Application Security WeeklySubscribe
Application security

Breach Disclosures, SSRF in Azure, Integer Flaws, Top 10 Web Hacking Techniques – ASW #226

Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022

Full episode and show notes

Hosts

Tech Lead at Block
  1. 1. T-Mobile hacked to steal data of 37 million accounts in API data breach
  2. 2. PayPal Breach Exposed PII of Nearly 35K Accounts
  3. 3. How Orca Found Server-Side Request Forgery (SSRF) Vulnerabilities in Four Different Azure Services
  4. 4. Examples of problems with integers

    Integer overflow in .gitattributes handling CERT-EU-SA2023-002

    Pocket Guide to Debugging

  5. 5. LLMs: a bleak future ahead? – lcamtuf’s thing
  6. 6. Project Bishop: Clustering Web Pages – NCC Group Research
  7. 7. Google Online Security Blog: Supporting the Use of Rust in the Chromium Project
  8. 8. Top 10 web hacking techniques of 2022 – nominations open | PortSwigger Research
  9. 9. TOOL: Explainshell
Senior Engineering Leader at AWS
  1. 1. Google Threat Horizons Report – Anton Chuvakin’s summary

    Dr. Chuvakin does a nice summary of Google's 26 page report. Looks like we haven't quite solved the IAM issues in the cloud, quite yet...

  2. 2. Guy scans all of PyPi, finds 57 live AWS keys

    We've covered not storing credentials in git repos. Everybody has. OK so this is slightly different, but stop doing it, dammit.

    This means you too, Amazon.

  3. 3. Stroustrup: C++ is plenty safe!

    The creator of C++ claims that modern C++ isn't necessarily unsafe, and asks what does safety mean in a programming language, anyways.

    BTW he's displeased that nobody from the NSA reached out to the ISO C++ working group, where apparently even short missives about how a language isn't dying require being published as a PDF.

  4. 4. Pwning the “all Google phone” – with a non Google bug

    This article is part supply-chain related, part deep-dive into GPU memory management, part one large corp taking a dig at another large corp that has a history of punching people in the nose over security disclosure timelines. But really, a good deep dive on android security and GPU memory management.

  5. 5. Git patches 2 remote code execution flaws

Related

You can skip this ad in 5 seconds