38 min listen
Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks - ASW #93
Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks - ASW #93
ratings:
Length:
34 minutes
Released:
Jan 29, 2020
Format:
Podcast episode
Description
Pwn2Own Miami -- Schedule and Live Results show just how profitable deserialization, information leaks, and out-of-bounds flaws are, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on [Mitigating Cloud Vulnerabilities Mitigating Cloud Vulnerabilities] across four major classes of misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities that represent the majority of known vulns, Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure, and Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information. Deconstructing Web Cache Deception Attacks is another class of problems like HTTP Response Smuggling that takes advantage of inconsistencies in systems that handle web traffic. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode93
Released:
Jan 29, 2020
Format:
Podcast episode
Titles in the series (100)
Interview with Troy Hunt - Episode 339: Troy is a Software architect and Microsoft MVP, you'll usually find him writing about security concepts and process improvement in software delivery on his blog. He also has a free e-book out "OWASP Top 10 for .NET developers" by Security Weekly Podcast Network (Video)