- 1 Application Security Weekly Episode #125 - October 12, 2020
- 2 1. Application Security Best Practices - 12:30 PM-01:00 PM
- 3 2. Fortinet SIEM RCE, Facebook Bug Bounty, & Anti-Virus Vulnerabilities - 01:00 PM-01:30 PM
Application Security Weekly Episode #125 - October 12, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Application Security Best Practices - 12:30 PM-01:00 PM
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Managing passwords is a critical developer task. Developers tasked with building or augmenting legacy authentication systems have a daunting task when facing modern adversaries. This session will review some of the changes suggested in NIST SP800-63b the "Digital Identity Guideline on Authentication and Lifecycle Management regarding password policy".
Digital Identity Guidelines: https://pages.nist.gov/800-63-3/
James Manico is CEO at Manicode Security
Jim Manico is the founder of Manicode Security where he trains software developers on secure coding and security engineering. He is also an investor/advisor for BitDiscovery, Nucleus Security, Secure Circle, CESPPA and Signal Sciences. Jim is a frequent speaker on secure software practices, is a member of the Java Champion community, and is the author of "Iron-Clad Java: Building Secure Web Applications" from Oracle Press. Jim also volunteers for the OWASP foundation as the project co-lead for the OWASP Application Security Verification Standard and the OWASP Proactive Controls.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. Fortinet SIEM RCE, Facebook Bug Bounty, & Anti-Virus Vulnerabilities - 01:00 PM-01:30 PM
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration and call for speakers is now open. Deadline for CFP is 10/15/20 so get your submissions in! Visit securityweekly.com/unlocked to submit your speaking session and register for free!
John Kinsella's Content:
Matt Alderman's Content:
Mike Shema's Content:
- Smart male chastity lock...flaw triggers plenty of headline puns, but underneath the giggling is a more serious discussion of device security, privacy, and vulnerability disclosure programs.
- Facebook Bug Bounty announces Hacker Plus to incentivize quality reports with bounty bonuses.
- We Hacked Apple for 3 Months: Here’s What We Found when five researchers discovered 55 vulns and have received $288,500 for 32 of them so far.
- Fortinet SIEM vulnerability allows us to get RCE on internet exposed hosts reminds us that security tools also expand attack surface.
- Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower? points out basic filesystem flaws in permissions and mismatched time of check to time of use assumptions.
- Chrome changes how its cache system works to improve privacy and remind us that appsec benefits from architecture changes more than fixing individual flaws.