ASW Episode42

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #42

Recorded December 3, 2018 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
    • Join us for our Webcast with Chronicle entitled "Intelligence Powered Malware Hunting". This webcast will be held December 5th @3-4pm EST. Go to to register now!

    Interview: Aleksei Tiurin, Acunetix

    Aleksei Tiurin
    is the Senior Security Researcher for Acunetix.
    Aleksei Tiurin is a security researcher and pentester with over 8 years of experience in penetration testing and with a particular focus on ERP and banking systems and Windows-networks. For the last 4 years, he's been focusing on Web hacking and holds a position as Senior Security Researcher at Acunetix. Aleksei maintains a Java Deserialization CheatSheet and is the co-organizer of Defcon Russia (DCG #7812).

    To open PDF, click the File Link and then click the Adobe Logo.
    File:Reverse Proxies PDF.pdf


    Bugs, Breaches, and More!

    1.) reports Incident

    2.) Hackers are opening SMB ports on routers to infect PCs with NSA malware

    3.) event-stream package laden with BitCoin-stealing Malware

    If you Build It, They Will Come

    1.) Bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities

    2.) Malware & Rogue Users can spy on some apps' HTTPS crypto

    3.) Exploiting developer infrastructure is insanely easy

    Learning & Tools

    1.) XSSFuzzer - Generate XSS Payloads based on User-Defined Vectors and Fuzzing Lists

    2.) Amazon announces Firecracker - Open Source Technology for a Secure & Fast microVM for Serverless Computing

    3.) The State of JavaScript

    Food for Thought

    1.) AI Mistakes Bus-Side Ad for Famous CEO, then charges her with Jaywalking

    2.) Getting to 10x (Results): What Any Developer can learn from the Best

    3.) CommitStrip: If it's not Broken

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+