From Security Weekly WikiJump to navigationJump to search
Application Security Weekly Episode 102 - 2020-04-06
- Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
- We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
- We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
- Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering - a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020
News - Articles - TBD
Mike Shema's Content:
- Zoom is gaining lots of attention for flaws and serves as a good exercise in threat modeling and communicating security trade-offs.
- Report: Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak from the usual suspect of an S3 bucket for an unusual amount of sensitive data.
- 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope.
- ‘Zombie’ Windows win32k bug reanimated by researcher with a new bug class for an ancient library.
- Attack matrix for Kubernetes for planning your product security focus.
- Want to Improve Cloud Security? It Starts with Logging and a set of questions to make logging effective.
Interview: You re (probably) doing AppSec Wrong - 6:00-6:45PM