Application Security Weekly Subscribe

– ASW #75

September 9, 2019

Full Audio

View Show Index

Segments

1. Tools in the DevOps Pipeline: Ty Sbano, Sisense – Ty Sbano – ASW #75

Ty Sbano is the Cloud Chief Information Security Officer of Sisense. Ty will be discussing Tools in the DevOps Pipeline, Component Analysis, and Anything Application Security!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75

Guest

Ty Shano

Cloud Chief Information Security Officer at Sisense

Ty Sbano is the Cloud Chief Information Security Officer of Sisense.

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Chief Product Officer at CyberSaint

2. Bugs, Breaches, & More – ASW #75

A very deep dive into iOS Exploit chains found in the wild followed by Heap Exploit Development, Twitter turns off SMS texting after @Jack hijacking, CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim, 7 Steps to Web App Security, Fuzzing 101: Why Bug Hunters Still Love It After All These Years, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Chief Product Officer at CyberSaint

3. Tools in the DevOps Pipeline: Ty Sbano, Sisense – ASW #75

Ty Sbano is the Cloud Chief Information Security Officer of Sisense. Ty will be discussing Tools in the DevOps Pipeline, Component Analysis, and Anything Application Security! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75 Visit https://www.securityweekly.com/asw for all the latest episodes!

Related

Application security

OWASP Breach, Types of Prompt Injection, Device-Bound Sessions, ASVS & APIs – ASW #280

April 8, 2024

OWASP leaks resumes, defining different types of prompt injection, a secure design example in device-bound sessions, turning an ASVS requirement into practice, Ivanti has its 2000s-era Microsoft moment, HTTP/2 CONTINUATION flood, and more!

Application security

Lessons That The XZ Utils Backdoor Spells Out – Farshad Abasi – ASW #280

April 8, 2024

We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software devel...

Application security

Infosec Myths, Mistakes, and Misconceptions – Adrian Sanabria – ASW #279

April 1, 2024

Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old data, irrelevant data, or made up data. Adrian Sanabria walks through some of the archeological work he's done to dig up the source of some myths. We talk about some of our favorite (as in most dislik...