ASW Episode55

From Paul's Security Weekly
Jump to: navigation, search

Recorded March 25, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Announcements

    • Join us April 1-3, at Disney's Contemporary Resort for InfoSec World 2019 where you can connect and network with like-minded individuals in search of actionable information. Visit and use the registration code OS19-SECWEEK for 15% off the Main Conference or World Pass. If you are interested in booking an interview or briefing with Security Weekly, please go to to submit your request!

    • John Strand will be teaching Active Defense and Cyber Deception at Black Hat 2019.  Please register here!  Register Now @ [1].

    • SecureWorld Boston is hosting their 15th annual conference March 27-28 @ the Hynes Convention Center. Security Weekly Listeners save $100 off a full conference pass by visiting and using the code 'SecurityWeekly'.

    • We just released our 2019 Security Weekly 25 Index Survey. Please go to and click the Survey link to help us understand who's evaluating, using, or formerly used any of the Security Weekly 25 companies. The results will be summarized and presented back to all responders in a private webcast.

    Interview: Mike Shema, Square

    Mike Shema
    is the Product Security Lead of Square.
    Mike Shema leads the product security team at Square. Mike’s experience with infosec includes managing product security teams in complex environments, building commercial web application scanners, and consulting across a range of topics from network penetration testing to code reviews. He has put this experience into books and blog posts about information security, with an infusion of references to music, sci-fi, and horror to keep the topics entertaining. His books include Anti-Hacker Tool Kit, now in its fourth edition after a decade in print, and Hacking Web Apps. He has taught hacking classes and presented research at conferences around the world.
    Topic: Where the wins and challenges are in appsec


    Bugs, Breaches, and More!

    1.) This Spyware Data Leak is So Bad We Can't Even Tell You About It

    2.) Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years

    3.) Zero-day in WordPress SMTP plugin abused by two hacker groups

    If you build it, they will come

    1.) No More Forever Tokens: Changes in Identity Management for Kubernetes

    2.) Severe Security Bug found in Popular PHP Library for Creating PDF Files

    3.) XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover

    Learning & Tools

    1.) How Do I Prepare to Join a Red Team?

    2.) Azure Services Roadmap

    3.) The RedMonk Programming Language Rankings: January 2019

    Food for Thought

    1.) Human Contact is now a Luxury Good

    2.) I Deleted Facebook Last Year. Here's What Changed (and What Didn't)

    3.) CommitStrip: Over-excited

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+