Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper – ASW #131
In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!
Hosts
- 1. Threat Modeling Manifesto
- 2. Drupal sites vulnerable to double-extension attacks
- 3. Botnets have been silently mass-scanning the internet for unsecured ENV files
- 4. DevSecOps Implementation: Source Composition Analysis – DevOps.com
- 5. Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs – Microsoft Security
- 6. Announcing the Cloud Native Security White Paper
- 7. PhD Thesis: Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
