Application Security Weekly Subscribe

Cloud Security, Vulnerability Management

The Notorious Bucket – ASW #78

September 30, 2019

This week, we welcome Ryan Kelso, Application Security Engineer at 10-Sec, Inc., to discuss Information Disclosure Vulnerabilities! In the Application Security News, Threat Actors Use Percentage-Based URL Encoding to Bypass Email Gateways, Intelligent Tracking Prevention 2.3 and a discussion to Limit the length of the Referer header with some background on Browser Side Channels, Serverless Security Threats Loom as Enterprises Go Cloud Native, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78 Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Information Disclosure Vulnerabilities – Ryan Kelso – ASW #78

Ryan Kelso is the Application Security Engineer at 10-Sec, Inc. Former developer turned application security engineer with a passion for giving back to the security community that has helped me out tremendously with getting into this field. Information disclosures traditionally aren't seen as high priority fixes, but can be pretty important in an exploitation chain. The more information provided to an attacker, the better equipped that attacker is.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78

Guest

Ryan Kelso

Ryan Kelso

Application Security Engineer at 10-Sec, Inc.

Ryan Kelso is a former developer turned application security engineer with a passion for giving back to the security community that has helped him out tremendously with getting into this field.

Hosts

Beau Bullock

Beau Bullock

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/beau-bullock/

Matt Alderman

Matt Alderman

VP, Product at Living Security

Mike Shema

Mike Shema

Tech Lead at Block

2. Application News – ASW #78

Threat Actors Use Percentage-Based URL Encoding to Bypass Email Gateways, Intelligent Tracking Prevention 2.3 and a discussion to Limit the length of the Referer header with some background on Browser Side Channels, Serverless Security Threats Loom as Enterprises Go Cloud Native, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78

Hosts

Beau Bullock

Beau Bullock

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/beau-bullock/

Matt Alderman

Matt Alderman

VP, Product at Living Security

Mike Shema

Mike Shema

Tech Lead at Block

Related

Massive valuations and acquisitions – Cato, Cisco, Splunk & SentinelOne! – ESW #332

September 21, 2023

This week we talk about finding, acquisitions and the state of the market. If you're interested in cybersecurity market discussion, this is the episode for you. We also discuss what makes a cybersecurity influencer.

2024 Security Planning with Forrester – Merritt Maxim – ESW #332

September 21, 2023

Forrester Research releases a few annual reoccurring cybersecurity reports, but one of the biggest that covers the most ground is the Security Risk Planning Guide, which was recently released for 2024. One of the report's 17 authors, and research director, Merritt Maxim, will walk us through the report's most interesting insights and highlights. Th...

Broadening What We Call AppSec – Christien Rioux – ASW Vault

September 4, 2023

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the we...