Security Weekly
Application Security WeeklySubscribe

The Dark Data – ASW #73

Full Audio

View Show Index

Segments

1. Bugs, Breaches, and More! – ASW #73

CVE-2019-1162 showcases elevation of privilege in an ancient Windows component. HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS. We talked more about ephemeral access and SSH in episode 71, Polaris Points the Way to Kubernetes Best Practices, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73

Hosts

Senior Engineering Leader at AWS
Chief Product Officer at CyberSaint

Related

Threat Modeling and Understanding Inherent Threats – Adam Shostack – ESW #359

This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the subject. Adam recently released a whitepaper that focuses on and defines inherent threats. Resources: ...
How GenAI Can Improve SecOps – Ely Kahn – ESW #359

We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some of the use cases are obvious, while others were a complete surprise to me. Check out this episode if...