Application Security Weekly #42
Recorded December 3, 2018 at G-Unit Studios in Rhode Island!
- If you are interested in quality over quantity and having meaningful conversations instead of just a badge scan, join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass.
- Join us for our Webcast with Chronicle entitled "Intelligence Powered Malware Hunting". This webcast will be held December 5th @3-4pm EST. Go to securityweekly.com/chronicle to register now!
Interview: Aleksei Tiurin, Acunetix
Aleksei Tiurin is a security researcher and pentester with over 8 years of experience in penetration testing and with a particular focus on ERP and banking systems and Windows-networks. For the last 4 years, he's been focusing on Web hacking and holds a position as Senior Security Researcher at Acunetix. Aleksei maintains a Java Deserialization CheatSheet and is the co-organizer of Defcon Russia (DCG #7812).
To open PDF, click the File Link and then click the Adobe Logo.File:Reverse Proxies PDF.pdf
Bugs, Breaches, and More!
1.) Dell.com reports Incident
2.) Hackers are opening SMB ports on routers to infect PCs with NSA malware
3.) event-stream package laden with BitCoin-stealing Malware
If you Build It, They Will Come
1.) Bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities
2.) Malware & Rogue Users can spy on some apps' HTTPS crypto
3.) Exploiting developer infrastructure is insanely easy
Learning & Tools
1.) XSSFuzzer - Generate XSS Payloads based on User-Defined Vectors and Fuzzing Lists
2.) Amazon announces Firecracker - Open Source Technology for a Secure & Fast microVM for Serverless Computing
Food for Thought
1.) AI Mistakes Bus-Side Ad for Famous CEO, then charges her with Jaywalking
2.) Getting to 10x (Results): What Any Developer can learn from the Best
3.) CommitStrip: If it's not Broken