Asw124
Application Security Weekly Episode #124 - October 05, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Things Every Developer Should Know About Security - 12:30 PM-01:00 PM
Announcements
-
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
-
It’s official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly’s 15th Anniversary. Registration and call for speakers is now open. Visit securityweekly.com/unlocked to submit your speaking session and register for free!
Description
Developers are at the center of properly securing applications. A large number of security issues bury developers. We must understand the things every developer must know about security in order to help them. We must practice developer empathy, walking a mile in their shoes.
Guest(s)
Chris Romeo
Chris Romeo is CEO at Security Journey
Chris Romeo is CEO and co-founder of Security Journey, building security culture influencing education. His passion is to bring security culture change to all organizations, large and small, by creating and designing gamified security programs. Chris is a highly rated industry speaker and trainer, featured at RSA Conference, OWASP Global AppSec, and ISC2 Security Congress. Chris was the Chief Security Advocate at Cisco for five years, empowering engineers to shift security left in all products at Cisco and led Cisco’s security belt program (Cisco Security Ninja). Chris has twenty-three years of security experience, holding positions across the gamut, including application security, security engineering, and incident response. Chris holds the CISSP and CSSLP certifications.
Hosts
John Kinsella - Vice President of Container Security at Qualys 
Matt Alderman - CEO at Security Weekly 
Mike Shema - Product Security Lead at Square
2. DOMOS 5.8 OS Command Injection, API Shield, & TRB245 Vulnerabilities - 01:00 PM-01:30 PM
Announcements
-
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
-
In our October 22nd technical training, we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed! On October 28th, learn how to build an integrated security platform in our webcast at 3pm ET! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Description
DOMOS 5.8 - OS Command Injection, 4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies, Google sets up research grant for finding bugs in browser JavaScript engines, Announcing the launch of the Android Partner Vulnerability Initiative, and more!
Hosts
John Kinsella's Content:
Articles
Matt Alderman's Content:
Articles
Mike Shema's Content:
Articles
- DOMOS 5.8 - OS Command Injection demonstrates that even a hardened OS is only a semi-colon away from being compromised due to misuse and mistake.
- Teltonika Gateway TRB245 Multiple Vulnerabilities demonstrates how far we still have to go to stamp out SSRF, XSS, CSRF, and (our favorite) directory traversal.
- 4G, 5G networks could be vulnerable to exploit due to ‘mishmash’ of old technologies demonstrates how mismatched security assumptions and barriers make mixed-protocol networks hard to protect. From a Black Hat Asia presentation.
- Code scanning is now available! and demonstrates the success Microsoft is having with incorporating their acquisition of Semmle into GitHub.
- Announcing the launch of the Android Partner Vulnerability Initiative demonstrates the expansion of Google's security attention to its Android supply chain.
- Google sets up research grant for finding bugs in browser JavaScript engines demonstrates the expansion of Google's fuzzing attention to the most notorious vectors for violating browsers.
- Introducing API Shield demonstrates how important API traffic is to all the apps we use.
