent many years in the field as a penetration tester, focusing heavily on both IT and physical security of financial and medical facilities.
Bugs, Breaches, and More!
1.) Millions of Passengers affected by Cathay Pacific Airline Hack
2.) Exploit in WebEx leads to System-level privileges
3.) MicroTik Router Bug is as Bad as it Gets Thankfully there's a vigilante out there patching these things!
If you Build It, They Will Come
1.) China has been hijacking the internet backbone of Western countries
2.) How proficient are Developers at fixing Application Security flaws?
3.) WordPress team working to wipe-out older versions from Existence on the Internet
Learning & Tools
1.) Exploit Development - Buffer Overflows
2.) GitHub Actions are Awesome!
Food for Thought
1.) Resilient Engineering: Have you tried turning it off and on again?
2.) From Dev to InfoSec - Part 2
3.) CommitStrip: How to Win a Coding Battle