Application Security Weekly Subscribe

Application security, DevSecOps

Platform Firmware Security – Maggie Jauregui – ASW #160

August 2, 2021

Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: - https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/ - https://www.helpnetsecurity.com/2020/09/28/hardware-security-challenges/ - https://darkreading.com/application-security/4-open-source-tools-to-add-to-your-security-arsenal - https://chipsec.github.io Hardware Hacking created by Maggie: https://securityweekly.com/wp-content/uploads/2021/08/eArt-2.png

Full episode and show notes

Announcements

CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
SC Media debuts its all-new SC digital experience, fully integrated with Security Weekly podcast content and more. The new site increases the scope and scale of original content resources from editorial staff, contributors, and the far-reaching CyberRisk Alliance network. Visit www.scmagazine.com to check out the new look!

Guest

Maggie Jauregui

Maggie Jauregui

Offensive Security Researcher at Intel

Maggie Jauregui is a firmware and hardware security researcher for Intel’s Programmable Solutions Group. Maggie is part of the Black Hat USA review board and President of Security BSides Portland, the non-profit organization that puts together BSidesPDX. Throughout her career, Maggie has presented her research and delivered technical training on firmware and low level platform security topics at conferences such as DEF CON, Black Hat, CanSecWest, DerbyCon, NULLCON, hardwear.io, OSFC, and BSidesTLV.

Hosts

Mike Shema

Mike Shema

Tech Lead at Block

John Kinsella

John Kinsella

Co-founder & CTO at Cysense

Related

Application security

All the News — Just Six Months Later – ASW #265

December 4, 2023

We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays a...

Application security

Extracting Data from ChatGPT, Vulns Around AI, Secure AI Guidance, LogoFAIL, BLUFFS – ASW #265

December 4, 2023

Repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more!

Application security

Starting with Appsec — Is It More of a Position or a Process? – ASW #264

November 27, 2023

This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need for an appsec team? Or has it turned into specializations for areas like cloud security and bug bount...