- 1 Application Security Weekly Episode #130 - November 16, 2020
- 2 1. Automated Hacker Knowledge - 12:30 PM-01:00 PM
- 3 2. 'Platypus' Attack, IDOR DOD Bug, & 2 More Chrome 0-Days - 01:00 PM-01:30 PM
Application Security Weekly Episode #130 - November 16, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Automated Hacker Knowledge - 12:30 PM-01:00 PM
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!
In a fast-paced tech environment, keeping up with security research can be overwhelming for companies. Automation is a must to keep up - but you also need human ingenuity to make sure automation adds value and not noise. Combining software automation with the knowledge of elite hackers is the key to ensure both speed and relevance.
This segment is sponsored by Detectify.
Detectify is led by entrepreneurial tech nerd Rickard Carlsson. As one of the co-founders, Rickard has grown Detectify from a group of ethical hackers with an idea on how to make the internet safer, to an international industry challenger that's 140+ people strong. Combining software automation with the knowledge of elite hackers and scaling it to the masses, Detectify makes security a collaborative effort that changes traditional ways of working.
Rickard has a background in tech and management consulting, and has lived and worked in Sweden, India and the US.
John Kinsella - Chief Architect at Accurics Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. 'Platypus' Attack, IDOR DOD Bug, & 2 More Chrome 0-Days - 01:00 PM-01:30 PM
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
In our upcoming webcasts & technical trainings, you will learn how to thwart attackers using deception & how to build a risk-based vulnerability management program! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!
In the Application Security News, The Platypus Attack Threatens Intel SGX, a Revitalized Attack Makes for Sad DNS, Bug Hunter Hits DOD With an IDOR, Steps for Devops, Testing in Prod, Two More Chrome Bugs, and Open Source K8s Tools From Capital One!
John Kinsella's Content:
Matt Alderman's Content:
- Web Application Threat! U.S. Retailers More Vulnerable than European Counterparts
- Seven Steps to defining the art of the possible in DevOps
Mike Shema's Content:
- One more reason for Apple to dump Intel processors: Another SGX, kernel data-leak flaw unearthed by experts who promptly named it the Platypus attack.
- DNS cache poisoning poised for a comeback: Sad DNS gives us another named attack! Here's another easily understood write-up.
- Bug hunter wins 'Researcher of the Month' award for DOD account takeover bug with an IDOR that bypassed authorization checks.
- Testing in Production 101 make us wonder if confidence in testing in prod gives confidence that code is resilient and easily adaptable -- properties that can be really good for security.
- 2 More Google Chrome Zero-Days Under Active Exploitation makes us wonder how best to think of properties of vulns that have no name.
- Facebook link preview feature used as a proxy in website-scraping scheme makes us think of this discussion in episode 128.
- How to Maintain Compliance — At the Speed of Kubernetes makes us happy to see more open source tools!