Apr 26, 2022
Java's ECDSA implementation is all for nought, writing a modern Linux kernel RCE, lessons learned from the Okta breach, lessons repeated from a log4shell hot patch, a strategy for bug bounties, Microsoft finally disables SMB1
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes:
Apr 25, 2022
How should we empower developers to embrace the NIST software development practices? Because from here on out, developers need to view themselves as the front lines of defense for the end-consumer. A more secure-aware developer leads to a more-protected consumer. Dr. Wang will offer her perspectives on the above...
Apr 19, 2022
OAuth tokens compromised, five flaws in a medical robot, lessons from ASN.1 parsing, XSS and bad UX, proactive security & engineering culture at Chime
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes:
Apr 18, 2022
We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the metrics that are easy to gather and shift to metrics that have clear...
Apr 12, 2022
In the Application Security News: SSRF at a FinTech leads to admin account takeover, Zoom's bounty payouts for 2021, SLSA demonstrates Build Provenance, Go's supply chain philosophy, Raspberry Pi credentials, & more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: