From Security Weekly WikiJump to navigationJump to search
Application Security Weekly Episode #129 - November 09, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Application News - 01:00 PM-01:30 PM
Segment Description Coming Soon!
John Kinsella's Content:
Matt Alderman's Content:
- Bug Bounty Hunters' Pro Tips on Chasing Vulns & Money
- Containers for Data Analysis Are Rife With Vulnerabilities
Mike Shema's Content:
- Windows 10, iOS, Chrome, and many others fall at China's top hacking contest, which means a another steep climb for prompt patching.
- Google Project Zero to GitHub: You've had 104 days to sort out injection vuln – now we're telling world-plus-dog reveals the Project Zero report on GitHub actions that sheds more light on why GitHub is deprecating set-env and add-path commands and why you should pay attention to Security hardening for GitHub Actions
- Live off the Land? How About Bringing Your Own Island? An Overview of UNC1945 provides a chance to talk with DevOps teams about hardening systems and improving detections for post-compromise activities.
- INJ3CTOR3 Operation – Leveraging Asterisk Servers for Monetization also provides a chance to talk with DevOps teams about subtleties of PHP security and understanding post-compromise activities.
- NASA’s new rocket would be the most powerful ever. But it’s the software that has some officials worried. And while the consequence of failure are far more consequential, the challenges are far more familiar. Even the minutes of the meeting feel grounded in security and DevOps discussions.
- Vulnonym: Stop the Naming Madness! seems to misdiagnose the problem by making vuln names more maddening to memorize. Maybe more meaningful methods might make messaging more memorable.