ASW Episode37

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #37

Recorded October 29, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Special Thanks to Julian Burton, Pamela O'Shea, and the whole OWASP Melbourne crew - AppSecDay was incredible!
    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • Join us for our Webcast with Signal Sciences about Which way should you shift testing in the SDLC?, November 8th @3-4pm EST. Go to securityweekly.com/signalsciences to register now!

    Interview: Johnny Xmas, Kasada.io

    Johnny Xmas
    is the Director of Field Engineering at Kasada.io.
    Johnny is a predominant thought leader in the US and European information Security community, most well-known for his work on the TSA Master Key leaks between 2014 and 2018. Currently working as a Director of Field Engineering with the Australian firm ‘Kasada.io' to provide unprecedented defense against the automated abuse of web infrastructure, he was previously the lead consultant on Uptake’s Industrial Cybersecurity Platform. Prior to this, he spent many years in the field as a penetration tester, focusing heavily on both IT and physical security of financial and medical facilities.


    News

    Bugs, Breaches, and More!

    1.) Millions of Passengers affected by Cathay Pacific Airline Hack

    2.) Exploit in WebEx leads to System-level privileges

    3.) MicroTik Router Bug is as Bad as it Gets Thankfully there's a vigilante out there patching these things!

    If you Build It, They Will Come

    1.) China has been hijacking the internet backbone of Western countries

    2.) How proficient are Developers at fixing Application Security flaws?

    3.) WordPress team working to wipe-out older versions from Existence on the Internet

    Learning & Tools

    1.) Exploit Development - Buffer Overflows

    2.) GitHub Actions are Awesome!

    3.) ThreatPlaybook

    Food for Thought

    1.) Resilient Engineering: Have you tried turning it off and on again?

    2.) From Dev to InfoSec - Part 2

    3.) CommitStrip: How to Win a Coding Battle


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+