The Apache Struts2 RCE Vulnerability – Application Security Weekly #30
August 28, 2018
Keith Hoodlet and Paul Asadoorian talk about The Apache Struts2 RCE Vulnerability. They cover: - CVE-2018-11776
- How the 3 Ways of DevOps can guide us toward better security practices
- Shared Version Control
- Test Environments
- Shared Ticketing
- Buying Time
Full Show Notes
Follow us on Twitter: https://www.twitter.com/securityweekly
[caption id="attachment_210" align="alignleft" width="120"] Paul Asadorian is a CEO at Security Weekly.[/caption]
[caption id="attachment_210" align="alignleft" width="120"] Keith Hoodlet is a Application Security Manager at Thermo Fisher Scientific.[/caption]
[audio src="http://traffic.libsyn.com/aswaudio/The_Apache_Struts2_RCE_Vulnerability_-_Application_Security_Weekly_30_converted.mp3" ]
Subtle differences in opposing breach reporting bills in Congress, including a version in the National Defense Authorization Act passed Friday by the House, could have major impacts for enterprises and the government itself.
Apple continues to stay in the limelight with news around zero-day exploits; unknown researcher alleges Apple failed to patch bugs he found and did not give him credit, then claims to have released exploit code.
Many health care providers swiftly onboarded technologies to support the COVID-19 pandemic response. In doing so, they may have inadvertently expanded the threat landscape and added to ongoing vendor management challenges, posing a risk to patient safety.