Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190

FromSecurity Weekly Podcast Network (Video)

Start listening View podcast show

Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190

FromSecurity Weekly Podcast Network (Video)

ratings:

Length:

42 minutes

Released:

Mar 29, 2022

Format:

Podcast episode

Description

In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw190

Released:

Mar 29, 2022

Format:

Podcast episode

Titles in the series (100)

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.

Skip carousel

Tech Segment: Threat Analytics with Ty Miller - Episode 340: Ty Miller is CEO and Founder of Threat Intelligence , has had many TV appearances, radio interviews, print newspaper and magazine articles, and regular online commentary & BlackHat Trainings. Ty Miller's experience not only covers penetration... by Security Weekly Podcast Network (Video)
23 min listen
Interview with Richard Stiennon: Richard Stiennon, security expert and industry analyst, is known for shaking up the industry and providing actionable guidance to vendors and end users. He relaunched the security blog ThreatChaos.com and is the founder of IT-Harvest. by Security Weekly Podcast Network (Video)
49 min listen
Hack Naked TV Episode 57: In this episode we talk about Prism, M$, HIPAA and Panic!!! In the financial sector!! Links for this episode: http://tinyurl.com/HNTV-HIPAA-Costs http://tinyurl.com/HNTV-Financial-collapse http://tinyurl.com/HNTV-MS-NSA by Security Weekly Podcast Network (Video)
9 min listen
Hack naked TV 56ish: In this episode we talk about the importance of being able to detect insider threats. by Security Weekly Podcast Network (Video)
8 min listen
Interview with Schuyler Towne - Episode 338: Schuyler Towne is on a mission to recover as much information as possible about the lock-related patents that were lost to the patent office fire of 1836. His primary interest is in the history and the story of the creators of the lost locks, but his... by Security Weekly Podcast Network (Video)
21 min listen
Tech Segment: Bro IDS: Bro is a passive, open-source network traffic analyzer and was originally developed by Vern Paxson, who continues to lead the project now jointly with a core team of researchers and developers at the International Computer Science Institute in... by Security Weekly Podcast Network (Video)
37 min listen
Hack Naked TV Episode 59: In this episode we talk about pwnedlist and how many companies are compromised and don't even know it. We also talk about how one should not throw stones in glass houses. by Security Weekly Podcast Network (Video)
11 min listen
Interview with Troy Hunt - Episode 339: Troy is a Software architect and Microsoft MVP, you'll usually find him writing about security concepts and process improvement in software delivery on his blog. He also has a free e-book out "OWASP Top 10 for .NET developers" by Security Weekly Podcast Network (Video)
38 min listen
Tech Segment: Honeyports - Episode 340: If you've seen one of mine, or John Strand's, presentations on offensive countermeasures, you know about Honeyports. If you've taken our class or read our book, you've seen this too! Just to recap: If you tell your host to listen... by Security Weekly Podcast Network (Video)
13 min listen
Interview with Kati Rodzon and Mike Murray: Kati Rodzon is the manager of Security Behavior Deisgn for MAD Security. Her last nine years have been spent studying psychology and ways to modify human behavior. From learning about the power of social pressure on groups, to how subtle changes in... by Security Weekly Podcast Network (Video)
36 min listen
Interview with Whitfield Diffie - Episode 341: Dr. Diffie is a pioneer of public-key cryptography and was VP of Information Security and Cryptography at ICANN. He is author of Privacy on the Line: The Politics of Wiretapping and Encryption by Security Weekly Podcast Network (Video)
50 min listen
Episode 350: Using NMap to get HTML Comments from HTTP Responses: Description: Extracts and outputs HTML/JS comments from HTTP responses. Why would someone use the tool or technique ? : "The attached script makes use of patterns to extract HTML comments from HTTP responses. There are times sensitive information... by Security Weekly Podcast Network (Video)
18 min listen
Tech Segment with Allison Nixon - Episode 341: Denying Service to DDOS Protection Services by Security Weekly Podcast Network (Video)
22 min listen
Interview with Ira Winkler - Episode 343: Ira Winkler, CISSP is President of Secure Mentem. Ira is one of the foremost experts in the human elements of cyber security and is known for the extensive espionage and social engineering simulations that he has conducted for Fortune 500 companies... by Security Weekly Podcast Network (Video)
33 min listen
Drunken Security News - Episode 343: You got Paul and Larry this week as they take you through all the fun that is hacking geolocators, Java 6, getting sudo on an OSX machine, and a great story from the pentesting field by Larry. Plus a whole lot more! by Security Weekly Podcast Network (Video)
34 min listen
OWASP Top 10 (2013) with Dave Wichers: The OWASP Top Ten is an awareness document for web application security, representing broad consensus about the most critical web application security risks as determined by the OWASP community. The OWASP Top 10 is one of the earliest and longest... by Security Weekly Podcast Network (Video)
24 min listen
Interview with Matt Bergin - Episode 337: Matt "Level" Bergin, age twenty four, works for CORE Security as a Senior Security Consultant where his day job consists of discovering, exploiting, and mitigating vulnerabilities in their client’s network environments. Before joining... by Security Weekly Podcast Network (Video)
29 min listen
Drunken Security News - Episode 341: Trying to wake up sleeping babies through hacking the baby monitor. Fire in the studio. Male to male plugs. Updating your pooty...and firefox. Fun ways to log in to your Leap Motion controlled Windows box and the iLO authentication bypass. Plus more... by Security Weekly Podcast Network (Video)
40 min listen
Interview with Bruce Potter and JP Bourget - Episode 335: We have JP Bourget and Bruce Potter on the show to announce their ball busting ride across the USA, CycleOverride . CycleOverride is planning a series of rides over the coming years that revolve around information security and fundraising for... by Security Weekly Podcast Network (Video)
15 min listen
Drunken Security News - Episode 344: Want to try to scam John Strand? That might not be the best of ideas. Burp got updated, Rsnake's "joke", opting out to watch porn, 5 Guys Burgers on security and maybe a new way to prevent CSRF. by Security Weekly Podcast Network (Video)
40 min listen
Drunken Security News - Episode 342: From the Bradley Manning sentencing to DDOSing your former employer, the guys at PSW cover all the interesting stories of the week. by Security Weekly Podcast Network (Video)
32 min listen
Tech Segment with Zach Cutlip - Episode 342: Zach will be going over how he does research on exploiting embedded systems and his exploit development framework bowcaster. Zachary Cutlip is a security researcher with Tactical Network Solutions, in Columbia, MD. At TNS, Zach develops exploitation... by Security Weekly Podcast Network (Video)
32 min listen
Drunken Security News - Episode 340: All things Black Hat, DefCon. Making $15,000 to $20,000 per hour. Hijacking a Prius. Vulnerable printers. More SCADA hacking. Hacking toilets. by Security Weekly Podcast Network (Video)
66 min listen
Interview with Onapsis - Episode 338: Selena Proctor, Alex Horan and Mariano Nunez join us from Onapsis. by Security Weekly Podcast Network (Video)
52 min listen
DerbyCon Organizers and Stories - Episode 345: The last segment from episode 345 features Dave, Martin, Adrian and Nick, the DerbyCon organizers to talk about the upcoming third edition of their conference in Louisville. Find out how they planned it to be bigger and better this year! Plus, a... by Security Weekly Podcast Network (Video)
33 min listen
BruCon Matt - Episode 343: Matt is a long time volunteer of BruCon and is going to let us know all the great things in store for 2013. by Security Weekly Podcast Network (Video)
15 min listen
Episode 360: Stories by Security Weekly Podcast Network (Video)
54 min listen
Interview with Jaime Filson - Episode 347: Jaime enjoys long walks on the beach while his computer equipment is busy fuzzing software, cracking passwords, or spidering the internet. He's also the creator of the gitDigger project as well as staff of DEFCON's wireless village. by Security Weekly Podcast Network (Video)
18 min listen
Episode 352: Interview with Winn Schwartau: Winn Schwartau is one of the world's top experts on security, privacy, infowar, cyber-terrorism and related topics. He is well known for his appearances at DEFCON as the host for the game Hacker Jeopardy. by Security Weekly Podcast Network (Video)
41 min listen
Enumerating a Domain using ADSI in PowerShell: Carlos Perez is also known as @DarkOperator, He spends his time reverse engineering, and practicing PowerShell Kung-Fu. Known by his motto "Shell is only the Beginning". by Security Weekly Podcast Network (Video)
21 min listen

More Episodes from Security Weekly Podcast Network (Video)

Skip carousel

Say Easy, Do Hard - Train How You Fight, Part 2 - BSW #349: Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a... by Security Weekly Podcast Network (Video)
32 min listen
Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, More - SWN #384: Tetris, APT42, Kimsuky, Android, ChatRTX, MITRE, Computer Dating, Josh Marpet, and more, on this Edition of the Security Weekly News. Show Notes: by Security Weekly Podcast Network (Video)
38 min listen
AI & Hype & Security (Oh My!) - Caleb Sima - ASW #284: A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects... by Security Weekly Podcast Network (Video)
33 min listen
Hacking AI Bias with Human Techniques - Keith Hoodlet - ASW #284: We already have bug bounties for web apps so it was only a matter of time before we would have bounties for AI-related bugs. Keith Hoodlet shares his experience winning first place in the DOD's inaugural AI bias bounty program. He explains how his... by Security Weekly Podcast Network (Video)
32 min listen
Say Easy, Do Hard - Train How You Fight, Part 1 - BSW #349: Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes... by Security Weekly Podcast Network (Video)
28 min listen
RSA Conference, Verizon DBIR, funding, reports, partnerships and more - ESW #360: It's the week before RSA and the news is PACKED. Everyone is trying to get their RSA announcements out all at once. We've got announcements about funding, acquisitions, partnerships, new companies, new products, new features... To make things MORE... by Security Weekly Podcast Network (Video)
67 min listen
Preparation: The Less Shiny Side of Incident Response - Joe Gross - ESW #360: It's the most boring part of incident response. Skip it at your peril, however. In this interview, we'll talk to Joe Gross about why preparing for incident response is so important. There's SO MUCH to do, we'll spend some time breaking down the... by Security Weekly Podcast Network (Video)
51 min listen
Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland... - SWN #383: Weird Al, Docker, OT, Gitlab, Credit Monitoring, Dropbox, Cisco, AI, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: by Security Weekly Podcast Network (Video)
35 min listen
Kicking Off With Crypto - PSW #827: The Security Weekly crew discusses some of the latest articles and research in cryptography and some background relevant subtopics including the race against quantum computing, key management, creating your own crypto, selecting the right crypto and... by Security Weekly Podcast Network (Video)
65 min listen
ChatGPT Writes Exploits - PSW #827: ChatGPT writes exploits, banning default and weak passwords, forget vulnerabilities just get rid of malware, IR blasting for fun and not profit, creating fake people, shattered dreams and passkey, and removing chips. Show Notes: by Security Weekly Podcast Network (Video)
119 min listen
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283: Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to... by Security Weekly Podcast Network (Video)
41 min listen
Board's Pivotal Role in Cybersecurity as CISO-CEO Communication Gaps Continue - BSW #348: In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more! Show... by Security Weekly Podcast Network (Video)
32 min listen
AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN #382: AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more, are on this edition of the Security Weekly News. Show Notes: by Security Weekly Podcast Network (Video)
37 min listen
Random Problems, Protecting Packages, and Vulns in Designs, Defaults & Data Leaks - ASW #283: Misusing random numbers, protecting platforms for code repos and package repos, vulns that teach us about designs and defaults, and more! Show Notes: by Security Weekly Podcast Network (Video)
39 min listen
Meet Silver SAML: Golden SAML in the Cloud - Eric Woodruff - BSW #348: A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff,... by Security Weekly Podcast Network (Video)
28 min listen
Your TV Is Scanning You - PSW #826: This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for easily guessable passwords too, FlipperZero... by Security Weekly Podcast Network (Video)
110 min listen
TikTok, Flowmon, Cisco, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland - SWN #381: TikTok, Flowmon, Arcane Door, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: by Security Weekly Podcast Network (Video)
38 min listen
How GenAI Can Improve SecOps - Ely Kahn - ESW #359: We've talked about generative AI in a general sense on our podcast for years, but we haven't done many deep dives into specific security use cases. That ends with this interview, as we discuss how generative AI can improve SecOps with Ely Kahn. Some... by Security Weekly Podcast Network (Video)
30 min listen
Threat Modeling and Understanding Inherent Threats - Adam Shostack - ESW #359: This is a great interview with Adam Shostack on all things threat modeling. He's often the first name that pops into people's heads when threat modeling comes up, and has created or been involved with much of the foundational material around the... by Security Weekly Podcast Network (Video)
45 min listen
Autonomous - I don't think that word means what you think it means - ESW #359: A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues... by Security Weekly Podcast Network (Video)
44 min listen
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826: On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil... by Security Weekly Podcast Network (Video)
61 min listen
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380: Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News. Show Notes: by Security Weekly Podcast Network (Video)
37 min listen
XZ & Open Source, PuTTY's Private Keys, LeakyCLI, LLMs Writing Exploits - ASW #282: CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more! Show Notes: by Security Weekly Podcast Network (Video)
38 min listen
Unraveling the "Materiality" Mystery: A CISO's Guide to SEC Compliance - Mike Lyborg - BSW #347: The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare.... by Security Weekly Podcast Network (Video)
30 min listen
Sustainable Funding of Open Source Tools - Simon Bennetts, Mark Curphey - ASW #282: How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source... by Security Weekly Podcast Network (Video)
39 min listen
What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky - BSW #347: Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC... by Security Weekly Podcast Network (Video)
35 min listen
Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379: Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: by Security Weekly Podcast Network (Video)
35 min listen
Crazy money and crazy outcomes - cybersecurity acquisitions in all shapes and sizes - ESW #358: This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million??? Some healthy funding for Cyera and Cohesity ($300m and $150m,... by Security Weekly Podcast Network (Video)
66 min listen
From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358: Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is... by Security Weekly Podcast Network (Video)
41 min listen
Hacker Heroes - Winn Schwartau - PSW #825: Pioneering the Cyber Battlefield: A Deep Dive with Winn Schwartau, Cybersecurity Luminary Get ready for an extraordinary episode as we sit down with Winn Schwartau, a true pioneer and luminary in the world of cybersecurity. Winn's impact on the field... by Security Weekly Podcast Network (Video)
66 min listen

Related podcast episodes

Skip carousel

Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190: In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)
42 min listen
Malicious Ruby Gems & JSON Web Token Bypass - ASW #104: This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A... by Application Security Weekly (Video)
35 min listen
Malicious Ruby Gems & JSON Web Token Bypass - ASW #104: This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A... by Security Weekly Podcast Network (Video)
35 min listen
Docker Boundaries, Google Bounties, 2021's Top Web Hacks, Apple AirTags, AI vs. RFCs - ASW #184: In the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition research! Visit for all the latest episodes!... by Security Weekly Podcast Network (Video)
39 min listen
Docker Boundaries, Google Bounties, 2021's Top Web Hacks, Apple AirTags, AI vs. RFCs - ASW #184: In the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition research! Visit for all the latest episodes!... by Application Security Weekly (Video)
39 min listen
Vulns in Markdown Parsers, Census II & Open Source Security, iCloud Private Relay - ASW #187: In the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)
31 min listen
Vulns in Markdown Parsers, Census II & Open Source Security, iCloud Private Relay - ASW #187: In the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)
31 min listen
Supply Chains in Azure SDK/Xcode, GitHub Sessions, & GCP VRP - ASW #144: In the AppSec News: Supply chain security in Azure SDK and macOS Xcode, GitHub's postmortem on a session handling flaw, six GCP vulns from 2020, & information resources for hacking the cloud! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)
31 min listen
Supply Chains in Azure SDK/Xcode, GitHub Sessions, & GCP VRP - ASW #144: In the AppSec News: Supply chain security in Azure SDK and macOS Xcode, GitHub's postmortem on a session handling flaw, six GCP vulns from 2020, & information resources for hacking the cloud! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)
31 min listen
Typosquatting, Curl's Security Update, & OpenSSF's 10 Point Mobilization Plan - ASW #197: This week in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, interesting appsec from Black Hat Asia. Visit for all the latest... by Security Weekly Podcast Network (Video)
40 min listen
Typosquatting, Curl's Security Update, & OpenSSF's 10 Point Mobilization Plan - ASW #197: This week in the AppSec News: Typosquatting spreads to Rust, curl fixes flaws in mishandling dots and slashes, OpenSSF invests in a mobilization plan for open source, interesting appsec from Black Hat Asia. Visit for all the latest episodes!... by Application Security Weekly (Video)
40 min listen
View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170: This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance! Visit for all the latest... by Application Security Weekly (Video)
38 min listen
View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170: This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance! Visit for all the latest... by Security Weekly Podcast Network (Video)
38 min listen
Robert Downey Jr, K-Shaped, GPT-4, Rapid7, & SVB - ESW #309: AI! Then, produce text that can’t be detected as written by an AI! The K-Shaped recovery of the cybersecurity industry, Software Security is More than Vulnerabilities, Microsoft Outlook hacks itself, Robert Downey Jr. gets into teh cyberz, &... by Security Weekly Podcast Network (Video)
54 min listen
JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Security Weekly Podcast Network (Video)
33 min listen
JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Application Security Weekly (Video)
33 min listen
Ramsay Malware, Top 10 CVE's, & Reverse RDP Attacks - PSW #651: In the Security News, Palo Alto Networks Patches Many Vulnerabilities in PAN-OS, Zerodium will no longer acquire certain types of iOS exploits due to surplus, New Ramsay Malware Can Steal Sensitive Documents from Air-Gapped Networks, vBulletin fixes... by Security Weekly Podcast Network (Video)
94 min listen
Sudo Vuln, Libgcrypt, BlastDoor on iMessage, & AWS Lambda security - ASW #138: This week in the Application Security News, Sudo sure does, Libgcrypt flaw, iMessage demonstrates security by design, AWS Lambda shares a message on its design security, & more! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)
32 min listen
Sudo Vuln, Libgcrypt, BlastDoor on iMessage, & AWS Lambda security - ASW #138: This week in the Application Security News, Sudo sure does, Libgcrypt flaw, iMessage demonstrates security by design, AWS Lambda shares a message on its design security, & more! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)
32 min listen
Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Application Security Weekly (Video)
31 min listen
Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Security Weekly Podcast Network (Video)
31 min listen
Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Application Security Weekly (Video)
34 min listen
Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Security Weekly Podcast Network (Video)
34 min listen
All the News -- Just Six Months Later - ASW #265: We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and... by Application Security Weekly (Video)
36 min listen
All the News -- Just Six Months Later - ASW #265: We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and... by Security Weekly Podcast Network (Video)
36 min listen
ASW #231 - Neatsun Ziv: In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a consortium of leading cybersecurity leaders. OSC&R the... by Security Weekly Podcast Network (Audio)
80 min listen
CWE Top 25, Bugs in Inconstancies, Sequoia Vuln, Twitter Transparency, & Cloud Risks - ASW #159: This week in the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more! Visit for all the latest... by Security Weekly Podcast Network (Video)
41 min listen
CWE Top 25, Bugs in Inconstancies, Sequoia Vuln, Twitter Transparency, & Cloud Risks - ASW #159: This week in the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more! Visit for all the latest... by Application Security Weekly (Video)
41 min listen
ASW #212 - Sam Placette: Appsec places a lot of importance on secure SDLC practices, API security, integrating security tools, and collaborating with developers. What does this look like from a developer's perspective? We'll cover API security, effective ways to test code,... by Security Weekly Podcast Network (Audio)
82 min listen
iOS Lockdown Mode, 2FA in PyPI, CloudVulnDB, & Practical Attacks on ML - ASW #203: This week in the AppSec News: Apple introduces Lockdown Mode, PyPI hits 2FA trouble, cataloging cloud vulns, practical attacks on ML, NIST's post-quantum algorithms, & more! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)
36 min listen

Discover this podcast and so much more

Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190

Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes