Aug 30, 2022
Twitter whistleblower complaint lessons for appsec (and beyond), the LastPass breach, building a culture of threat modeling, signed binaries become vectors for ransomware, a look back to the birth of Nmap and the beginning of Linux.
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes:
Aug 30, 2022
We will review the primary needs for cloud security:
- Guardrails against misconfiguration
- Continuously Identify and Remediate Vulnerabilities in Cloud APIs, Apps, and Services
- Observability, Protection, and Reporting against Compliance and Risk Policies
- We will also review CNAPP -- Cloud Native...
Aug 24, 2022
Ideas on debugging with IDEs, Wiz.io shares technical details behind PostgreSQL attacks in cloud service providers, looking at the attack surface of source code management systems, a Xiaomi flaw that could enable forged payments, defensive appsec design from Signal, what targeted attacks mean for threat models when...
Aug 24, 2022
The unique nature of cloud native apps, Kubernetes, and microservices based architectures introduces new risks and opportunities that require AppSec practitioners to adapt their approach to security tooling, integration with the CI/CD pipeline, and how they engage developers to fix vulnerabilities. In this episode,...
Aug 18, 2022
Microsoft fixes an old bounty from 2019, rewards almost $14M on bounties in the past year, and releases a security layer for Edge; Black Hat talks on bounties and desync attacks, Google's bounties for the Linux kernel, modifying browser behavior, and the Excel championships.
Visit https://www.securityweekly.com/asw for...