34 min listen
Cheesy Tomato Dreams - ASW #181
Cheesy Tomato Dreams - ASW #181
ratings:
Length:
70 minutes
Released:
Jan 25, 2022
Format:
Podcast episode
Description
It is hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against flaws in code that receives little review. For example, a “dated trend” by effective yet lazy hackers is to search for APIs unknown by security teams, coined “Shadow APIs”, then connect to these APIs and extract data. SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean pay dirt or “move on to the next target”. Now the same can be said for Shadow API: Find, Connect, Extract. Himanshu will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button or a few lines of code in Python. In the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engineering course and lectures, 25 years of HTTP/1.1 Show Notes: https://securityweekly.com/asw181 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Released:
Jan 25, 2022
Format:
Podcast episode
Titles in the series (100)
Paul's Security Weekly - Special Edition - Mike Poor & Ed Skoudis Interview - Part I: We are very excited to present to our listeners an exclusive interview with Mike Poor & Ed Skoudis of Intelguardians and The SANS Institute. Larry, The Mason, and myself spoke with Mike and Ed about a wide range of information security topics. This... by Security Weekly Podcast Network (Audio)