Application Security Weekly Subscribe

Application security, Email security, Leadership, Vulnerability Management

AWS S3 Crypto SDK, ReVoLTE Attack, & Microsoft Bug Bounties – ASW #118

August 17, 2020

Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware Boundaries Define Platform Security, How to make your security team more business savvy, and more!

Full episode and show notes

Announcements

Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Mike Shema

Mike Shema

Tech Lead at Block

John Kinsella

John Kinsella

Co-founder & CTO at Cysense

Matt Alderman

Matt Alderman

VP, Product at Living Security

Related

Application security

All the News — Just Six Months Later – ASW #265

December 4, 2023

We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays a...

Application security

Extracting Data from ChatGPT, Vulns Around AI, Secure AI Guidance, LogoFAIL, BLUFFS – ASW #265

December 4, 2023

Repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more!

Application security

Starting with Appsec — Is It More of a Position or a Process? – ASW #264

November 27, 2023

This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need for an appsec team? Or has it turned into specializations for areas like cloud security and bug bount...