Paul's Security Weekly Subscribe

Application security, Security Staff Acquisition & Development

GraphQL – Sven Morgenroth – PSW #714

October 14, 2021

Sven will talk about GraphQL APIs. He is going to show common issues that arise from its usage and how to attack GraphQL applications.

This segment is sponsored by Invicti.

Visit https://securityweekly.com/invicti to learn more about them!

Sponsored By

Invicti

Full episode and show notes

Announcements

Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Sven Morgenroth

Security Researcher at Netsparker

Sven Morgenroth is a security researcher at Netsparker. He found filter bypasses for Chrome’s XSS auditor and several web application firewalls. He likes to exploit vulnerabilities in creative ways and has hacked his smart TV without even leaving his bed. Sven writes about web application security and documents his research on the Netsparker blog.

Hosts

Paul Asadoorian

Principal Security Researcher at Eclypsium

https://securitypodcaster.com

Executive Director at Guardedrisk

Product Security Research and Analysis Director at Finite State

@haxorthematrix

https://www.finitestate.io/

https://breakstuffforfun.com/

Retired Senior Cyber Advisor at Lawrence Livermore National Laboratory

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

http://darkelement.io/

Related

Vulnerability Management

2024 End-of-Year News and Wrapup – ESW #388

December 19, 2024

As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!

Ancient Curl Bug, AWS re:Invent, Malware in NPM, Census III Report, MS OTP – ASW #311

December 16, 2024

Curl's oldest bug yet, RCPs (and more!) from AWS re:Invent, possible controls for NPM's malware proliferation, insights and next steps on protecting top 500 packages from the Census III report, the flawed design choice that made Microsoft's OTP (successfully) brute-forceable, and more! 00:00 - Intro & Cyber Resilience Insights 01:20 - The 25-Y...

Application security

Applying Usability and Transparency to Security – Hannah Sutor – ASW #311

December 16, 2024

Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and se...