- 1 Application Security Weekly Episode #126 - October 19, 2020
- 2 1. The Future of Application Security Testing (AST) - 12:30 PM-01:00 PM
- 3 2. Windows "Ping of Death", SonicWall VPN RCE , & MediaTek BootROM Glitch - 01:00 PM-01:30 PM
Application Security Weekly Episode #126 - October 19, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. The Future of Application Security Testing (AST) - 12:30 PM-01:00 PM
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!
Join Taylor McCaslin, Security Product Manager at GitLab to discuss current trends in the application security testing industry. We'll chat about where the industry is at today and discuss advances in the field and what the future might hold. We've seen an explosion of security offerings from traditional security testing vendors to general source code management platforms, we'll discuss current pain points and opportunities for developers, security experts, and executives navigating all these tools in their pursuit of building secure software. Topics will include SAST, data science, DevSecOps, "shift-left", and vulnerability management.
This segment is sponsored by GitLab.
Visit https://securityweekly.com/GitLab to learn more about them!
GitLab's DevSecOps Landscape 2020 Survey results: https://about.gitlab.com/developer-survey
Shifting Security Left with GitLab Video Overview: https://www.youtube.com/watch?v=XnYstHObqlA
DevSecOps with GitLab: https://about.gitlab.com/solutions/dev-sec-ops
Taylor McCaslin is Sr. Product Manager - Secure at GitLab
Taylor McCaslin (he/him) is a multi-disciplinary Investor, Product Manager, and Technologist living in Austin, Texas. Taylor works as a Senior Product Manager at GitLab focused on Security products. He is also the Founder of Product Trust Investments, an angel fund focused on impact investing with companies that build ethical products that customers trust. Since 2012 he has worked at enterprise-scale, hyper-growth technology companies including: New Knowledge, Duo Security, WP Engine, Indeed.com, Bazaarvoice. Taylor can be found geeking out with the latest Apple gadget, skiing, or enjoying the expansive Austin art scene. He also enjoys volunteering with local human rights and LGBTQ organizations around central Texas as well as mentoring young technologists looking to start careers in the tech.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. Windows "Ping of Death", SonicWall VPN RCE , & MediaTek BootROM Glitch - 01:00 PM-01:30 PM
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
Learn how to build an integrated security platform in our webcast on October 28th! On November 5th, we’ll show you how to build proper metrics and KPIs! Learn why you should stop trying to discover and classify data in our webcast on November 12th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Patch Your Windows - “Ping of Death” bug revealed, 800,000 SonicWall VPNs vulnerable to remote code execution bug, T2 Exploit Team Creates Cable That Hacks Mac, Zoom Rolling Out End-to-End Encryption, and 'BleedingTooth' Bluetooth flaw!
John Kinsella's Content:
Matt Alderman's Content:
Mike Shema's Content:
- Windows “Ping of Death” bug revealed – patch now! for CVE-2020-16898 and party like it's not even 1999 yet! You can find more details here.
- Google warns of severe 'BleedingTooth' Bluetooth flaw in Linux kernel in an advisory that maintains "BL..." branding for BlueTooth bugs.
- containerd v1.2.x can be coerced into leaking credentials during image pull shows what happens when a challenge/response becomes just a credential response.
- 800,000 SonicWall VPNs vulnerable to new remote code execution bug is (also) another creeping attack surface from security software.
- T2 exploit team demos a cable that hacks Mac without user intervention and dives into hardware security and secure boot systems.
- There’s A Hole In Your SoC: Glitching The MediaTek BootROM zaps another secure boot system.
- Zoom Rolling Out End-to-End Encryption Offering, which is a chance to read about the Signal Protocol and how other apps like Whatsapp use it.