Dec 18, 2019
Binary Planting with the npm CLI is another way to describe one of our favorite attacks, GitLab Doles Out Half a Million Bucks to White Hats, Speculation & leakage: Timing side channels & multi-tenant computing from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a...
Dec 17, 2019
Dave Ferguson is the Director of Product Management, WAS at Qualys. Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers.
Full Show Notes: https://securityweekly.com/qualys
Visit
Dec 11, 2019
In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update tool set, and Java vs. Python: Which should you choose? So stay tuned, for Application Security Weekly!
Visit
Dec 10, 2019
Allan Friedman is the Director of Cybersecurity Initiatives of NTIA (National Telecommunication and Information Administration) US Dept of Commerce. The problem: unknown software supply chain. Following a newly identified software risk, very few firms can answer the simple question: Am I affected? An overview of...
Dec 4, 2019
Analysis of Jira Bug Stresses Impact of SSRF in Public Cloud, DevSecOps Adoption and the Web Security Myth, Facebook, Twitter profiles slurped by mobile apps using malicious SDKs, Firefox gets tough on tracking tricks that sneakily sap your privacy, and Decoding the Modern Enterprise Software Spaghetti.
Visit