Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199 | Security Weekly Podcast Network (Video) Podcast

Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199: This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! ... by Application Security Weekly (Video)

37 min listen

BlackBerry's BadAlloc, Glibc's NULL, Backtick Command Injection, & ProxyLogon Details - ASW #163: This week Mike & John discuss: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf misuse that leads to command injection, ProxyLogon technical details, & more in the AppSec News! Visit for all the latest episodes!... by Application Security Weekly (Video)

36 min listen

BlackBerry's BadAlloc, Glibc's NULL, Backtick Command Injection, & ProxyLogon Details - ASW #163: This week Mike & John discuss: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf misuse that leads to command injection, ProxyLogon technical details, & more in the AppSec News! Visit for all the latest episodes!... by Security Weekly Podcast Network (Video)

36 min listen

PunkSpider, Bug Bounties, RCE in PyPI, Kernel Pwning With eBPF, & Top Vulns From CISA - ASW #160: This week in the AppSec News: PunkSpider coming to DEF CON, Google matures its VRP, $50K bounty for an access token, RCE in PyPI, kernel vuln via eBPF, top vulns reported by CISA, & the importance of testing! Visit for all the latest... by Application Security Weekly (Video)

35 min listen

PunkSpider, Bug Bounties, RCE in PyPI, Kernel Pwning With eBPF, & Top Vulns From CISA - ASW #160: This week in the AppSec News: PunkSpider coming to DEF CON, Google matures its VRP, $50K bounty for an access token, RCE in PyPI, kernel vuln via eBPF, top vulns reported by CISA, & the importance of testing! Visit for all the latest... by Security Weekly Podcast Network (Video)

35 min listen

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168: In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

37 min listen

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168: In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

37 min listen

Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176: This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

39 min listen

Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176: This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

39 min listen

BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches - ASW #149: This week in the AppSec News: Microsoft discloses "BadAlloc" bugs, macOS Gatekeeper logic falters, authentication issues in KDCs and ADs, Spectre gains another vector, followup on the UMN Linux kernel vulns study! Visit for all the latest... by Security Weekly Podcast Network (Video)

35 min listen

BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches - ASW #149: This week in the AppSec News: Microsoft discloses "BadAlloc" bugs, macOS Gatekeeper logic falters, authentication issues in KDCs and ADs, Spectre gains another vector, followup on the UMN Linux kernel vulns study! Visit for all the latest... by Application Security Weekly (Video)

35 min listen

UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171 by Application Security Weekly (Video)

39 min listen

UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171: This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, &... by Security Weekly Podcast Network (Video)

39 min listen

Application News - ASW #84: Pwn2Own Tokyo Roundup: Amazon Echo, Routers, Smart TVs Fall to Hackers, Robinhood Traders Discovered a Glitch That Gave Them 'Infinite Leverage', Bugcrowd Pays Out Over $500K in Bounties in One Week, GWP-ASan: Sampling heap memory error detection... by Security Weekly Podcast Network (Video)

34 min listen

Application News - ASW #84: Pwn2Own Tokyo Roundup: Amazon Echo, Routers, Smart TVs Fall to Hackers, Robinhood Traders Discovered a Glitch That Gave Them 'Infinite Leverage', Bugcrowd Pays Out Over $500K in Bounties in One Week, GWP-ASan: Sampling heap memory error detection... by Application Security Weekly (Video)

34 min listen

View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170: This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance! Visit for all the latest... by Security Weekly Podcast Network (Video)

38 min listen

View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170: This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance! Visit for all the latest... by Application Security Weekly (Video)

38 min listen

Everything's All Blurry - PSW #711: This week, we kick off the show with an interview featuring Mike Cohen, from Rapid 7, and Wes Lambert from Security Onion Solutions, for a segment all about Velociraptor & Digging Deeper! Then, we attempt to confirm or deny that Nzyme performs... by Security Weekly Podcast Network (Audio)

200 min listen

Talking Heads - ASW #150: While the vision for app security is relatively clear, executing on that vision is still somewhat of a work in progress. Fast-moving, interdependent pieces—custom code and open source packages, infrastructure and network configurations, user... by Security Weekly Podcast Network (Audio)

75 min listen

Minimum Safe Distance - ASW #148: We start with the article about "Researchers Secretly Tried To Add Vulnerabilities to Linux Kernel, Ended Up Getting Banned" and explore its range of issues from ethics to securing huge, distributed software projects. It's hardly novel to point out... by Security Weekly Podcast Network (Audio)

73 min listen

Dubious Drones, NSO Group, Apple's Bug Bounties, Ghostscript 0-Day, & IBM Server Bugs - PSW #710: This week in the Security News: Anonymous hacks Epik (with a K), Fuzzing Close-Source Javascript Engines, ForcedEntry, 8 Websites that can replace computer software, REvil decryptor key released, Microsoft fixes Critical vulnerability in Linux App,... by Security Weekly Podcast Network (Video)

98 min listen

Schools of Magic - ASW #173: This week, Mike, John and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chain, the history of provenance, GPG Keys & signing... by Security Weekly Podcast Network (Audio)

74 min listen

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Security Weekly Podcast Network (Video)

34 min listen

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Application Security Weekly (Video)

34 min listen

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175: This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs! Visit for all the... by Security Weekly Podcast Network (Video)

35 min listen

CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175: This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs! Visit for all the... by Application Security Weekly (Video)

35 min listen

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165: This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit for all the... by Application Security Weekly (Video)

37 min listen

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165: This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit for all the... by Security Weekly Podcast Network (Video)

37 min listen

Strange New Clouds - ASW #163: This week, we welcome Shubhra Kar, Global CTO and GM of Products & IT at The Linux Foundation, to discuss Challenges in Open Source Application Security! In the AppSec News: BlackBerry addresses BadAlloc bugs, glibc fixes a fix, more snprintf... by Security Weekly Podcast Network (Audio)

71 min listen

TIPC Kernel Vulns, SBDCs, Truckloads of GPUs, & Hardcoded SSH Keys - PSW #718: This week in the Security News: NPM hijacked again, hardcoding your keys, PAN-ODay, more Nmap in your python or python in your nmap, put your Docker API to rest, Busybox will own your box, Microsoft says its a feature not a vulnerability, SBDCs, TIPC... by Security Weekly Podcast Network (Video)

101 min listen

Discover this podcast and so much more

Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199

Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes