Authentication Vulnerabilities – PSW #720

December 1, 2021

Sven will present common vulnerabilities and issues that arise when implementing authentication and authorization in web applications.

This segment is sponsored by Invicti.

Visit https://securityweekly.com/invicti to learn more about them!

Announcements

Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Guest

Sven Morgenroth

Security Researcher at Netsparker

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome’s XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.

Host

Paul Asadoorian

Founder at Security Weekly

0offset

https://securityweekly.com

Vulnerability management

Super(conductive) Graphene, Yandex Leak, No Fly Lists, & Thinkpad Servers – PSW #771

February 1, 2023

In the Security News for this week: defending against cleaning services, catastrophic mutating events and the future, myths and misconceptions, finding vulnerabilities in logs (And not log4j), SSRF leads to RCE with a PoC, SQLi with XSS bypasses WAF FTW, thinkpad as a server, RPC directory traversal for the win, just directory traversal for the win...

Vulnerability management

The Power of Purple Teaming: Using Runbooks to Standardize and Collaborate – Dan DeCloss – PSW #771

February 1, 2023

In a recent survey on purple teaming, 89 percent of respondents who had used the method deemed purple teaming activities “very important” to their security operations. Purple teaming exercises conducted regularly have the power to improve collaboration across teams, ensure issues are identified and remediated more proactively, and provide a means t...

Threat intelligence

The Trends and Future with Cloud (PaaS and IaaS) – Erik Hart – CSP #107

January 31, 2023

Join Erik Hart, CISO at Cushman & Wakefield, and Eden Naftali, CTO Operations at Wiz, for a discussion around key trends in the cloud with the rapid pace of innovation and new technologies in IaaS and PaaS. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them!