$1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail’s AMP4Email via DOM Clobbering, and much more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Application News

Bugs, Breaches, and More!

• $1M Google Hacking Prize
• 1.2B Records Exposed in Massive Server Leak
• How Attackers Could Hijack Your Android Camera to Spy on You
• XSS in GMail’s AMP4Email via DOM Clobbering

If you build it, they will come

• Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service

Learning & Tools

• What’s in a WAF?
• Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner

Food for Thought

• When You Know Too Much: Protecting Security Data from Security People

Hosts

John Kinsella – Vice President of Container Security

Matt Alderman – CEO

Mike Shema – Product Security Lead

Guests

Announcements

• We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

 

 

Tim Mackey is the Principal Security Strategist at Synopsys. Measuring the risk of those decisions isn’t something contained within a single tool, but instead requires a set of perspectives on how a “bad decision” can manifest itself in the security of the app.

To learn more about Synopsys, visit: https://securityweekly.com/synopsys

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Development Decisions Affect The Security Of Any Application

Hosts

John Kinsella – Vice President of Container Security

Matt Alderman – CEO

Mike Shema – Product Security Lead

Guests

Tim Mackey – Principal Security Strategist

Announcements

• We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand