- 1 Application Security Weekly Episode #129 - November 09, 2020
- 2 1. China's Top Hacking Contest, GitHub Actions, & Vulnonym - 12:30 PM-01:00 PM
- 3 2. Security Is a Feature - 01:00 PM-01:30 PM
Application Security Weekly Episode #129 - November 09, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. China's Top Hacking Contest, GitHub Actions, & Vulnonym - 12:30 PM-01:00 PM
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
In our upcoming webcasts & technical trainings, you will learn why you should stop trying to discover & classify data, how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!
China's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software from multiple vendors, and CVE naming turns into wibbly wobbly timey wimey stuff!
John Kinsella's Content:
Matt Alderman's Content:
- Bug Bounty Hunters' Pro Tips on Chasing Vulns & Money
- Containers for Data Analysis Are Rife With Vulnerabilities
Mike Shema's Content:
- Windows 10, iOS, Chrome, and many others fall at China's top hacking contest, which means a another steep climb for prompt patching.
- Google Project Zero to GitHub: You've had 104 days to sort out injection vuln – now we're telling world-plus-dog reveals the Project Zero report on GitHub actions that sheds more light on why GitHub is deprecating set-env and add-path commands and why you should pay attention to Security hardening for GitHub Actions
- Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 provides a chance to talk with DevOps teams about hardening systems and improving detections for post-compromise activities.
- INJ3CTOR3 Operation – Leveraging Asterisk Servers for Monetization also provides a chance to talk with DevOps teams about subtleties of PHP security and understanding post-compromise activities.
- NASA’s new rocket would be the most powerful ever. But it’s the software that has some officials worried. And while the consequence of failure are far more consequential, the challenges are far more familiar. Even the minutes of the meeting feel grounded in security and DevOps discussions.
- Vulnonym: Stop the Naming Madness! seems to misdiagnose the problem by making vuln names more maddening to memorize. Maybe more meaningful methods might make messaging more memorable.
2. Security Is a Feature - 01:00 PM-01:30 PM
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!
What does it take to manage security teams and security initiatives? Find out the importance of people in security, whether it's keeping a team engaged or encouraging a team to rethink how they approach security.
Keith's appearance on PSW #564: https://youtu.be/9r0-Sga2bEg
PSW #564 Show Notes: https://wiki.securityweekly.com/Episode564
Keith Hoodlet is Senior Manager, Application Experience at Thermo Fisher Scientific
Keith Hoodlet is the Senior Manager of Application Experience within Corporate Information Security at Thermo Fisher Scientific - a global enterprise seeking to make the world healthier, cleaner, and safer. Named as one of the world's 50 Influential DevSecOps Professionals), Keith has worked on projects such as the Application Security Weekly podcast (episodes 0 - 55), as well as the renewed InfoSec Mentors Project where he acts as Founder and CTO; Keith is also known for his work as an ethical hacker and Top 200 security researcher / MVP on the Bugcrowd platform.