Application Security Weekly (Video) cover art

All Episodes

Application Security Weekly (Video) — 718 episodes

#
Title
1

Discovering & Securing Your AI Agent Attack Surface - Jeremy Snyder - ASW #391

2

Defense-in-depth strategies for securing mobile applications - Ryan Lloyd - ASW #390

3

Reducing Attack Surface & Evaluating Efficiency in Agents - Itamar Apelblat, David Goldschlag - ASW #389

4

How AI Is Reshaping Identity Security at the Infrastructure Layer - Ev Kontsevoy, Neha Duggal, Amit Masand - ASW #388

5

Why Does It Matter Who or What Created the Code? - Matias Madou - ASW #387

6

Scanner Results Are a Starting Point. Here's What Comes Next. - Federico Kirschbaum - ASW #386

7

BadHost, Dead CTFs, Exploding NPMs, and the Verizon DBIR - ASW #385

8

AppSec Conversations on Agents, LLMs, and OWASP from RSAC - Scott Clinton, Janet Worthington, Merritt Maxim - ASW #384

9

The State of AI & AppSec - Keith Hoodlet - ASW #383

10

Why Basic Security Practices Still Work - Rob Allen - ASW #382

11

Keeping Up With the OWASP GenAI Project - Scott Clinton - ASW #381

12

Top 10 Web Hacking Techniques of 2025 and a Hint for 2026 - James Kettle - ASW #380

13

The Human Aspect of Red Teams - Brian Fox, Tom Tovar, T. Gwyddon 'Data' Owen - ASW #379

14

Securing Software's Journey with the OWASP SPVS - Cameron W., Farshad Abasi, Rohan Ravindranath, Ido Geffen - ASW #378

15

AppSec News Roundup on Claude Code Leak, Axios NPM Compromise, Secure Design - Idan Plotnik, Raj Mallempati - ASW #377

16

Developing the Skills Needed for Modern Software Development - Keith Hoodlet, Ron Rasin, Shashwat Sehgal - ASW #376

17

Why Proactive Security Is Far Better Than Patching - Erik Nost - ASW #375

18

Creating Better Security Guidance and Code with LLMs - Mark Curphey - ASW #374

19

Making Medical Devices Secure - Tamil Mathi - ASW #373

20

Modern AppSec that keeps pace with AI development - James Wickett - ASW #372

21

Helping Users with Practical Advice to Protect their Digital Devices - Runa Sandvik - ASW #371

22

Conducting Secure Code Analysis with LLMs - ASW #370

23

Bringing Strong Authentication and Granular Authorization for GenAI - Dan Moore - ASW #369

24

Focusing on Proactive Controls in the Face of LLM-Assisted Malware - Rob Allen - ASW #368

25

Building proactive defenses that reflect the true nature of modern software risk - Paul Davis - ASW #367

26

Lessons from MongoBleed, CWE Top 25, and Secure Coding Benchmarks - ASW #366

27

Secure By Design Is Better Than Secure By Myth - Bob Lord - ASW #365

28

The Upsides and Downsides of LLM-Generated Code - Chris Wysopal - ASW #364

29

AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363

30

Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, James Manico, Adam Shostack, Dustin Lehr - ASW #362

31

Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361

32

Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360

33

Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359

34

Figuring Out Where to Start with Secure Code - ASW #358

35

Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357

36

Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356

37

Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355

38

Quantum Computing Isn't A Threat To Blockchains - Yet - Sandy Carielli, Martha Bennett - ASW #354

39

Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353

40

Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352

41

Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351

42

Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350

43

Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349

44

How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348

45

Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347

46

AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346

47

Translating Security Regulations into Secure Projects - Emily Fox, Roman Zhukov - ASW #345

48

Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344

49

The Future of Supply Chain Security - Janet Worthington - ASW #343

50

Uniting software development and application security - Jonathan Schneider, Will Vandevanter - ASW #342

51

How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341

52

Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340

53

Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339

54

Checking in on the State of Appsec in 2025 - Sandy Carielli, Janet Worthington - ASW #338

55

Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337

56

How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336

57

Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335

58

Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334

59

AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333

60

AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Brian Fox, Mark Lambert, Shahar Man - ASW #332

61

Appsec News & Interviews from RSAC on Identity and AI - Charlotte Wylie, Rami Saas - ASW #331

62

Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330

63

AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Idan Plotnik, Vishal Gupta - ASW #329

64

Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328

65

Managing Secrets - Vlad Matsiiako - ASW #327

66

More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326

67

In Search of Secure Design - ASW #325

68

Avoiding Appsec's Worst Practices - ASW #324

69

Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323

70

Redlining the Smart Contract Top 10 - Shashank - ASW #322

71

Skype Hangs Up, Android Backdoors, Jailbreak Research, Pretend AirTags, Wallbleed - ASW #321

72

CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321

73

QR Codes Replacing SMS, MS Pulls VSCode Extension, Threat Modeling, Bybit Hack - ASW #320

74

Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320

75

Regex DoS, LLM Backdoors, Secure AI Architectures, Rust Survey - ASW #319

76

Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319

77

Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

78

Unforgivable Vulns, DeepSeek iOS App Security Flaws, Memory Safety Standards - ASW #317

79

Code Scanning That Works With Your Code - Scott Norberg - ASW #317

80

New SLAP & FLOP Attacks, OCSP Fades Away, DeepSeek's ClickHouse, OAuth 2.0 Security - ASW #316

81

Threat Modeling That Helps the Business - Sandy Carielli, Akira Brand - ASW #316

82

Opengrep & Semgrep, Hacking Subarus, Hacking Synths, Stealing Cookies, and RANsacked - ASW #315

83

Security the AI SDLC - Niv Braun - ASW #315

84

Appsec Predictions for 2025 - Cody Scott - ASW #314

85

PyPI's Quarantine, Phishing & Awareness, Porting Fishshell to Rust, Cyber Trust Mark - ASW #313

86

Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313

87

Removing Rust, Double Clickjacking, h3i CLI, JWT Mistakes, Reviewing Recursion - ASW #312

88

DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312

89

Ancient Curl Bug, AWS re:Invent, Malware in NPM, Census III Report, MS OTP - ASW #311

90

Applying Usability and Transparency to Security - Hannah Sutor - ASW #311

91

AI's Junk Vulns, Web3 Backdoor, LLM CTFs, 5 GenAI Mistakes, Top Ten for LLMs - ASW #310

92

Looking Back on 2024 - ASW #310

93

Fuzzing Barcodes, Fuzzing with AI, AI vs. Scammers, CWEs, Repo Swatting - ASW #309

94

Adding Observability with OpenTelemetry - Adriana Villela - ASW #309

95

AI fixes everything, C++ the actual worst, IAM is hard - ASW #308

96

Biometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308

97

Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307

98

Modernizing AppSec - Melinda Marks - ASW #307

99

Total Recall? LLM finds bug in SQLite, C++ safety failures, zero time for zero privs - ASW #306

100

Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306

101

Protecting Identity of AI Agents & Standardizing Identity Security for SaaS Apps - Shiven Ramji, Arnab Bose - ASW #305

102

Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - ASW #305

103

JSON Parsing, Email Parsing, CISA's Bad Practices Guide, Abusing Disclosure Policies - ASW #304

104

The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304

105

Perl & PHP Vulns, Fuzzing & Parsers, Protecting Multi-Hosted Tenants, Secure Design - ASW #303

106

RCE from Iconv + PHP, Fuzzing a Codec, Fuzzing LLMs, Revisiting Recall - ASW #302

107

The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302

108

More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - ASW #301

109

Fuzzing for Vulns, GitLab Auth Bypass, JPEG Vulns, Programming Language Ranks - ASW #300

110

Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300

111

A TLD Takeover, An LLM CTF, A Firmware Flaw, 6 Truths of Cyber Risk - ASW #299

112

Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299

113

Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298

114

Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault

115

Apache HTTPD Vulns, Hacking IoT Speakers, Use Cases for WASM, Slack AI Leak - ASW #297

116

Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297

117

Navigating the Path to Maturity & AI is helping combat cyber threats - Shimon Modi, Boaz Barzel - ASW #296

118

The Fallout and Lessons Learned from the CrowdStrike Fiasco - Allie Mellen, Jeff Pollard - ASW #296

119

Reducing Supply Chain Risk & What's lurking in your phone? - Danny Jenkins, Nikos Kiourtis - ASW #295

120

When Appsec Needs to Start Small - Kalyani Pawar - ASW #295

121

Dead Code, CrowdStrike's Kernel Lessons, VMs & Security Boundaries, SLUBStick Attack - ASW #294

122

Building Successful Security Champions Programs - Marisa Fagan - ASW #294

123

A CISO's Perspective on AI, Appsec, and Changing Behaviors - Paul Davis - ASW #293

124

SAPwned, Squarespace Domain Hijacks, AIs Fixing Code, Infosec Investments - ASW #292

125

Where Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, Farshad Abasi - ASW #292

126

A 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto - ASW #291

127

Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291

128

State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290

129

Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters - ASW #290

130

Shared Responsibility Models, AI in Offensive Security, Apple's Private Cloud Compute - ASW #289

131

OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289

132

Learning EBPF - Liz Rice - ASW Vault

133

Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288

134

Bots are Taking Over the Internet & Defining ASPM - Idan Plotnik, Erez Hasson - ASW #287

135

Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Luis Villa - ASW #287

136

Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault

137

Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault

138

Unpacking XDR & Business Applications - Chris Thomas, Oliver Tavakoli - ASW #286

139

Node.js Secure Coding - Liran Tal - ASW #286

140

The Enterprise Browser & AI in Securing Software and Supply Chains - Mike Fey, Josh Lemos - ASW #285

141

Inside the OWASP Top 10 for LLM Applications - Sandy Dunn - ASW #285

142

Hacking AI Bias with Human Techniques - Keith Hoodlet - ASW #284

143

AI & Hype & Security (Oh My!) - Caleb Sima - ASW #284

144

Random Problems, Protecting Packages, and Vulns in Designs, Defaults & Data Leaks - ASW #283

145

Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283

146

XZ & Open Source, PuTTY's Private Keys, LeakyCLI, LLMs Writing Exploits - ASW #282

147

Sustainable Funding of Open Source Tools - Simon Bennetts, Mark Curphey - ASW #282

148

Arg Parsing in Rust, End of Life Hardware, CSRB & MS, Chrome's V8 Sandbox - ASW #281

149

Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281

150

OWASP Breach, Types of Prompt Injection, Device-Bound Sessions, ASVS & APIs - ASW #280

151

Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280

152

Top 10's First Update, Metasploit's Second Update, PHP Prepares Statements, RSA & MS - ASW #279

153

Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279

154

Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278

155

GoFetch Side Channel, OpenSSF & Security Education, Fuzzing vs. Formal Verification - ASW #278

156

Vulns in Smart Locks, FCC labels for IoT, ZAP's New Home - ASW #277

157

Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277

158

TeamCity Authn Bypass, ArtPrompt Attacks, Low Quality Vuln Reports, Secure by Design - ASW #276

159

More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276

160

SAML & Secrets, Serializing AI Models, OWASP ISTG, More Memory Safety - ASW #275

161

The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275

162

PrintListener, Post-Quantum Crypto in iMessage, Silent Sabotage, Rust Survey Results - ASW #274

163

Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274

164

Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW Vault

165

LLMs & Security Tools, Shim Vuln, AI Threat Models, Configuration as Code with Pkl - ASW #273

166

Creating Code Security Through Better Visibility - Christien Rioux - ASW #273

167

Sorting Out Glibc Vulns, Apple's Security Research Device, BoringSSL, Old C Vulns - ASW #272

168

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272

169

Vulns & Secure Design, MiraclePtr Success, Abandoned Projects & Maven, Old "AI Chip" - ASW #271

170

Getting Your First Conference Presentation - Sarah Harvey - ASW #271

171

Security in Wrenches, Vulns in Atlassian and GitLab, 2023's Top Web Hacking Tricks - ASW #270

172

Dealing with the Burden of Bad Bots - Sandy Carielli - ASW #270

173

Communicating Technical Topics Without Being Boring - Eve Maler - ASW #269

174

23andMe Blames Users, Abusing Google's OAuth2, Rustls Performance, AI Goes OSINT - ASW #268

175

What's in Store for 2024? - ASW #268

176

HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - Keith Hoodlet - ASW Vault

177

OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW Vault

178

Nagios and Abandoned Projects, Hacking Trains (to Fix Them), OAuth Threats, 5Ghoul - ASW #267

179

Making Service Meshes Work for People - Idit Levine - ASW #267

180

Prompt Injection Scanners, Better AI Jailbreaks, Purple Llama, Linux Kernel Security - ASW #266

181

The ABCs of RFCs - Heather Flanagan - ASW #266

182

Extracting Data from ChatGPT, Vulns Around AI, Secure AI Guidance, LogoFAIL, BLUFFS - ASW #265

183

All the News -- Just Six Months Later - ASW #265

184

Randstorm, Nothing Chats, Platform Engineering, PyPI Security Audit - ASW #264

185

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264

186

Platform Firmware Security - Maggie Jauregui - ASW Vault

187

Fuzzing Strategies, Responding to CISA's Open Source Security RFI, 35 Year Old Worm - ASW #263

188

How 2023 Changed Application Security and What's to Come in 2024 - Karl Triebes - ASW #263

189

Citrix Bleed, Atlassian Authz Vuln, OpenJS & jQuery, Secure Future Initiative - ASW #262

190

Security from a Developer's Perspective - Josh Goldberg - ASW #262

191

Abusing OAuth, State of DevOps, Nightshade and AI, iLeakage, Sandboxing Apps - ASW #261

192

How Security Tools Must Evolve - Dan Kuykendall - ASW #261

193

Okta Breach, SolarWinds RCEs, CISOs and Boards, Crypto Business Logic, Secure Design - ASW #260

194

OAuth, WebAuthn, and the Impact of Design Choices - Dan Moore - ASW #260

195

HTTP/2 Rapid Reset, Curl's SOCKS5 Bug, Standardizing CycloneDX, AI Bug Bounty - ASW #259

196

OT Security - Huxley Barbee - ASW #259

197

Curl's Impending Patch, Glibc's Looney Tunables, ShellTorch, Another Top 10 List - ASW #258

198

Shifting Focus to Make DevSecOps Successful - Janet Worthington - Janet Worthington - ASW #258

199

A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257

200

Creating Presentations and Training That Engage an Audience - Lina Lau - ASW #257

201

Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256

202

Supply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - ASW #256

203

Azure's Eight XSS Vulns, CNCF's Two Security Audits, CISA's OSS Roadmap, Repojacking - ASW #255

204

Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255

205

Microsoft Dumps a Key, Grafana Logs a Key, URL Parsers Disagree, Old Bug in Ubuntu - ASW #254

206

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254

207

Broadening What We Call AppSec - Christien Rioux - ASW Vault

208

Go Crypto in Practice, Excel Executes Python, Protecting Users, DARPA Distills - ASW #253

209

How Can Security Be Smart About Using AI? - Jeff Pollard - ASW #253

210

Discord.io Stops, Azure AD Pops, Zoom AI Drops, Model Confusion Attacks, Early XSS - ASW #252

211

Security in a Cloud Native World & Mobile App Attacks - Asaf Ashkenazi, Jason Rolleston - ASW #252

212

DARPA's AI Challenge, CISA Wants Secure Open Source, 5 Years of Vuln Research - ASW #251

213

Pointers and Perils for Presentations - Josh Goldberg - ASW #251

214

Zap's New Home, Clang & Security Tools, LLM Attacks, Rust Supply Chain - ASW #250

215

You've Got Appsec, But Do You Have ArchSec? - Merritt Baer - ASW #250

216

Zenbleed, Drop in Zero-Days, Security Testing Handbook, Public Speaking - ASW #249

217

Identity and Verifiable Credentials in Cars - Eve Maler - ASW #249

218

SSH-Agent RCE, CTFs & bug bounties, Satellite Security, Cyber Trust Mark, Bad.Build - ASW #248

219

Navigating the Complexities of Development to Create Secure APIs with Kristen Bell - Kristen Bell - ASW #248

220

Kubernetes and silentbob strike back, EV charger hacking, fake POCs - ASW #247

221

Securing Non-Election Election Systems, Modernizing AppSec Education - Brian Glas - ASW #247

222

Developer-Focused Security - Melinda Marks - ASW #246

223

Software Trust & Adversaries - Shannon Lietz - ASW #246

224

The Psychology of Training - Matias Madou - ASW Vault

225

XSS in Azure, Choosing Web Research Topics, Security Dev-in-Residence, More Myths - ASW #245

226

Invicti AppSec Indicator: Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245

227

Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault

228

Verizon DBIR, CVSS 4.0, Security at Scale, Big IAM Challenge - ASW #244

229

Eliminate Security Vulnerabilities with App Modernization and Identity Orchestration - Eric Olden - ASW #244

230

LLM Top 10, Simple Vulns, PyPI Requires 2FA, ThinkstScapes Quarterly, Fun w/ Learning - ASW #243

231

What's the Deal with API Security? - Sandy Carielli - ASW #243

232

Doing Application Security Right - Farshad Abasi - ASW Vault

233

New TLDs Zip By, eBPF Fuzzer, Microsoft Rocks Rust, Unwanted Tracking Spec - ASW #242

234

Ten Things I Hate About Lists - ASW #242

235

Staying Ahead of Hackers: Protecting Mobile Apps & Detecting Malicious Packages - Asaf Ashkenazi, Jeff Martin - ASW #241

236

What to Do When the Honeymoon Period Ends - Chris Eng - ASW #241

237

Strengthening Your Security Position: Detecting Software Supply Chain Breaches - ASW #240

238

Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW #240

239

Mitigating AppSec Risk with Systematic Testing and Effective Attack Mitigation - Karl Triebes, Patrick Vandenberg - ASW #239

240

Application Security Maturity and Frameworks - Francesco Cipollone - ASW #239

241

A Forecast for Threat Groups, K8s Security Audit, GhostToken on Google, BrokenSesame - ASW #238

242

The Intersection of Hacking, Technology, and Civil Society with Jeff Moss - Jeff Moss - ASW #238

243

Deps.dev API, Right to Repair Tractors, Secure by Design, WebSockets, Adversarial AI - ASW #237

244

Collecting Bounties and Building Communities - Ben Sadeghipour - ASW #237

245

Application Security in Cloud - Vandana Verma Sehgal - ASW #236

246

JSON and a Regex, IoT Passwords, CAN Injection, Twitter CVE, Complexity, Tabletops - ASW #236

247

BingBang, Super FabriXss, 3CX on macOS, Secure Code Game, Real World Crypto 2023 - ASW #235

248

Learning eBPF - Liz Rice - ASW #235

249

OpenAI Info Leak, BitCoin ATM Hack, GitHub RSA SSH Key, Measuring AI Security - ASW #234

250

Real-life Examples. Benefits, Risk & Security Implications of AI - Frank Catucci - ASW #234

251

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl's Anniversary - ASW #233

252

Automating Security With Static Analysis - Josh Goldberg - ASW #233

253

Loom Disclosure, GitHub 2FA, Buffer Overflow in TPM, Dropbox Career Framework - ASW #232

254

The OWASP ASVS and Sustainable Software Security Practices - Josh Grossman - ASW #232

255

WebSocket Hijack, Post-Quantum Side-Channel, OWASP's Future, OAuth Misconfigs, ZAP - ASW #231

256

A Deep Dive Into Software Supply Chain Security - Neatsun Ziv - ASW #231

257

Twitter 2FA, Server-Side Prototype Pollution, AI Security & Privacy, Smarter Testing - ASW #230

258

Supply Chain Breaches and Hacking the Cloud: Lessons Learned from IR - Lina Lau - ASW #230

259

Reddit Breach, Toyota Bugs, OpenSSL Vulns, Top 10 Web Hacking Techniques of 2022 - ASW #229

260

What's the Best Way to Threat Model? - Nick Selby - ASW #229

261

Aviation ASCII Art, OpenSSH Double-Free, F5 Format String, OSC&R for Supply Chains - ASW #228

262

Myths and Lies in Infosec - Adrian Sanabria - ASW #228

263

Source Leaks, BIND DoS, Refactoring Go to Typescript, Git Audit & Rust, SQL Slammer - ASW #227

264

There Is No Average Behavior - Dr. David Movshovitz - ASW #227

265

Breach Disclosures, SSRF in Azure, Integer Flaws, Top 10 Web Hacking Techniques - ASW #226

266

Crafting Security Training for Secure Code and Security Culture - Marudhamaran Gunasekaran - ASW #226

267

CircleCI Breach, Vulns in Auto Sites, Google Speaker Bugs, Office Space, S3 Defaults - ASW #225

268

Securing your APIs using OAuth - Dan Moore - ASW #225

269

Security Product Metrics, ML 101, PEACH for Cloud, Log4Shell Lookback, Appsec Tools - ASW #224

270

DevSecOps Essentials - Keith Hoodlet - ASW #224

271

Another Ping of Death, Clever JSON Manipulation, iCloud Encryption, ChatGPT Threats - ASW #223

272

Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW #223

273

Android Platform Certs Leaked, Hell's Keychain, Web Hacking Cars, Bug Bounty Tips - ASW #222

274

Inoculating Malicious Content: Making File Types Safe to Handle - Aviv Grafi - ASW #222

275

AWS AppSync Vuln, Zero-Initialization, HTTP/3 Connections, Thinkst Quarterly - ASW #221

276

Searching on Encrypted Data: MongoDB's Queryable Encryption - Kenn White - ASW #221

277

CosMiss, Pixel Lock Screen Bypass, IIoT Path Traversal, NSA on C & C++, Code Reviews - ASW #220

278

The Top 10 CI/CD Security Risks and CI/CD Goat - Daniel Krivelevich - ASW #220

279

Punycode in OpenSSL, Authn in Cosmos DB Notebooks, Documenting Security, IoT Labels - ASW #219

280

Bad Bots are Targeting Your APIs: What You Need to Know - Karl Triebes - ASW #219

281

Critical OpenSSL Vuln, SQLite Vuln, Apple Security Blog, Randomness & Shuffling - ASW #218

282

Understanding Web3 Application Security - Sandy Carielli, Martha Bennett - ASW #218

283

Text4Shell, GUAC for SLSA, OpenSSF Scorecards, Toner Deaf, OWASP Elections - ASW #217

284

Kubernetes, Container and Cloud Best Practices for Securing Cloud Apps and Hardening - Kong Yew Chan - ASW #217

285

FortiOS Exploit, Linux Kernel Wi-Fi Vulns, Infosec Communities, Secure Coding - ASW #216

286

How NVIDIA Uses AI to Address Cybersecurity Challenges - Jason Recla - ASW #216

287

Rust in the Linux Kernel, Uber Security Verdict, Prototype Pollution, PHP Composer - ASW #215

288

Creating and Curating Educational Resources for Secure Coding - Akira Brand - ASW #215

289

Exchange RCE, Patching at Scale, DORA Metrics, USENIX Best Papers, Passkeys - ASW #214

290

Critical Requirements for Cloud Native Application Security - Dean Agron - ASW #214

291

Authz Bypass in Oracle Cloud, Chrome Prototype Pollution, Why Security Products Fail - ASW #213

292

Show, Don't Tell, Your Developers How To Write Secure Code - Janet Worthington - ASW #213

293

Uber Breach, Rust Security Team, MiraclePtr, Supply Chain Criticism, Careers - ASW #212

294

API Security from a Developer's Perspective - Sam Placette - ASW #212

295

Go Vuln Project, OSS-Fuzz Successes, No More Basic Auth, NSA Supply Chain Hardening - ASW #211

296

Shifting Left Probably Left You Vulnerable. Here's How You Can Make it Right. - Sonali Shah - ASW #211

297

Twitter Whistleblower Complaint, LastPass Breach, Threat Modeling Culture - ASW #210

298

Cloud Security Frameworks: Clarity vs. Confusion - Doug Dooley - ASW #210

299

Debugging & Dev Tools, Isolating PostgreSQL, Abusing the DevOps Pipeline, Xiaomi Flaw - ASW #209

300

AppSec Tips & Tricks for Cloud Native and Kubernetes Environments - Kiran Kamity - ASW #209

301

Microsoft Bounties & Edge Security, Strategic Bounty Programs, HTTP Desync Attacks - ASW #208

302

Good, Not Perfect, AppSec - Tanya Janca - ASW #208

303

Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207

304

Agility Broke AppSec. Now It's Going to Fix It - Chen Gour Arie - ASW #207

305

Smart Lock and Simple Vulns, Macros and Secure Defaults, Breaches and Costs - ASW #206

306

Reachability & Attackability - Manish Gupta - ASW #206

307

Atlassian Vuln, Attacking OAuth, OpenSSF Security Audits, Tabletop Exercises - ASW #205

308

How to Build a Successful Continuous Application Security Program - Ferruh Mavituna - ASW #205

309

0-Day Vulnerabilities & What's Next - Larry Maccherone - ASW #204

310

Retbleed, CSRB's First Report, a Case-Sensitive Action, Mac Malware Book - ASW #204

311

iOS Lockdown Mode, 2FA in PyPI, CloudVulnDB, & Practical Attacks on ML - ASW #203

312

The Security Challenges That Devs Encounter When Building Secure Apps - Farshad Abasi - ASW #203

313

Answering the 'How' Questions of Software Security - Nikhil Gupta - ASW #199

314

Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199

315

More Fuzzing, a Decade of OT Security, & Top Threats to Cloud Computing - ASW #202

316

How GraphQL & Template Injection Threats Influence App Architectures - Mike Benjamin - ASW #202

317

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201

318

IE11 Goes to Zero -- A History of Browser Security and Bug Bounties - ASW #201

319

OWASP Top 10 for K8s, Firefox Process Isolation, Secure Software Factory, CFAA Policy - ASW #198

320

The Psychology of Training - Matias Madou - ASW #198

321

RSAC Micro Interviews - Cisco & Invicti Security - Jeetu Patel, Sonali Shah - ASW #200

322

HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - ASW #200

323

Developing Future Cybersecurity Contributors - Brian Glas - ASW #197

324

Typosquatting, Curl's Security Update, & OpenSSF's 10 Point Mobilization Plan - ASW #197

325

Smart Contract Security, Heroku Breach, & Real World Crypto Highlights - ASW #196

326

Securing SAP: Addressing the Critical & Complex Challenge - Christoph Nagy - ASW #196

327

ExtraReplica, Document.domain Disfavored, & Highlights From Thinkst Quarterly - ASW #195

328

Bad Bots - Automated Threat Targeting Your Websites, Mobile Apps, & APIs - Lynn Marks - ASW #195

329

Java's ECDSA for Nought, Writing a Kernel RCE, Okta's Conclusion, Log4Shell Hot Patch - ASW #194

330

What Does Software Supply Chain Security Threat Mean to Developers? - Dr. Chenxi Wang - ASW #194

331

OAuth Tokens Taken, Vulns in Medical IoT, Scoring a Proactive Security Culture - ASW #193

332

Appsec (and adjacent) Metrics - ASW #193

333

SSRF at a FinTech, Zoom's Bounties, SLSA Build Provenance, & Raspberry Pi Credentials - ASW #192

334

Service Mesh & Zero Trust Kubernetes Security - William Morgan - ASW #192

335

Escaping from BlastDoor's Sandbox, Spring RCE, Old Zlib Flaw, Startup Security - ASW #191

336

Democratizing Software Security - Eric Allard - ASW #191

337

Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190

338

How to Build a Developer-First Application Security Program - Harshil Parikh - ASW #190

339

A Great Escape, Peace Not War, & How to Burp Good - ASW #189

340

Helping Secure OSS Software - Alvaro Munoz - ASW #189

341

Dirty Pipe, AutoWarp Vuln in Azure, TLStorm Hits UPS Devices, Car Hacking - ASW #188

342

Doing Application Security Right - Farshad Abasi - ASW #188

343

Vulns in Markdown Parsers, Census II & Open Source Security, iCloud Private Relay - ASW #187

344

Deep Visibility & Understanding the Underlying Data Layer - Lebin Cheng - ASW #187

345

Bug Bounty Costs, GitHub's Advisory Database, ICS Vulns of 2021, CNCF Secure Software - ASW #186

346

Integrating Appsec Tools for DevOps Teams - Steve Wilson - ASW #186

347

Cassandra RCE, Pixelation Is Poor Redaction, Rust's Useful Errors, & Hardening Edge - ASW #185

348

The DIY AppSec Lab - ASW #185

349

Docker Boundaries, Google Bounties, 2021's Top Web Hacks, Apple AirTags, AI vs. RFCs - ASW #184

350

The Modern Developer Must be Security Minded, Too - Doug Kersten - ASW #184

351

HTTP/3 Streams, Argo CD Paths, Log4j Devs, Cyber Safety Review Board, OSSF Projects - ASW #183

352

Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW #183

353

PwnKit, Qubit Hack, Multichain Hack, Safari Bounty, & Python NaN - ASW #182

354

Shift Left, NOT S#!T LEFT - Larry Maccherone - ASW #182

355

IndexedDB Leak, Linux Kernel Bug, Zoom Security, SSRF & Allow Lists, Security Courses - ASW #181

356

API Security (Shadow APIs) - Himanshu Dwivedi - ASW #181

357

Scams and Security in Web3*, URL Parsing Problems, AWS Glue, CI/CD Compromises - ASW #180

358

Investing in Open Source Security - ASW #180

359

Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes - ASW #179

360

Broadening What We Call AppSec - Christien Rioux - ASW #179

361

Latest Log4j, Outages & Availability, FPGA Security Concepts, & Bug Bounty Awards - ASW #178

362

Evolving Security Testing - Dan Guido - ASW #178

363

Log4Shell, Mozilla's BigFix & New Sandbox, Rust in Linux Kernel, Path Traversal in Go - ASW #177

364

DevSecOps, Compliance GRC, and the Future of Application Security - Francesco Cipollone - ASW #177

365

Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176

366

Solving Systemic Risk in Software Development - Chris Wysopal - ASW #176

367

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175

368

wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175

369

PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174

370

Mobile Application Security - Ryan Lloyd - ASW #174

371

Linux Kernel TIPC RCE, NPM Malware, OTP 2FA Bots, & Security Labels - ASW #173

372

A Standardized Approach to SBOM - Dan McKinney - ASW #173

373

Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172

374

Untangling API Security in 2022 - Peter Klimek - ASW #172

375

UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171

376

Security Champions in an Online First World - Ashish Rajan - ASW #171

377

View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170

378

Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170

379

Twitch Breach, HTTPd Path Traversal, Disabling Macros, & Great Cybersecurity Programs - ASW #169

380

Modernizing the Management of Your Software Supply Chain - Tom Gibson - ASW #169

381

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168

382

The Power of Developer-First Security - Hillary Benson - ASW #168

383

AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167

384

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167

385

OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166

386

Transforming Modern Software Development with Developer-First AppSec - Jeff Williams - ASW #166

387

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165

388

Findings From the 2021 AppSec Shift Left Progress Report - Manish Gupta - ASW #165

389

ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164

390

A DevOps Perspective on Risk Tolerance & Risk Transfer - Caroline Wong - ASW #164

391

BlackBerry's BadAlloc, Glibc's NULL, Backtick Command Injection, & ProxyLogon Details - ASW #163

392

Challenges in Open Source Application Security - Shubhra Kar - ASW #163

393

Cracked Concatenation, Injection Against DNS, Allstar GitHub, & DEF CON Highlights - ASW #162

394

DevSecOps - Making It Real - Mike Rothman - ASW #162

395

Securing Modern Web Apps: Development Techniques are Changing - Tom Hudson - ASW #161

396

Router Auth Bypass, Weak IoT RNG, HTTP/2 Request Smuggling, & Kindle Fuzzing - ASW #161

397

PunkSpider, Bug Bounties, RCE in PyPI, Kernel Pwning With eBPF, & Top Vulns From CISA - ASW #160

398

Platform Firmware Security - Maggie Jauregui - ASW #160

399

CWE Top 25, Bugs in Inconstancies, Sequoia Vuln, Twitter Transparency, & Cloud Risks - ASW #159

400

Navigating the Seas of Security in Serverless Functions - Peter Klimek - ASW #159

401

Code Comments, Decision Trees, Windows Hello, Telegram Analysis, & Cloud Risks - ASW #158

402

The Role of Open Source in DevSecOps - David DeSanto - ASW #158

403

Password Mismanager, Trusted Types vs. DOM XSS, PrintNightmare, & Fault Injections - ASW #157

404

Web App and API Security Needs to Be Modernized: Here's How - Sean Leach - ASW #157

405

Semgrep, Microsoft Signs With Rootkits, ATT&CK/D3FEND, & Injured Android - ASW #156

406

Scaling Your Application Security Program - Clint Gibler - ASW #156

407

Supply Chain Integrity, Format Strings, Systemd Bug, Instagram Bounty, & Refactoring - ASW #155

408

Challenges of DAST Scanners / Adoption by Developers - Nuno Loureiro, Tiago Mendo - ASW #155

409

ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics - ASW #154

410

OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW #154

411

HTTP Goes QUIC, Security & Humans, Amazon Sidewalk Privacy, & Product Abuse - ASW #153

412

API Security: Understanding Threats to Better Protect Your Organization - Daniel Hampton - ASW #153

413

IIS Bug, Browsers & Androids & Supply Chains Oh My! - ASW #152

414

Bringing AppSec to a Modern CI Pipeline - Manish Gupta - ASW #152

415

CNCF Supply Chain, Frag Attacks, Securing Webhooks, & Complexity vs. Security - ASW #151

416

Third Party Software Risk on the Web - Aanand Krishnan - ASW #151

417

AirTags & Threat Models, Qualcomm Modem Vuln, Exim RCE(s), & Binary Hardening - ASW #150

418

Delivering On the Promise of Application Security - Ankur Shah - ASW #150

419

BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches - ASW #149

420

Why Developers Need to Think Differently About Software Security - Rey Bango - ASW #149

421

Signal Aesthetics, AirDrop Privacy, Safety vs. Security, & Data Ordering Attacks - ASW #148

422

Deceptive Diffs From Subversive Submitters - ASW #148

423

Rust in Android, Vuln Disclosure, Postmortems, & BootHole Follow-Up - ASW #147

424

Supply Chain Management - Doug Barbin - ASW #147

425

Malicious PHP Commits, OAuth Attacks & XML Injection, & Zines For DevSecOps - ASW #146

426

Shifting Right: What Security Engineers Can Learn From DevSecOps - Leif Dreizler - ASW #146

427

TikTok Analysis, Patching Patches, CI/CD Integrity, Faster Fuzzing, & Slack Safety - ASW #145

428

OWASP Top 10 of 2021 - Andrew van der Stock - ASW #145

429

Supply Chains in Azure SDK/Xcode, GitHub Sessions, & GCP VRP - ASW #144

430

Approaching AppSec Like a Hacker - Johanna Ydergard, Roberto Giachetta - ASW #144

431

Unauth'd RCE, "Regexploits", Post-Spectre Web, & SigStore Signing - ASW #143

432

Cloud Native Security Platforms - John Morello - ASW #143

433

Security Engineering, Evil Packages, Exchange SSRF, & Observability - ASW #142

434

Privacy, Data Security & Compliance - Cynthia Burke - ASW #142

435

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141

436

Hackable; How to do Application Security Right - Ted Harrington - ASW #141

437

Dependency Confusion, Suspender Falls, Web Shells, & AppSec Scale - ASW #140

438

Targeting, Exploiting, & Defending Linux - Brandon Edwards - ASW #140

439

BBPLR, API Security Trends, Memory Unsafety, & Patching 0-Days - ASW #139

440

Being a Serial Entrepreneur, Business Leader, & Hacker - Alissa Knight - ASW #139

441

Sudo Vuln, Libgcrypt, BlastDoor on iMessage, & AWS Lambda security - ASW #138

442

Groundhog Day - It's Time to Reset the Script on Vulnerabilities - John Delaroderie - ASW #138

443

KindleDrip, State of Messaging State Machines, DoH, & Data Security Strategies - ASW #137

444

Reading Industry Analyst Tea Leaves To Predict The Future - Taylor McCaslin - ASW #137

445

Google 2FA Cloning, Speed vs. Security, & "Hack The Army" Bug Bounty 3.0 - ASW #136

446

Fuzz Testing - Andrei Serban - ASW #136

447

Kubernetes Clusters, Microsoft Solarigate, & Apple's Security DIY - ASW #135

448

Security By Design - ASW #135

449

Atheris Python Fuzzer, Bronze Bit Attack, & FireEye Highlights - ASW #134

450

Freedom From Computing Environments - Ev Kontsevoy - ASW #134

451

Google Play Bug, GitHub, iPhone Radio Reboots, & Docker Hub Vulns - ASW #133

452

Security Web Applications Against Modern Threats - John Delaroderie, Mike Manrod - ASW #133

453

Top CyberSec Skills for 2021, Xbox Gamertag Bug, & MobileIron RCE Flaw - ASW #132

454

Security Decisions During Application Development - Tim Mackey - ASW #132

455

Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper - ASW #131

456

Threat Modeling Deep Dive - ASW #131

457

'Platypus' Attack, IDOR DOD Bug, & 2 More Chrome 0-Days - ASW #130

458

Automated Hacker Knowledge - Rickard Carlsson - ASW #130

459

Security Is a Feature - Keith Hoodlet - ASW #129

460

China's Top Hacking Contest, GitHub Actions, & Vulnonym - ASW #129

461

Lax IoT, Adobe Flash Croaks, Link Preview Vulns, & Security Theatre! - ASW #128

462

Azure App Service & Cloud-Native Signal Sciences Deployments - Alfred Chung - ASW #128

463

Cyber Risk in Industrial IoT, Firefox 'Site Isolation', & Chrome 0-Day Bug - ASW #127

464

Cyber Resiliency Through Self-Healing Cloud Infrastructure - Cesar Rodriguez - ASW #127

465

Windows "Ping of Death", SonicWall VPN RCE , & MediaTek BootROM Glitch - ASW #126

466

The Future of Application Security Testing (AST) - Taylor McCaslin - ASW #126

467

Fortinet SIEM RCE, Facebook Bug Bounty, & Anti-Virus Vulnerabilities - ASW #125

468

Application Security Best Practices - James Manico - ASW #125

469

DOMOS 5.8 OS Command Injection, API Shield, & TRB245 Vulnerabilities - ASW #124

470

Things Every Developer Should Know About Security - Chris Romeo - ASW #124

471

Bypassing TikTok's MFA, Instragram RCE, & Chrome Security Updates - ASW #123

472

The Difference Between Finding Vulns & Securing Apps - ASW #123

473

Project OneFuzz, Bluetooth Spoofing Bug, & Safeguarding Secrets - ASW #122

474

Visualizing & Detecting Threats For Your Custom Application - Justin Massey - ASW #122

475

RCE via BACKBLAZE, Microsoft Patch Tuesday, & CRYLOGGER - ASW #121

476

The People & Process of DevOps - Frank Catucci - ASW #121

477

GitHub to Ruby 2.7, CISO Success, & Lessons From Uber - ASW #120

478

Detecting Threats & Avoiding Misconfigs In The Cloud-Age - Marc Tremsal - ASW #120

479

ATM Attacks, gcploit, & ClusterFuzz - ASW #119

480

DevOps-First Application Security For Mid-Markets - Sundar Krish - ASW #119

481

AWS S3 Crypto SDK, ReVoLTE Attack, & Microsoft Bug Bounties - ASW #118

482

Immutable Security For Immutable Infrastructure - Cesar Rodriguez - ASW #118

483

SWVHSC: Amazon GuardDuty, Sandboxing & Workload Isolation, & No More SHA-1 - ASW #117

484

SWVHSC: How Does Sec Live In A DevOps World? - Mike Rothman - ASW #117

485

TaskRouter JS SDK, EL1/EL3 Vulnerability, & 234 Alexa Skills Store Violations - ASW #116

486

Fixing Vulnerabilities Effectively & Efficiently - John Matherly - ASW #116

487

SIGRed RCE, Google Cloud 'Confidential VMs', & Twitter Hack Crypto Scam - ASW #115

488

Cloud Security Posture Management & Governance - Bhasker Nallapothula, Kris Rajana - ASW #115

489

Top Bug Bounty Rankings, Zoom 0-Day, & Firefox Send Malware - ASW #114

490

DevSecOps - Judy Ngure - ASW #114

491

Guacamole RCE, PAN-OS Flaw, & A Culture of Resilience - ASW #113

492

Protecting Mobile Applications - Catherine Chambers, Will Hickie - ASW #113

493

DLL Hijacking, Trust Through Privacy, & Adobe EOL Data - ASW #112

494

Using IaC to Establish & Analyze Secure Environments - Cesar Rodriguez - ASW #112

495

CallStranger, SMBleedingGhost, & Misconfigured Kubeflow - ASW #111

496

Data Mapping & Data Value Journey - Michelle Dennedy - ASW #111

497

Zoom Vulns, Apple 0-Days, & Abandoned Domains - ASW #110

498

The Future State of AppSec - Phillip Maddux - ASW #110

499

Apps Are the New Endpoint - Catherine Chambers - ASW #109

500

How to Prevent Account Takeover Attacks - John Chirhart - ASW #109

501

Highlights From the New Open Source Security and Risk Analysis Report - Tim Mackey - ASW #108

502

Using Rate Limiting to Protect Web Apps and APIs - Jack Zarris - ASW #108

503

Samsung RCE 0-Click, Whispers, & Compromising Pluton - ASW #107

504

How Can Security Work TOGETHER, Not Against, Developers - Joe Garcia - ASW #107

505

Psychic Paper, Salt RCE, & Love Bugs - ASW #106

506

Modern Application Security & Container Security - Gareth Rushgrove - ASW #106

507

Nintendo Breach, NSA Advisory, & Security of IoMT - ASW #105

508

Threat Modeling in AppSec - Avi Douglen - ASW #105

509

Malicious Ruby Gems & JSON Web Token Bypass - ASW #104

510

Building an AppSec Ecosystem - Rebecca Deck - ASW #104

511

Zooming Alex Stamos & Building Security TestOps - ASW #103

512

Making Kubernetes a Hostile Place for Attackers - Brad Geesaman - ASW #103

513

Zoom Flaws, 'Zombie' win32k Bug, & Inputscope - ASW #102

514

You're (probably) Doing AppSec Wrong - Grant Ongers - ASW #102

515

The Benefits of SAST and SCA in Your IDE - Utsav Sanghani - ASW #101

516

Singularity: A Different Take on Container Security - Adam Hughes - ASW #101

517

Bottlerocket, Supply Chain Casualty, DevOps Sweet Spot - ASW #100

518

DevSecOps / Scaling Security - Clint Gibler - ASW #100

519

CISOs, CVE, DevOps, Gandalf - ASW #99

520

Guy Podjarny, Snyk - Guy Podjarny - ASW #99

521

InfoSec World Workshop: DevSecOps and Cultural Transformation - Dan Petit - ASW #98

522

Ghostcat, Apache, Networks, Starliner - ASW #98

523

Application News - RSA Conference News and Activities - ASW #97

524

Chris Eng Interview - What's New with Veracode - Chris Eng - ASW #97

525

SweynTooth, OWASP, CRXcavator, DevSecOps - ASW #96

526

Lessons Learned From The DevSecOps Trenches - Doug DePerry - ASW #96

527

WhatsApp Flaw, Dropbox Bug Bounty Program, Investigating Web Shell Attacks - ASW #95

528

Mitigating at Design Time - Shaun Lamb - ASW #95

529

Scaling an AppSec Program - ASW #94

530

Xbox Bounty Program, Magento Patch, RCE in OpenSMTPD - ASW #94

531

Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks - ASW #93

532

Dynamically Protecting Mobile Applications With RASP - John Butler - ASW #93

533

Crypto Bugs, IoT Planes and Application Inspectors, Oh My! - ASW #92

534

Protecting Data in Apps and Protecting Apps from Data - ASW #92

535

The Evolution of DevSecOps and AppSec Trends in 2020 - Hillel Solow - ASW #91

536

Application News - ASW #91

537

Application News - ASW #90

538

Privacy by Design - ASW #90

539

Binary Planting, GitLab, and DevOps Pipelines - ASW #89

540

API Security - Dave Ferguson - ASW #89

541

The World Runs On Open-Source, But Who's Paying For Gas? - ASW #88

542

Software Bill of Materials (SBOM) - Allan Friedman - ASW #88

543

Facebook, Twitter, & Firefox - ASW #87

544

Bot Management - Sandy Carielli - ASW #87

545

Application News - ASW #86

546

Development Decisions Affect The Security Of Any Application - Tim Mackey - ASW #86

547

Sysdig Secure 3.0 - Pawan Shankar - ASW #85

548

Mirantis' Docker, CISOs, & End of Life Dates - ASW #85

549

Application News - ASW #84

550

Security Testing - ASW #84

551

Application News - ASW #83

552

Teaching Security In Software Development - Daniel Lowrie, Justin Dennison - ASW #83

553

Application News - ASW #82

554

Bug Bounties, Pentesting, & Scanners - ASW #82

555

Application News - ASW #81

556

Doug Coburn, Signal Sciences - Doug Coburn - ASW #81

557

Application News - ASW #80

558

Francois Lascelles, Ping Identity - ASW #80

559

Application News - ASW #79

560

Cloud Security for Small Teams - ASW #79

561

Application News - ASW #78

562

Information Disclosure Vulnerabilities - Ryan Kelso - ASW #78

563

Training For Developers - Nicolas Valcárcel - ASW #77

564

Application News - ASW #77

565

Bugs, Breaches, & More - ASW #76

566

OWASP Application Security Verification Standard - ASW #76

567

Bugs, Breaches, & More - ASW #75

568

Tools in the DevOps Pipeline: Ty Sbano, Sisense - ASW #75

569

Black Hat Interviews - WhiteSource and Venafi - ASW #74

570

Container Security With Sysdig Secure 2.4 - Pawan Shankar - ASW #74

571

Bugs, Breaches, and More! - ASW #73

572

Ping Identity, Cequence, & NowSecure - ASW #73

573

Application News - ASW - News #72

574

Hacker Summer Camp Round-UP - ASW - Topic #72

575

Application News - Application Security Weekly #71

576

Container Security Today - Application Security Weekly #71

577

Application News - Application Security Weekly #70

578

Secure App Deployment With Unikernels - Application Security Weekly #70

579

Application News - Application Security Weekly #69

580

Securing Multi-Cloud Environments - Application Security Weekly #69

581

Application News - Application Security Weekly #68

582

Cloud Native - Application Security Weekly #68

583

Security Training for Devs - Application Security Weekly #67

584

GKE, AWS, & S3 Buckets - Application Security Weekly #67

585

Don't Ignore APIs - Application Security Weekly #66

586

Osquery, Netflix, & Mozilla - Application Security Weekly #66

587

Bugs, Breaches, and More! - Application Security Weekly #65

588

Shannon Lietz, Intuit - Application Security Weekly #65

589

MacOS Catalina, OpenShift, & Pink Floyd - Application Security Weekly #64

590

DevSecOps & Software Supply Chains, Microsoft - Application Security Weekly #64

591

Application News - Application Security Weekly #63

592

Major Identities & Micro Services - Application Security Weekly #63

593

Application News - Application Security Weekly #62

594

Cody Wood, Signal Sciences - Application Security Weekly #62

595

Application News - Application Security Weekly #61

596

Securing Software Supply Chains - Application Security Weekly #61

597

Sven Morgenroth, Netsparker - Application Security Weekly #60

598

Application News - Application Security Weekly #60

599

Application News - Application Security Weekly #59

600

Larry Maccherone, Comcast - Application Security Weekly #59

601

Application News - Application Security Weekly #58

602

Thomas Hatch, SaltStack - Application Security Weekly #58

603

Application News - Application Security Weekly #57

604

Containers and Kubernetes - Application Security Weekly #57

605

Falco, Sysdig - Application Security Weekly #56

606

Docker, ARM, & "Selfie" - Application Security Weekly #56

607

Wins & Challenges In AppSec , Square - Application Security Weekly #55

608

Bugs, Breaches, and More! - Application Security Weekly #55

609

DARPA, Yelp, & FBI - Application Security Weekly #54

610

Jamie Duncan, Red Hat - Application Security Weekly #54

611

Application News - Application Security Weekly #53

612

RSA 2019 Recap - Application Security Weekly #53

613

Matt Springfield, 12Feet, Inc. - Application Security Weekly #52

614

Bugs, Breaches, and More! - Application Security Weekly #52

615

Android, Dark Web, & Development - Application Security Weekly #51

616

Integrating Security into DevOps, Altran - Application Security Weekly #51

617

Application News - Application Security Weekly #50

618

Basic Flow of Problem, Solution, and Value - Application Security Weekly #50

619

Application News - Application Security Weekly #49

620

The Current State of Privacy & Software Development - Application Security Weekly #49

621

Bugs, Breaches, and More! - Application Security Weekly #48

622

Jing Xie, Venafi - Application Security Weekly #48

623

The Human Element of Application Security - Application Security Weekly #47

624

Bugs, Breaches, and More - Application Security Weekly #47

625

Rey Bango, Microsoft - Application Security Weekly #46

626

CRLF, NASA, & GitHub - Application Security Weekly #46

627

WordPress, Silicon Valley, and Hijacking - Application Security Weekly #45

628

Ken Johnson, GitHub - Application Security Weekly #45

629

Signal App, Jenkins Servers, & WordPress - Application Security Weekly #44

630

Harry Sverdlove, Edgewise - Application Security Weekly #44

631

Chris Elgee, Counter Hack Challenge - Application Security Weekly #43

632

Kubernetes, Firefox, & WordPress - Application Security Weekly #43

633

NSA Malware, AFL Fuzzer, & Firecracker - Application Security Weekly #42

634

Aleksei Tiurin, Acunetix - Application Security Weekly #42

635

Drupalgeddon, USPS, & JavaScript - Application Security Weekly #41

636

Brent Dukes - Application Security Weekly #41

637

Instagram, Kraken, GitMiner - Application Security Weekly #40

638

John Kinsella, Layered Insight - Application Security Weekly #40

639

ColdFusion, Destroying Logs, & Tracing Meme's - Application Security Weekly #39

640

Brian Kelly, CyberArk - Application Security Weekly #39

641

'Stalkerware', DHCPv6 Packets , & Python - Application Security Weekly #38

642

Daniel Cuthbert, Banco Santander - Application Security Weekly #38

643

Airline Hacks, MicroTik Bug, & WordPress - Application Security Weekly #37

644

Johnny Xmas, Kasada.io - Application Security Weekly #37

645

Cryptocurrency, Disney, and Adobe - Application Security Weekly #36

646

Bugs, Breaches, and More! - Application Security Weekly #36

647

Garrett Gross, Rapid7 - Application Security Weekly #35

648

Git Project, Google+, & Facebook - Application Security Weekly #35

649

Bugs, Breaches, and More - Application Security Weekly #34

650

Landing a Job in Application Security - Application Security Weekly #34

651

Newegg, Ticketmaster, & iOS 12 - Application Security Weekly #33

652

Ron Gula, Gula Tech Adventures - Application Security Weekly #33

653

Bluebox-ng, Stock Data Breaches, and CommitStrip- Application Security Weekly #32

654

April Wright, ArchitectSecurity.org - Application Security Weekly #32

655

Microsoft, Equifax, MacOS, and Bug Bounties - Application Security Weekly #31

656

Zane Lackey, Signal Sciences - Application Security Weekly #31

657

Fortnite, Netflix, & Black Hat - Application Security Weekly #30

658

The Apache Struts2 RCE Vulnerability - Application Security Weekly #30

659

Tom McLaughlin, ServerlessOps - Application Security Weekly #29

660

Matt Alderman & Paul Asadoorian, Def Con 2018 - Application Security Weekly #29

661

Alibaba Cloud Security, Comcast, and Facebook - Application Security Weekly #28

662

Secure Coding Practices - Application Security Weekly #28

663

Resources, Bugs, Breaches, and Learning Tools - Application Security Weekly #27

664

Galen Hunt, Microsoft - Application Security Weekly #27

665

Spectre, OWASP, and iGoat - Application Security Weekly #26

666

Jessica Rozhin, Marqueta - Application Security Weekly #26

667

Venmo, Oracle, & Linux - Application Security Weekly #25

668

Joe Garcia, CyberArk - Application Security Weekly #25

669

AppSec Solutions in a DevOps World - Application Security Weekly #24

670

iOS Bugs, Burp Suite, & DevSecOps - Application Security Weekly #24

671

The Hardest Problem in Application Security - Application Security Weekly #23

672

Facebook, Google, & GitLab - Application Security Weekly #23

673

PHPMyAdmin, GitHub, and VS Code - Application Security Weekly #22

674

Thomas GX, Yelda - Application Security Weekly #22

675

Microsoft, JavaScript, AI Can Fire - Application Security Weekly #21

676

Dan Kuykendall, Rapid7 - Application Security Weekly #21

677

Windows, Smart Lock, & iPhone Hackers - Application Security Weekly #20

678

Ron Gula, Gula Tech Adventures - Application Security Weekly #20

679

FireFox, Windows 10, DevOps, and BitHubLab - Application Security Weekly #19

680

Peter Chestna, Veracode - Application Security Weekly #19

681

GitHub, Oracle, & GDPR - Application Security Weekly #18

682

Agile vs. DevOps - Application Security Weekly #18

683

Nest, Node.js, & F.Secure - Application Security Weekly #17

684

James Wickett, Signal Sciences - Application Security Weekly #17

685

Adam Gordon, ITProTV - Application Security Weekly #16

686

Text Bombs, Black Dots of Death, and Azure - Application Security Weekly #16

687

Twitter, Meltdown, & RSAC - Application Security Weekly #15

688

Building Your AppSec Program - Application Security Weekly #15

689

Building Your AppSec Program: Getting Started - Application Security Weekly #14

690

FDA, Microsoft, & Android - Application Security Weekly #14

691

Drupal, RSAC, & Facebook - Application Security Weekly #13

692

Rami Sass, CEO & Co-Founder of WhiteSource - Application Security Weekly #13

693

Windows, MacOS, & Javascript - Application Security Weekly #12

694

Open Source Software - Application Security Weekly #12

695

One Language to Rule Them All - Application Security Weekly #11

696

Intel, Slack, Spectre, & NASA - Application Security Weekly #11

697

DevOps or DevSecOps? - Application Security Weekly #10

698

Cloudflare, Facebook, & Red Team Wisdom - Application Security Weekly #10

699

AMD, MailChimp, & Equifax - Application Security Weekly #9

700

Personal Development in Application Security - Application Security Weekly #9

701

Ethereum, Kali Linux, & Creepy Alexa - Application Security Weekly #8

702

AppSec Development Partnership - Application Security Weekly #8

703

DigiCert, GitHub, & Black Panther - Application Security Weekly #7

704

Facebook Malware Scan - Application Security Weekly #7

705

Bitcoin, Salon, Oxford Comma Dispute, and Amazon - Application Security Weekly #6

706

Topic: Bug Bounties - Application Security Weekly #6

707

OWASP ASVS pt. 2 - Application Security Weekly #05

708

NSA, Google, & Microsoft - Application Security Weekly #05

709

OWASP Application Security Verification Standard - Application Security Weekly #04

710

Intel, CloudFair, & Lenovo - Application Security Weekly #04

711

Facebook, RedHat, & Russian Twitterbots - Application Security Weekly #03

712

Matias Madou, Secure Code Warrior - Application Security Weekly #03

713

Google, Oracle, and Apple - Application Security Weekly #02

714

Top 10 OWASP pt.2 - Application Security Weekly #02

715

OWASP Top 10 (2017) Overview - Application Security Weekly #1

716

NVIDIA, Oracle, Coinbase, and Bitcoin - Application Security Weekly #1

717

Rise of Application Security - Application Security Weekly #00

718

Google, Intel, Mozilla, and Starbucks - Application Security Weekly #00