Application Security Weekly Subscribe

A Mixture of Spices – Application Security Weekly #30

August 28, 2018

This week, Keith and Paul discuss The Apache Struts2 RCE Vulnerability! In the news, Using Signal Sciences to defend against Apache Struts, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, Burp Suite 2.0 Beta released, even anonymous coders leave fingerprints, and more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Visit https://www.securityweekly.com/asw for all the latest episodes! Visit https://www.activecountermeasures/asw to sign up for a demo or buy our AI Hunter! ?Visit our website: https://www.securityweekly.com ?Follow us on Twitter: https://www.twitter.com/securityweekly ?Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. The Apache Struts2 RCE Vulnerability –

Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover: - CVE-2018-11776

- How the 3 Ways of DevOps can guide us toward better security practices

- Shared Version Control

- Test Environments

- Shared Ticketing

- ChatOps

- Buying Time

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30

Hosts

Keith Hoodlet

Keith Hoodlet

Principal Security Specialist at GitHub

Paul Asadoorian

Paul Asadoorian

Founder at Security Weekly

https://securityweekly.com

2. Fortnite, Netflix, & Black Hat –

In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30

Host

Keith Hoodlet

Keith Hoodlet

Principal Security Specialist at GitHub

3. Fortnite, Netflix, & Black Hat – Application Security Weekly #30

In the Application security news, 'Fortnite' developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes flat, hacking Black Hat, Burp Suite 2.0 Beta released, Windows 95 running in Electron, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly

Host

Keith Hoodlet

Keith Hoodlet

Principal Security Specialist at GitHub

4. The Apache Struts2 RCE Vulnerability – Application Security Weekly #30

Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover: - CVE-2018-11776 - How the 3 Ways of DevOps can guide us toward better security practices - Shared Version Control - Test Environments - Shared Ticketing - ChatOps - Buying Time Full Show Notes: https://wiki.securityweekly.com/ASW_Episode30 Follow us on Twitter: https://www.twitter.com/securityweekly

Host

Keith Hoodlet

Keith Hoodlet

Principal Security Specialist at GitHub

Related

Vulnerability Management

Q*, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Aaran Leyland, and More – SWN #347

December 8, 2023

Q*, Water Wars, Unitronics, SLAM, Bluetooth, Cold Fusion, Google Drive, Push notifications, Aaran Leyland, and More News on the Security Weekly News.

Vulnerability Management

Lessons from 10 years running the first cyber-exclusive investment firm – Bob Ackerman – ESW #342

December 7, 2023

Bob Ackerman argues that, from an investment perspective, cybersecurity is like life sciences - a complex, nuanced field that is difficult field to invest in part-time. So his firm, Allegis Cyber, became one of the first to focus exclusively on investing in cyber startups. In this segment, we'll discuss one of Allegis's recent investments, SixMap, ...

Carbon Black’s Solo Venture, Cybersecurity in Space, Rethinking Human Error, & More! – ESW #342

December 7, 2023

This week in the enterprise news, we explore the harsh realities of the startup world with a look at recent failures and shutdowns, investigating the factors leading to these setbacks. Meanwhile, Carbon Black makes headlines by breaking away from VMware in what seems like a divestiture within an acquisition, raising questions about the future of th...