Jul 25, 2023
RCE in ssh-agent forwarding, finding zero-days in CTFs, Node's vm2 can't be secured, NPM packaging ambiguities, privilege escalation in Google's Cloud Build, putting satellite security into low-earth analysis, FCC proposes a trust mark, and more!
Visit https://www.securityweekly.com/asw for all the latest...
Jul 25, 2023
Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams need to push for collaboration and help implement tools that augment the development process. Dev teams need to wrangle complex architectures and work on addressing classes of vulns rather than just...
Jul 18, 2023
It's a busy news week - We explore what happens when people trust plugging cables into their EVs in public, how an APT is leveraging docker and kubernetes to build a botnet, why you should be careful running code from "researchers," and much more.
Visit https://www.securityweekly.com/asw for all the latest...
Jul 18, 2023
While much has been written and argued about the security of election systems - the things that do the actual ballot counting - there's other systems that have to be in place and secured before the vote can occur - voter registration databases, ballot delivery systems, etc. Might it be possible to use modern appsec...
Jul 11, 2023
Melinda will share results from her study last year on developer-focused security, "Walking the Line: Shift Left and GitOps Security" and discuss trends to help security keep up with modern software development.
Segment Resources:
- ESG Complete Survey Results: Walking the Line: GitOps and Shift Left Security: