May 25, 2021
This week in the AppSec News segment, Mike and John talk: HTTP bug bothers IIS, Android platform security, supply chain security (new and old), brief (very brief) history of browser security, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes:
May 24, 2021
Appsec in a modern CI pipeline needs a combination of tools, collaboration, and processes to be successful. Importantly, it also needs to scale. We can't just shift responsibility left and assume that will be successful. So, how can an appsec team bring tools and security knowledge to developers?
This segment is...
May 18, 2021
CNCF releases a whitepaper on supply chain security, Frag attacks against WiFi devices, security webhooks, trusting terraform plans, shared credentials and app access, complexity vs. security vs. design.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes:
May 18, 2021
Web applications are highly dependent on third party content and JavaScript. This creates a significant set of vulnerabilities that attackers are exploiting. How do you prevent a Solarwinds type hack on your website?
Segment Resources:
https://go.talasecurity.io/blog/data-in-the-browser-is-data-at-risk
May 11, 2021
This Week in the AppSec News, Mike and John talk: "Find My threat model" with AirTags, Qualcomm modem vuln hits lots of Android, an Exim update patches lots of vulns, measuring hardened binaries, a maturity model for k8s, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: