OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165 | Security Weekly Podcast Network (Video) Podcast

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165: This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit for all the... by Application Security Weekly (Video)

37 min listen

Drive - ASW #165: This week, we welcome Manish Gupta, CEO and Co-Founder of ShiftLeft, to discuss Findings From the 2021 AppSec Shift Left Progress Report! Data from the ShiftLeft customer report shows that companies that have rebuilt their core testing processes... by Security Weekly Podcast Network (Audio)

74 min listen

OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166: This week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka... by Application Security Weekly (Video)

32 min listen

OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166: This week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka... by Security Weekly Podcast Network (Video)

32 min listen

Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172: This week in the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations! Visit for all the latest... by Application Security Weekly (Video)

39 min listen

Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172: This week in the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations! Visit for all the latest... by Security Weekly Podcast Network (Video)

39 min listen

Supply Chain Integrity, Format Strings, Systemd Bug, Instagram Bounty, & Refactoring - ASW #155: This week in the AppSec Weekly News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor... by Security Weekly Podcast Network (Video)

35 min listen

Supply Chain Integrity, Format Strings, Systemd Bug, Instagram Bounty, & Refactoring - ASW #155: This week in the AppSec Weekly News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor... by Application Security Weekly (Video)

35 min listen

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Application Security Weekly (Video)

31 min listen

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Security Weekly Podcast Network (Video)

31 min listen

Application News - ASW #90: This week, on the Application Security News, Mike Shema and Matt Alderman discuss Featured Flaws and Big Breaches (Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager), Cloud, Code and Controls (Python is dead. Long live Python!),... by Application Security Weekly (Video)

28 min listen

Application News - ASW #90: This week, on the Application Security News, Mike Shema and Matt Alderman discuss Featured Flaws and Big Breaches (Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager), Cloud, Code and Controls (Python is dead. Long live Python!),... by Security Weekly Podcast Network (Video)

28 min listen

ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164: This week in the Application Security News, Mike and John talk: Flaws in Azure's CosmosDB, OpenSSL vulns in string handling, dating app location security, cloud security orienteering, detailed S3 threat model, & more! Show Notes: Visit ... by Security Weekly Podcast Network (Video)

35 min listen

ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164: This week in the Application Security News, Mike and John talk: Flaws in Azure's CosmosDB, OpenSSL vulns in string handling, dating app location security, cloud security orienteering, detailed S3 threat model, & more! Show Notes: Visit ... by Application Security Weekly (Video)

35 min listen

ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics - ASW #154: This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more!... by Application Security Weekly (Video)

33 min listen

ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics - ASW #154: This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more!... by Security Weekly Podcast Network (Video)

33 min listen

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Application Security Weekly (Video)

34 min listen

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Security Weekly Podcast Network (Video)

34 min listen

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175: This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs! Visit for all the... by Application Security Weekly (Video)

35 min listen

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175: This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs! Visit for all the... by Security Weekly Podcast Network (Video)

35 min listen

Signal Aesthetics, AirDrop Privacy, Safety vs. Security, & Data Ordering Attacks - ASW #148 by Application Security Weekly (Video)

35 min listen

Signal Aesthetics, AirDrop Privacy, Safety vs. Security, & Data Ordering Attacks - ASW #148: This week in the AppSec News: Signal points out parsing problems, privacy preserving improvements to AirDrop, Homebrew disclosure, WhatsApp workflows, adversarial data ordering for ML, & more! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

35 min listen

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Application Security Weekly (Video)

33 min listen

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Security Weekly Podcast Network (Video)

33 min listen

Okta Breach, SolarWinds RCEs, CISOs and Boards, Crypto Business Logic, Secure Design - ASW #260: Appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and... by Security Weekly Podcast Network (Video)

40 min listen

Okta Breach, SolarWinds RCEs, CISOs and Boards, Crypto Business Logic, Secure Design - ASW #260: Appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and... by Application Security Weekly (Video)

40 min listen

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168: In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

37 min listen

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168: In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

37 min listen

Skills & Knowledge - ASW #167: This week, we welcome Anita D'Amico, VP, Market Development at Synopsys, and Patrick Carey, Senior Director of Product Marketing at Synopsys, to discuss AppSec Orchestration/Correlation & DevSecOps Efficiency! In the AppSec News: The Great Leak... by Security Weekly Podcast Network (Audio)

72 min listen

CWE Top 25, Bugs in Inconstancies, Sequoia Vuln, Twitter Transparency, & Cloud Risks - ASW #159: This week in the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more! Visit for all the latest... by Application Security Weekly (Video)

41 min listen

Discover this podcast and so much more

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes