Asw116

From Security Weekly Wiki
Jump to navigationJump to search

Application Security Weekly Episode #116 - July 27, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Fixing Vulnerabilities Effectively & Efficiently - 12:30 PM-01:00 PM


Announcements

  • Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting <a href="https://securityweekly.com/subscribe" rel="nofollow">https://securityweekly.com/subscribe</a> and clicking the button to join the list!

  • Security Weekly is an official media partner for Virtual BlackHat 2020! To register and save $200, visit <a href="https://securityweekly.com/summercamp2020" rel="nofollow">https://securityweekly.com/summercamp2020</a> and click the register button. Discount code: “20SecWeekbh” Alongside Virtual BlackHat, we will be running our conference micro-interviews, you guessed it, virtually, in an event called Security Weekly Virtual Hacker Summer Camp, August 3 – August 6, 2020. Options, pricing and availability are all listed on the same page! Reserve your slot now to get your message out to BlackHat attendees!

Description

What does it take to fix vulns effectively and efficiently? There’s no lack of vulns identified from bug bounties and vuln reporting programs, but not every vuln needs the same attention and not every vuln gets the attention it deserves.



Guest(s)

John Matherly

John Matherly is an Internet cartographer, engineer and founder of Shodan, the world's first search engine for the Internet-connected devices. He has been at the forefront of Internet of Things for the past 10 years and his research has been covered on CNN, Bloomberg, Washington Post and many other outlets. Prior to Shodan, John received a bachelors degree in bioengineering and worked as a software engineer on bioinformatics applications.


Hosts

2. TaskRouter JS SDK, EL1/EL3 Vulnerability, & 234 Alexa Skills Store Violations - 01:00 PM-01:30 PM


Announcements

Description

TaskRouter JS SDK Security Incident, Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability, An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices, Towards native security defenses for the web ecosystem, Academics smuggle 234 policy-violating skills on the Alexa Skills Store, Apple Security Research Device Program, and What is DevSecOps? Why it’s hard to do well!


Hosts

John Kinsella's Content:

Articles

Matt Alderman's Content:

Articles

Mike Shema's Content:

Articles