Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201 | Security Weekly Podcast Network (Video) Podcast

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Application Security Weekly (Video)

31 min listen

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165: This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit for all the... by Application Security Weekly (Video)

37 min listen

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165: This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit for all the... by Security Weekly Podcast Network (Video)

37 min listen

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Security Weekly Podcast Network (Video)

34 min listen

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Application Security Weekly (Video)

34 min listen

Uber Breach, Rust Security Team, MiraclePtr, Supply Chain Criticism, Careers - ASW #212: Appsec dimensions of the Uber breach, Rust creates a security team, MiraclePtr addresses C++ heap mistakes for Chrome, a critical reading of the NSA/CISA Supply Chain guidance, talking about careers Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

42 min listen

Uber Breach, Rust Security Team, MiraclePtr, Supply Chain Criticism, Careers - ASW #212: Appsec dimensions of the Uber breach, Rust creates a security team, MiraclePtr addresses C++ heap mistakes for Chrome, a critical reading of the NSA/CISA Supply Chain guidance, talking about careers Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

42 min listen

Security Engineering, Evil Packages, Exchange SSRF, & Observability - ASW #142: Making security engineering successful, Go's supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange. Visit for all the latest... by Security Weekly Podcast Network (Video)

31 min listen

Security Engineering, Evil Packages, Exchange SSRF, & Observability - ASW #142: Making security engineering successful, Go's supply chain, mitigating JSON interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange. Visit for all the latest... by Application Security Weekly (Video)

31 min listen

Malicious Ruby Gems & JSON Web Token Bypass - ASW #104: This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A... by Security Weekly Podcast Network (Video)

35 min listen

Malicious Ruby Gems & JSON Web Token Bypass - ASW #104: This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A... by Application Security Weekly (Video)

35 min listen

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Application Security Weekly (Video)

33 min listen

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Security Weekly Podcast Network (Video)

33 min listen

Cassandra RCE, Pixelation Is Poor Redaction, Rust's Useful Errors, & Hardening Edge - ASW #185: This week in the Application Security News: RCE in Cassandra, why pixelization isn't good redaction, Rust's compiler is friendly, Edge adds arbitrary code guard to its WASM interpreter, & the difference between secure code and a secure product (as... by Security Weekly Podcast Network (Video)

32 min listen

Cassandra RCE, Pixelation Is Poor Redaction, Rust's Useful Errors, & Hardening Edge - ASW #185: This week in the Application Security News: RCE in Cassandra, why pixelization isn't good redaction, Rust's compiler is friendly, Edge adds arbitrary code guard to its WASM interpreter, & the difference between secure code and a secure product (as... by Application Security Weekly (Video)

32 min listen

WebSocket Hijack, Post-Quantum Side-Channel, OWASP's Future, OAuth Misconfigs, ZAP - ASW #231 by Security Weekly Podcast Network (Video)

41 min listen

WebSocket Hijack, Post-Quantum Side-Channel, OWASP's Future, OAuth Misconfigs, ZAP - ASW #231: WebSocket hijack that leads to a full workspace takeover in a cloud IDE, malicious packages flood public repos, side-channel attack on a post-quantum algorithm, looking at OWASP's evolution, OAuth misconfigs lead to account takeover, AI risk... by Application Security Weekly (Video)

41 min listen

Okta Breach, SolarWinds RCEs, CISOs and Boards, Crypto Business Logic, Secure Design - ASW #260: Appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and... by Security Weekly Podcast Network (Video)

40 min listen

Okta Breach, SolarWinds RCEs, CISOs and Boards, Crypto Business Logic, Secure Design - ASW #260: Appsec lessons from the Okta breach, directory traversal (and appsec) lessons from SolarWinds, how CISOs and Boards rank factors around vulns and patching, revisiting cryptocurrency attacks for lessons in business logic and threat modeling, CISA and... by Application Security Weekly (Video)

40 min listen

CISCO, SANS, APIS, and Mastering Security in the Zettabyte Era - Enterprise Security Weekly #79: Paul and Doug discuss a new variant of Scarab, a remote code execution vulnerability in the XML parser, APIS post mushrooming security risk, and mastering security in the Zettabyte era. Full Show Notes: https://wiki.securityweekly.com/ES_Episode79... by Security Weekly Podcast Network (Video)

33 min listen

CISCO, SANS, APIS, and Mastering Security in the Zettabyte Era - Enterprise Security Weekly #79: Paul and Doug discuss a new variant of Scarab, a remote code execution vulnerability in the XML parser, APIS post mushrooming security risk, and mastering security in the Zettabyte era. Full Show Notes: Visit for all the latest episodes! by Enterprise Security Weekly (Video)

33 min listen

CISCO, SANS, APIS, and Mastering Security in the Zettabyte Era - Enterprise Security Weekly #79: Paul and Doug discuss a new variant of Scarab, a remote code execution vulnerability in the XML parser, APIS post mushrooming security risk, and mastering security in the Zettabyte era. Full Show Notes: https://wiki.securityweekly.com/ES_Episode79... by Security Weekly Podcast Network (Video)

33 min listen

CISCO, SANS, APIS, and Mastering Security in the Zettabyte Era - Enterprise Security Weekly #79: Paul and Doug discuss a new variant of Scarab, a remote code execution vulnerability in the XML parser, APIS post mushrooming security risk, and mastering security in the Zettabyte era. Full Show Notes: https://wiki.securityweekly.com/ES_Episode79... by Enterprise Security Weekly (Video)

33 min listen

IndexedDB Leak, Linux Kernel Bug, Zoom Security, SSRF & Allow Lists, Security Courses - ASW #181: In the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engineering course and lectures, 25 years of HTTP/1.1 ... by Application Security Weekly (Video)

34 min listen

IndexedDB Leak, Linux Kernel Bug, Zoom Security, SSRF & Allow Lists, Security Courses - ASW #181: In the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engineering course and lectures, 25 years of HTTP/1.1 ... by Security Weekly Podcast Network (Video)

34 min listen

Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199: This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! ... by Security Weekly Podcast Network (Video)

37 min listen

Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199: This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! ... by Application Security Weekly (Video)

37 min listen

UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171 by Application Security Weekly (Video)

39 min listen

UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171: This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, &... by Security Weekly Podcast Network (Video)

39 min listen

CosMiss, Pixel Lock Screen Bypass, IIoT Path Traversal, NSA on C & C++, Code Reviews - ASW #220: CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code... by Application Security Weekly (Video)

45 min listen

Discover this podcast and so much more

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes