- 1 Application Security Weekly Episode #122 - September 21, 2020
- 2 1. Visualizing & Detecting Threats For Your Custom Application - 12:30 PM-01:00 PM
- 3 2. Project OneFuzz, Bluetooth Spoofing Bug, & Safeguarding Secrets - 01:00 PM-01:30 PM
Application Security Weekly Episode #122 - September 21, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Visualizing & Detecting Threats For Your Custom Application - 12:30 PM-01:00 PM
BSides Boston is back in action for their 10 year anniversary! The conference will be held on Saturday, September 26th & tickets are only $10! Get yours at https://bsidesbos.org! Some of the Security Weekly team will be in our own channel on the BSides Boston Discord server answering questions and possibly doing some contests!
It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration will open soon, but call for speakers is now open. Visit securityweekly.com/unlocked to submit your speaking session.
Application logs are critical to DevOps teams for monitoring the performance and health of their apps. Those same logs are just as critical to understanding the security of apps, whether detecting attacks or responding to them. So, it's important that app logs contain the information needed for teams to collect useful signals and make informed decisions.
This segment is sponsored by Datadog.
Visit https://securityweekly.com/datadog to learn more about them!
Justin Massey is Product Manager, Security Monitoring at Datadog
Justin Massey is a Product Manager at Datadog. His background in managing the technical operations of an MSP led him to discovering weaknesses in many businesses’ networks and applications. After leaving the MSP, he transitioned into the role of penetration tester and application security engineer to identify the weaknesses before the attackers. Justin’s current focus is building real time threat detection products for custom applications and cloud environments.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. Project OneFuzz, Bluetooth Spoofing Bug, & Safeguarding Secrets - 01:00 PM-01:30 PM
Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In our next webcast you will learn how to reduce the blast radius of your cloud infrastructure! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale, Bluetooth Spoofing Bug Affects Billions of IoT Devices, Firefox bug lets you hijack nearby mobile browsers via WiFi, Safeguarding Secrets Within the Pipeline, and more!
John Kinsella's Content:
Matt Alderman's Content:
Mike Shema's Content:
- Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale that brings easily integrated fuzzing to your SDLC. Get started with their onefuzz project on GitHub.
- Bluetooth Spoofing Bug Affects Billions of IoT Devices, because Bluetooth Low Energy continues to get high scrutiny.
- Firefox bug lets you hijack nearby mobile browsers via WiFi, which may be particularly surprising for Android users who didn't even know their browser supported Simple Service Discovery Protocol (SSDP) and unsurprising to those who've been tracking SSDP-related DDoS named callstranger or atCloudflare.
- Oh, the Places You’ll Go! Finding Our Way Back from the Web Platform’s Ill-conceived Jaunts guides readers through the vulnerable APIs and attacks on websites and users that plague browsers, apps, and the features they support by default. Then when you're ready to switch from looking back to moving forward, check out the Web Application Security Working Group and peruse their meetings' minutes for the latest ideas on fixing these features.
- Safeguarding Secrets Within the Pipeline is always important at each step of the pipeline, which is also why it's nice to see that Now PowerShell's secrets tool preview supports Linux and macOS.
- Updating software in flight? The Air Force may be close. No details yet, but aerospace appsec is being aggressively agile about advancing automatic update abilities.
- When you browse Instagram and find former Australian Prime Minister Tony Abbott's passport number -- an entertaining read that demonstrates effective appsec analysis that requires no more complicated tools than using a browser's "Inspect Element".