Application Security Weekly Subscribe

The Iceberg Problem – Application Security Weekly #45

January 8, 2019

Full Audio

View Show Index

Segments

1. Ken Johnson, GitHub –

Ken Johnson has been hacking web applications professionally for 10 years and giving security training for 7 of those years. Ken is both a breaker and builder who currently works on the GitHub application security team. Ken explains approaching appsec the right way, "running a scanner without context", getting the right context/importance of context, and how do you figure what's real and what's legit?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45

Hosts

Application Security Manager at Thermo Fisher Scientific

Paul Asadoorian

Principal Security Researcher at Eclypsium

https://securitypodcaster.com

2. WordPress, Silicon Valley, and Hijacking –

Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and UnCaptcha2.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45

Hosts

Application Security Manager at Thermo Fisher Scientific

Paul Asadoorian

Principal Security Researcher at Eclypsium

https://securitypodcaster.com

Related

Vulnerability Management

Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland and More.. – SWN #439

December 20, 2024

Dysentery, TP-Link, Piracy, Calendar Scams, Tencent, TikTok, Aaran Leyland, and More, on this edition of the Security Weekly News.

Final fundings for 2024, Blackberry sells Cylance cheap, Product Testing Drama – ESW #388

December 19, 2024

In the enterprise security news, a final few fundings before the year closes out Arctic Wolf buys Cylance from Blackberry for cheap, a sentence that feels very weird to say the quiet HTTPS revolution passkeys are REALLY catching on resilience keeps showing up in the titles of news items Apple Intelligence insults the BBC’s intelligence MITRE ATT...

Risk Assessments/Management

D3FEND 1.0: A Milestone in Cyber Ontology – Peter Kaloroumakis – ESW #388

December 19, 2024

Since D3FEND was founded to fill a gap created by the MITRE ATT&CK Matrix, it has come a long way. We discuss the details of the 1.0 release of D3FEND with Peter in this episode, along with some of the new tools they've built to go along with this milestone. To use MITRE's own words to describe the gap this project fills: "it is necessary tha...