ASW Episode38

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #38

Recorded November 5, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Join us for our Webcast with Signal Sciences about Which way should you shift testing in the SDLC?, November 8th @3-4pm EST. Go to to register now!

    Interview: Daniel Cuthbert, Banco Santander

    Daniel Cuthbert
    is the Global Head of Security Research at Banco Santander.
    Daniel Cuthbert is the Global Head of Security Research for Banco Santander. With a career spanning over 20 years on both the offensive and defensive side, he's seen the evolution of hacking from a small groups of curious minds, to organized criminal networks - and even the nation states we see today. He is the original co-author of the OWASP Testing Guide, released in 2003 - and is now the co-author of the OWASP Application Security Verification Standard (ASVS).

    Santander Security Research: ASVS


    Bugs, Breaches, and More!

    1.) A Nasty DHCPv6 Packet can Pwn Vulnerable Linux Boxes

    2.) 'Stalkerware' Website Let Anyone Intercept Texts of Tens of Thousands of People

    3.) Trivial Bug in X.Org gives Root Permission on Linux and BSD Systems

    If you Build It, They Will Come

    1.) Why the NSA Called Me after Midnight and Requested my Source Code

    2.) Twelve malicious Python libraries found and removed from PyPI

    3.) The U.S. Department of Defense Guide for "Detecting Agile BS"

    Learning & Tools

    1.) NetAssert: Network Security Testing for DevSecOps workflows

    2.) HASSH: A profiling method for SSH Clients and Servers

    3.) ThreatPlaybook: Threat Modeling as Code

    Food for Thought

    1.) Twitter should Kill Retweet

    2.) Amazon Future Engineer

    3.) The God of Random shall decide

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+