Dec 25, 2023
We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of...
Dec 19, 2023
Nagios gets a review from NCC Group, hackers hack some anti-fixing code to fix trains in Poland, abusing OAuth post-compromise, 5Ghoul flaws in 5G networks, MITRE teases a new threat model for embedded systems, a conversation on vuln scoring systems, and more!
Dec 19, 2023
Service meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro services sounds appealing, but maybe not every monolith needs to be broken up. We'll also talk about the maturity and design choices that go into service meshes and when...
Dec 12, 2023
Benchmarking prompt injection scanners, using generative AI to jailbreak generative AI, Meta's benchmark for LLM risks, tapping a protocol to hack Magic the Gathering, and more!
Show Notes: https://securityweekly.com/asw-266
Dec 12, 2023
We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve?
We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication (OAuth, OpenID). Learning...