Paul's Security Weekly Subscribe

Application security

Open Redirects – An Underestimated Vulnerability – PSW #688

March 25, 2021

Learn what redirects are, the different types, how they work and how they are exploited by attackers. Oh, also learn how to defend against redirect attacks!

Sven's Slide Deck - Open Redirects: https://securityweekly.com/wp-content/uploads/2021/03/Netsparker-Sven-Morgenroth-3-25-21-Open-Redirect.pdf

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Sponsored By

Full episode and show notes

Announcements

We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Guest

Sven Morgenroth

Security Researcher at Netsparker

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome’s XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.

Hosts

Paul Asadoorian

Principal Security Researcher at Eclypsium

https://securitypodcaster.com

Professor at Roger Williams University

https://securedigitallife.com/

Sr. InfoSec Consultant at Online Business Sytems

https://www.obsglobal.com/

Security Analyst at Black Hills Information Security

https://www.blackhillsinfosec.com/team/joff-thyer/

Retired Senior Cyber Advisor at Lawrence Livermore National Laboratory

Related

Vulnerability Management

2024 End-of-Year News and Wrapup – ESW #388

December 19, 2024

As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!

Ancient Curl Bug, AWS re:Invent, Malware in NPM, Census III Report, MS OTP – ASW #311

December 16, 2024

Curl's oldest bug yet, RCPs (and more!) from AWS re:Invent, possible controls for NPM's malware proliferation, insights and next steps on protecting top 500 packages from the Census III report, the flawed design choice that made Microsoft's OTP (successfully) brute-forceable, and more! 00:00 - Intro & Cyber Resilience Insights 01:20 - The 25-Y...

Application security

Applying Usability and Transparency to Security – Hannah Sutor – ASW #311

December 16, 2024

Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and se...