Security Weekly
Application Security WeeklySubscribe
Application security, DevSecOps

Google Play Bug, GitHub, iPhone Radio Reboots, & Docker Hub Vulns – ASW #133

An old security bug in the Play library still affects 8% of apps in Google Play, Project Zero researcher spends six months to reboot an iPhone (in an epic manner), GitHub looks at the security of repos within its Octoverse, the OWASP Web Security Testing Guide gets a minor bump, and XS-Leaks get more attention.

Full episode and show notes

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Mike Shema
Mike Shema
Tech Lead at Block
  1. 1. 8% of all Google Play apps vulnerable to old security bug
    that demonstrates once again the software supply chain challenge of applying updates that software vendors supply.
  2. 2. Project Zero: An iOS zero-click radio proximity exploit odyssey
    is an epic read about the saga of radio, protocols, buffers, and surprising swarms of susceptible software that didn't see it coming.
  3. 3. OWASP Web Security Testing Guide – v4.2
    this version must be the answer to life, the universe, and everything you wanted to know about web security testing!
  4. 4. Cross-site leaks wiki
    describes a vuln that's truly cross-site and truly sneaky. And, if you'd like to dive deeper into configuring effective site policies to protect your web app, check "Reining in the Web’s Inconsistencies with Site Policy" at https://publications.cispa.saarland/3214/7/calzavara2021reining.pdf
  5. 5. The State of the Octoverse
    supplies a perspective on open source and security as seen by GitHub and shared with all of us.
  6. 6. Open source software security vulnerabilities exist for over four years before detection
    which is the other headline you could give to GitHub's State of the Octoverse.
  7. 7. Antipatterns That Hurt DevOps Implementations
    might sound familiar and, fortunately, also sound like they can be turned into constructive collaboration.
John Kinsella
John Kinsella
Co-founder & CTO at Cysense
Matt Alderman
Matt Alderman
VP, Product at Living Security
  1. 1. Cloud Security Spending to Grow 250.3% in 2021: Gartner
  2. 2. Half of all Docker Hub images have at least one critical vulnerability
  3. 3. Five myths of DevOps in the enterprise
  4. 4. Kubernetes Security Best Practices – Security Boulevard

Related

All the News — Just Six Months Later – ASW #265

We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays a...