Google 2FA Cloning, Speed vs. Security, & "Hack The Army" Bug Bounty 3.0 - ASW #136 | Security Weekly Podcast Network (Video) Podcast

Google 2FA Cloning, Speed vs. Security, & "Hack The Army" Bug Bounty 3.0 - ASW #136: Significant source code leak from misconfigured repo, side-channel attack on hardware authentication keys, a third bug bounty for the U.S. Army, the cost of poor software quality, the benefits of DevOps approaches to building systems. Visit ... by Application Security Weekly (Video)

31 min listen

Unauth'd RCE, "Regexploits", Post-Spectre Web, & SigStore Signing - ASW #143: Software safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts, 8 roles for today's security teams. Visit for all the latest... by Security Weekly Podcast Network (Video)

29 min listen

Unauth'd RCE, "Regexploits", Post-Spectre Web, & SigStore Signing - ASW #143: Software safety to mitigate the impact of unauthenticated RCEs, exploding regex patterns, web and browser security in the face of Spectre side-channels, signing software artifacts, 8 roles for today's security teams. Visit for all the latest... by Application Security Weekly (Video)

29 min listen

Breaking John - ASW #136: This week, we welcome Andrei Serban, Co-Founder at Fuzzbuzz, to discuss Fuzz Testing! Fuzzing can be successful AppSec strategy for finding software bugs. And deploying a fuzzer no longer needs to be a cumbersome process. Find out how fuzzing can help... by Security Weekly Podcast Network (Audio)

67 min listen

Application News - ASW #81: From Stackoverflow to CVE, with some laughs along the way, Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise, Recent Site Isolation improvements in Chrome, policy_sentry is an IAM Least Privilege Policy Generator, auditor, and analysis... by Security Weekly Podcast Network (Video)

36 min listen

Application News - ASW #81: From Stackoverflow to CVE, with some laughs along the way, Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise, Recent Site Isolation improvements in Chrome, policy_sentry is an IAM Least Privilege Policy Generator, auditor, and analysis... by Application Security Weekly (Video)

36 min listen

DARPA's AI Challenge, CISA Wants Secure Open Source, 5 Years of Vuln Research - ASW #251: DARPA unleashes an AI Cyber Challenge to find flaws, CISA asks for input on securing open source software and memory safety, what five years of vuln research shows for vuln management programs, siphoning security tokens from VS Code, and more! ... by Application Security Weekly (Video)

34 min listen

DARPA's AI Challenge, CISA Wants Secure Open Source, 5 Years of Vuln Research - ASW #251: DARPA unleashes an AI Cyber Challenge to find flaws, CISA asks for input on securing open source software and memory safety, what five years of vuln research shows for vuln management programs, siphoning security tokens from VS Code, and more! ... by Security Weekly Podcast Network (Video)

34 min listen

Everything's Valid in Code & War: Attacks on the Software Supply Chain - Santiago Torres Arias - PSW #776: Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere valid targets. We will discuss the developer perspective on software supply chain attacks. Segment... by Security Weekly Podcast Network (Video)

64 min listen

NSA Malware, AFL Fuzzer, & Firecracker - Application Security Weekly #42: Hackers are opening SMB ports on routers to infect PCs with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer... by Security Weekly Podcast Network (Video)

30 min listen

NSA Malware, AFL Fuzzer, & Firecracker - Application Security Weekly #42: Hackers are opening SMB ports on routers to infect PCs with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer... by Application Security Weekly (Video)

30 min listen

PSW #772 - Hal Pomeranz: Linux systems are a collection of free and Open Source software-- some packaged by your distro, some built from source. How do you verify that your upstream isn't polluted by bad actors? Segment Resources: In the Security News:... by Security Weekly Podcast Network (Audio)

157 min listen

HTTP/3 Streams, Argo CD Paths, Log4j Devs, Cyber Safety Review Board, OSSF Projects - ASW #183: Vulns in an HTTP/3 server, path traversal in Argo CD, Log4Shell from the perspective of Log4j devs, DHS launches Cyber Safety Review Board, OSSF launches Alpha and Omega projects, resources for learning reverse engineering and appsec Visit for... by Application Security Weekly (Video)

37 min listen

HTTP/3 Streams, Argo CD Paths, Log4j Devs, Cyber Safety Review Board, OSSF Projects - ASW #183: Vulns in an HTTP/3 server, path traversal in Argo CD, Log4Shell from the perspective of Log4j devs, DHS launches Cyber Safety Review Board, OSSF launches Alpha and Omega projects, resources for learning reverse engineering and appsec Visit for... by Security Weekly Podcast Network (Video)

37 min listen

China's Top Hacking Contest, GitHub Actions, & Vulnonym - ASW #129: China's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software... by Application Security Weekly (Video)

34 min listen

China's Top Hacking Contest, GitHub Actions, & Vulnonym - ASW #129: China's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software... by Security Weekly Podcast Network (Video)

34 min listen

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254: Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why... by Security Weekly Podcast Network (Audio)

73 min listen

XSS in Azure, Choosing Web Research Topics, Security Dev-in-Residence, More Myths - ASW #245: Two XSS vulns via postMessage methods in Azure, how to choose (and move on from) a web research topic, OpenSSF finances a security developer-in-residence for Python, more infosec myths, free cybersecurity training resources Visit for all... by Application Security Weekly (Video)

38 min listen

XSS in Azure, Choosing Web Research Topics, Security Dev-in-Residence, More Myths - ASW #245: Two XSS vulns via postMessage methods in Azure, how to choose (and move on from) a web research topic, OpenSSF finances a security developer-in-residence for Python, more infosec myths, free cybersecurity training resources Visit for all... by Security Weekly Podcast Network (Video)

38 min listen

Application News - Application Security Weekly #68: WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! Full Show Notes:... by Security Weekly Podcast Network (Video)

32 min listen

Application News - Application Security Weekly #68: WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! Full Show Notes: Follow us on Twitter: by Application Security Weekly (Video)

32 min listen

Creating Code Security Through Better Visibility - Christien Rioux - ASW #273: We've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positives. Sometimes it burdens us with too many issues. We talk about finding a scanning strategy that works... by Security Weekly Podcast Network (Audio)

84 min listen

PSW #769 - Kate Stewart: Over the last few years, the trend to use Open Source has been migrating into safety-critical applications, such as automotive and medical, which introduces system-level analysis considerations. In a similar fashion, these components are now being... by Security Weekly Podcast Network (Audio)

175 min listen

ASW #231 - Neatsun Ziv: In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a consortium of leading cybersecurity leaders. OSC&R the... by Security Weekly Podcast Network (Audio)

80 min listen

21 Nails: Behind the Scenes Discussion of Qualys Exim Vulnerability Discovery - Wheel - PSW #695: Join Qualys researcher Wheel for a discussion on the team's recent discovery and disclosure of multiple critical vulnerabilities in the Exim mail server. This includes discussion of the vulnerabilities that can be chained together to obtain full... by Security Weekly Podcast Network (Video)

45 min listen

OT Security - Huxley Barbee - ASW #259: It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios.... by Security Weekly Podcast Network (Video)

40 min listen

OT Security - Huxley Barbee - ASW #259: It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios.... by Application Security Weekly (Video)

40 min listen

OT Security - Huxley Barbee - ASW #259: It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios.... by Security Weekly Podcast Network (Audio)

79 min listen

Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256: A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: by Security Weekly Podcast Network (Video)

40 min listen

Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256: A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: by Application Security Weekly (Video)

40 min listen

Discover this podcast and so much more

Google 2FA Cloning, Speed vs. Security, & "Hack The Army" Bug Bounty 3.0 - ASW #136

Google 2FA Cloning, Speed vs. Security, & "Hack The Army" Bug Bounty 3.0 - ASW #136

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes