Asw123

From Security Weekly Wiki
Jump to navigationJump to search

Application Security Weekly Episode #123 - September 28, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Difference Between Finding Vulns & Securing Apps - 12:30 PM-01:00 PM


Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration will open soon, but call for speakers is now open. Visit securityweekly.com/unlocked to submit your speaking session.

Description

There's a big difference between finding vulns and securing apps. When we hear the phrase "shift left", what are we actually shifting? Maybe there's something more that security can learn when we look at the vulns popularized by the OWASP Top 10 and the major breaches DevOps teams are dealing with in cloud environments.


Egregious Eleven Deep Dive: https://cloudsecurityalliance.org/artifacts/top-threats-egregious-11-deep-dive


Hosts

John Kinsella's Content:

Template:ASW123TopicJohnKinsella

Matt Alderman's Content:

Template:ASW123TopicMattAlderman

Mike Shema's Content:

Template:ASW123TopicMikeShema


2. Bypassing TikTok's MFA, Instragram RCE, & Chrome Security Updates - 01:00 PM-01:30 PM


Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, or join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

6 Things to Know About the Microsoft 'Zerologon' Flaw, You can bypass TikTok's MFA by logging in via a browser, Instagram RCE: Code Execution Vulnerability in Instagram App for Android and iOS, Shopify discloses security incident caused by two rogue employees, and Microsoft Advances DevOps Agenda!


Hosts

John Kinsella's Content:

Articles

Matt Alderman's Content:

Articles

Mike Shema's Content:

Articles