TaskRouter JS SDK, EL1/EL3 Vulnerability, & 234 Alexa Skills Store Violations – ASW #116

July 27, 2020

TaskRouter JS SDK Security Incident, Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Read-Only Path Traversal Vulnerability, An EL1/EL3 coldboot vulnerability affecting 7 years of LG Android devices, Towards native security defenses for the web ecosystem, Academics smuggle 234 policy-violating skills on the Alexa Skills Store, Apple Security Research Device Program, and What is DevSecOps? Why it's hard to do well!

Full episode and show notes

Announcements

Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Mike Shema

Security Partner at Square

John Kinsella

Co-founder & CTO at Cysense

1. The journey of getting a vuln fixed at google - need to change segment

Matt Alderman

Executive Director at CyberRisk Alliance

Application security

More Fuzzing, a Decade of OT Security, & Top Threats to Cloud Computing – ASW #202

June 27, 2022

This week in the AppSec News: Lessons learned from fuzzing, OT:ICEFALL report on insecure designs, CSA's Top Threats to Cloud Computing, Twitter apologizes for misusing data collection, & State of Open Source Security report!

Application security

How GraphQL & Template Injection Threats Influence App Architectures – Mike Benjamin – ASW #202

June 27, 2022

Both GraphQL and template engines have the potential for injection attacks, from potentially exposing data due to weak authorization in APIs to the slew of OGNL-related vulns in Java this past year. We take a look at both of these technologies in order to understand the similarities in what could go...

Application security

IE11 Goes to Zero — A History of Browser Security and Bug Bounties – ASW #201

June 21, 2022

IE has gone to 11 and is no more. There's some notable history related to IE11 and bug bounty programs. In 2008, Katie Moussouris and others from Microsoft announced their vulnerability disclosure program. In 2013 this evolved into a bug bounty program piloted with IE11, with award ranges from $500 ...

TaskRouter JS SDK, EL1/EL3 Vulnerability, & 234 Alexa Skills Store Violations – ASW #116

Announcements

Hosts

Related

More Fuzzing, a Decade of OT Security, & Top Threats to Cloud Computing – ASW #202

How GraphQL & Template Injection Threats Influence App Architectures – Mike Benjamin – ASW #202

IE11 Goes to Zero — A History of Browser Security and Bug Bounties – ASW #201