Breach Disclosures, SSRF in Azure, Integer Flaws, Top 10 Web Hacking Techniques – ASW #226
Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022
This article is part supply-chain related, part deep-dive into GPU memory management, part one large corp taking a dig at another large corp that has a history of punching people in the nose over security disclosure timelines. But really, a good deep dive on android security and GPU memory management.
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on Dec 13, 2022.
Threat modeling is an important part of a security program, but as companies grow you will choose which features you want to threat model or become a bottleneck. What if I told you, you can have your cake and eat...
We've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positives. Sometimes it burdens us with too many issues. We talk about finding a scanning strategy that works well and what the definition of "works well" should even be.