Application Security Weekly Subscribe

Cloud Security, Vulnerability Management

The Notorious Bucket – ASW #78

September 30, 2019

This week, we welcome Ryan Kelso, Application Security Engineer at 10-Sec, Inc., to discuss Information Disclosure Vulnerabilities! In the Application Security News, Threat Actors Use Percentage-Based URL Encoding to Bypass Email Gateways, Intelligent Tracking Prevention 2.3 and a discussion to Limit the length of the Referer header with some background on Browser Side Channels, Serverless Security Threats Loom as Enterprises Go Cloud Native, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78 Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Information Disclosure Vulnerabilities – Ryan Kelso – ASW #78

Ryan Kelso is the Application Security Engineer at 10-Sec, Inc. Former developer turned application security engineer with a passion for giving back to the security community that has helped me out tremendously with getting into this field. Information disclosures traditionally aren't seen as high priority fixes, but can be pretty important in an exploitation chain. The more information provided to an attacker, the better equipped that attacker is.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78

Guest

Ryan Kelso

Ryan Kelso

Application Security Engineer at 10-Sec, Inc.

Ryan Kelso is a former developer turned application security engineer with a passion for giving back to the security community that has helped him out tremendously with getting into this field.

Hosts

Beau Bullock

Beau Bullock

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/beau-bullock/

Matt Alderman

Matt Alderman

VP, Product at Living Security

Mike Shema

Mike Shema

Tech Lead at Block

2. Application News – ASW #78

Threat Actors Use Percentage-Based URL Encoding to Bypass Email Gateways, Intelligent Tracking Prevention 2.3 and a discussion to Limit the length of the Referer header with some background on Browser Side Channels, Serverless Security Threats Loom as Enterprises Go Cloud Native, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78

Hosts

Beau Bullock

Beau Bullock

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/beau-bullock/

Matt Alderman

Matt Alderman

VP, Product at Living Security

Mike Shema

Mike Shema

Tech Lead at Block

Related

Building Security from Scratch: One Year as CISO at a Start-up – Guillaume Ross – BSW Vault

November 20, 2023

We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge. Segment Resources: Full session at the upcoming GoSec ...

New security startups, Stamos and Krebs go to SentinelOne, NY takes cyber seriously – ESW #340

November 16, 2023

Finally, in the enterprise security news, Lots of new security startups with early stage funding SentinelOne picks up Chris Krebs and Alex Stamos’s consulting firm PE firm picks up ActiveState - a company I haven’t thought about since I last downloaded ActiveState Perl 1000 years ago Microsoft announces the limited release of Security Copilot Se...

Palo Alto buys Talon, the changing world of security exits, 6 Qs to ask your CISO – ESW #339

November 9, 2023

During the news today, we went deep down the rabbithole of discussing security product efficacy. Adrian still doesn't believe in enterprise browsers beyond Google Chrome, but can't deny that Talon got a pretty favorable exit considering the state of the market. We see the first major exit for cybersecurity insuretechs, and discuss a few notable fun...