Topics
Industry
Events
Podcasts
Research
Recognition
Leadership
Application Security WeeklySubscribe
DevOps, Hardware security, Firewall, Security research, Endpoint Security, Endpoint Security

ASW #86

November 26, 2019
Section 0

 

 

$1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail’s AMP4Email via DOM Clobbering, and much more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Application News

Bugs, Breaches, and More!
  • $1M Google Hacking Prize
  • 1.2B Records Exposed in Massive Server Leak
  • How Attackers Could Hijack Your Android Camera to Spy on You
  • XSS in GMail’s AMP4Email via DOM Clobbering
If you build it, they will come
  • Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service
Learning & Tools
  • What’s in a WAF?
  • Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner
Food for Thought
  • When You Know Too Much: Protecting Security Data from Security People

Hosts

John Kinsella

John Kinsella – Vice President of Container Security

Matt Alderman

Matt Alderman – CEO

Mike Shema

Mike Shema – Product Security Lead

Guests

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
http://traffic.libsyn.com/sw-all/ASW_86_-_Application_News_correct-0_converted.mp3
Section 1

 

 

Tim Mackey is the Principal Security Strategist at Synopsys. Measuring the risk of those decisions isn’t something contained within a single tool, but instead requires a set of perspectives on how a “bad decision” can manifest itself in the security of the app.

To learn more about Synopsys, visit: https://securityweekly.com/synopsys

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Development Decisions Affect The Security Of Any Application

Hosts

John Kinsella

John Kinsella – Vice President of Container Security

Matt Alderman

Matt Alderman – CEO

Mike Shema

Mike Shema – Product Security Lead

Guests

Tim Mackey

Tim Mackey – Principal Security Strategist

Announcements

  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
http://traffic.libsyn.com/sw-all/ASW_86_-_Tim_Mackey_Synopsys-0_converted.mp3

Related

DevOps
Security is the top challenge to cloud-native development, IT pros say

Steve ZurierMay 4, 2022

Tigera research reports that 96% of respondents say challenges with deployment of cloud-native apps has slowed down deployment cycles.

DevOps
GitHub requires all coders to use 2FA by end of 2023

Steve ZurierMay 4, 2022

GitHub says the industry must do better as only 16.5% of active GitHub developers use one or more forms of 2FA.

DevOps
Buoyant partnership to present cloud technology courses at KubeCon EU

Steve ZurierMay 2, 2022

Live online courses aimed to give security pros in the U.S. a chance to view some or the KubeCon EU sessions.

prestitial ad

About Us
SC MediaCyberRisk AllianceContact UsCareersPrivacy
Get Involved
SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us
Explore
Product reviewsResearchWhite papersWebcastsPodcasts

Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.