Difference between revisions of "Asw131"
|Line 63:||Line 63:|
=== Description ===
=== Description ===
Revision as of 15:25, 23 November 2020
- 1 Application Security Weekly Episode #131 - November 23, 2020
- 2 1. Fuzz Testing! - 12:30 PM-01:00 PM
- 3 2. Application News - 01:00 PM-01:30 PM
Application Security Weekly Episode #131 - November 23, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Fuzz Testing! - 12:30 PM-01:00 PM
In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!
Segment Description Coming Soon!
Andrei Serban is Co-Founder at Fuzzbuzz
Andrei is the CEO and co-founder of Fuzzbuzz, a security startup based in San Francisco, that builds fuzz testing tools and infrastructure to help developers find severe vulnerabilities and bugs in their code with minimal effort. Today, Fuzzbuzz works with some of the largest tech companies to reduce the number of vulnerabilities that make it into production by enabling teams to fuzz test as part of their DevSecOps pipeline, finding bugs as soon as they get introduced.
Andrei studied Computer Science at University of Waterloo before dropping out to start Fuzzbuzz and accept the Thiel Fellowship.
Adrian Sanabria - Senior Research Engineer at CyberRisk Alliance John Kinsella - Chief Architect at Accurics Mike Shema - Product Security Lead at Square
2. Application News - 01:00 PM-01:30 PM
Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe
Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!
In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis.
Adrian Sanabria's Content:
John Kinsella's Content:
Mike Shema's Content:
- Threat Modeling Manifesto encourages more practical modeling with principles to make the results meaningful.
- Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters encourages a hybrid of human and automation approaches to discover and attack flaws in our code.
- Announcing the Cloud Native Security White Paper encourages an understanding of security principles and how to apply them to each phase of the cloud application lifecycle.
- Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs, which encourages more trusted boot and secure secret handling to better adhere to The Seven Properties of Highly Secure Devices.
- DevSecOps Implementation: Source Composition Analysis encourages a smart evaluation of how to control your software supply chain.
- Botnets have been silently mass-scanning the internet for unsecured ENV files encourages better storage of secrets outside of text files.
- Drupal sites vulnerable to double-extension attacks, encouraging us to remember that old vulns are destined for re-invention.