The Sky Is Falling – ASW #102
This week, we welcome Grant Ongers, Co-Founder of Secure Delivery, to discuss why "You re (probably) Doing AppSec Wrong"! In the Application Security News, Zoom is gaining lots of attention for flaws, Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak, 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. You’re (probably) Doing AppSec Wrong – Grant Ongers – ASW #102
Most security programs generally get in the way of delivery (if they don't, to all intents and purposes, prevent it altogether) and are probably also failing to provide the required level of actual security. This segment can try to look at why this is the case and how (in general terms) security and product teams can change this.
Guest
Grant Ongers is co-founder and one half of the bearded duo of Secure Delivery. Twenty-plus years in Ops, doing everything from running operational teams in global NOCs to managing mainframe and database systems. Teaching classes and consulting on ITIL, and running Prince 2 and King III projects to both the public and private sectors throughout the world.
Hosts
2. Zoom Flaws, ‘Zombie’ win32k Bug, & Inputscope – ASW #102
This week in the Application Security News, Zoom is gaining lots of attention for flaws and serves as a good exercise in threat modeling and communicating security trade-offs, Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak from the usual suspect of an S3 bucket for an unusual amount of sensitive data, 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope, and more!
Hosts
