The Iceberg Problem – Application Security Weekly #45

This week, Keith and Paul interview Ken Johnson, Application Security Engineer at GitHub! Ken joins us to discuss approaching AppSec the right way, "running a scanner without context", getting the right context/importance of context, and how to figure what's real and what's legit! In the Application Security News, Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and more!   Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Visit https://www.securityweekly.com/asw for all the latest episodes!   Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Ken Johnson, GitHub –

Ken Johnson has been hacking web applications professionally for 10 years and giving security training for 7 of those years. Ken is both a breaker and builder who currently works on the GitHub application security team. Ken explains approaching appsec the right way, "running a scanner without context", getting the right context/importance of context, and how do you figure what's real and what's legit?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45

Hosts

Keith Hoodlet
Keith Hoodlet
Application Security Manager at Thermo Fisher Scientific
Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly

2. WordPress, Silicon Valley, and Hijacking –

Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and UnCaptcha2.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45

Hosts

Keith Hoodlet
Keith Hoodlet
Application Security Manager at Thermo Fisher Scientific
Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
prestitial ad