Debugging & Dev Tools, Isolating PostgreSQL, Abusing the DevOps Pipeline, Xiaomi Flaw - ASW #209 | Security Weekly Podcast Network (Video) Podcast

Debugging & Dev Tools, Isolating PostgreSQL, Abusing the DevOps Pipeline, Xiaomi Flaw - ASW #209: Ideas on debugging with IDEs, Wiz.io shares technical details behind PostgreSQL attacks in cloud service providers, looking at the attack surface of source code management systems, a Xiaomi flaw that could enable forged payments, defensive appsec... by Application Security Weekly (Video)

41 min listen

ASW #222 - Aviv Grafi: Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety... by Security Weekly Podcast Network (Audio)

81 min listen

Android Platform Certs Leaked, Hell's Keychain, Web Hacking Cars, Bug Bounty Tips - ASW #222: Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety... by Security Weekly Podcast Network (Video)

43 min listen

Android Platform Certs Leaked, Hell's Keychain, Web Hacking Cars, Bug Bounty Tips - ASW #222: Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety... by Application Security Weekly (Video)

43 min listen

The Human Element - ESW #252: In this interview, we discuss defenders sharing information, how Edna deals with Azure's supply chain challenges, ransomware trends, and some future predictions. Edna has been in security as long as most other folks we interview, but was a lawyer for... by Security Weekly Podcast Network (Audio)

113 min listen

Chinese keyboard flaws, hacked news story, TikTok on the clock: Chinese keyboard app flaws exposed Threat actors plant fake assassination story ByteDance on the clock to divest TikTok Thanks to this week's episode sponsor, Veracode Research reveals AI-generated code mirrors human-written code's security flaws.... by Cyber Security Headlines

7 min listen

Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255: The majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. This shift makes traditional signature-based defenses insufficient to stop targeted business logic... by Security Weekly Podcast Network (Audio)

76 min listen

TeamCity Authn Bypass, ArtPrompt Attacks, Low Quality Vuln Reports, Secure by Design - ASW #276: The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and... by Application Security Weekly (Video)

37 min listen

TeamCity Authn Bypass, ArtPrompt Attacks, Low Quality Vuln Reports, Secure by Design - ASW #276: The trivial tweaks to bypass authentication in TeamCity, ArtPrompt attacks use ASCII art against LLMs, annoying developers with low quality vuln reports, removing dependencies as part of secure by design, removing overhead with secure by design, and... by Security Weekly Podcast Network (Video)

37 min listen

Deps.dev API, Right to Repair Tractors, Secure by Design, WebSockets, Adversarial AI - ASW #237: A new deps.dev API for supply chain enthusiasts, hacking and modding agricultural devices, guidance from CISA on secure by design (and by default!), Glaze brings adversarial art to AI training, key transparency for WhatsApp, a new appsec myth(?),... by Application Security Weekly (Video)

32 min listen

Deps.dev API, Right to Repair Tractors, Secure by Design, WebSockets, Adversarial AI - ASW #237: A new deps.dev API for supply chain enthusiasts, hacking and modding agricultural devices, guidance from CISA on secure by design (and by default!), Glaze brings adversarial art to AI training, key transparency for WhatsApp, a new appsec myth(?),... by Security Weekly Podcast Network (Video)

32 min listen

More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276: A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they’re a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares... by Security Weekly Podcast Network (Audio)

72 min listen

Everything's Valid in Code & War: Attacks on the Software Supply Chain - Santiago Torres Arias - PSW #776: Software supply chain attacks, those in which hackers target the "water supply" of software are on the rise. This makes software developers everywhere valid targets. We will discuss the developer perspective on software supply chain attacks. Segment... by Security Weekly Podcast Network (Video)

64 min listen

Discord.io Stops, Azure AD Pops, Zoom AI Drops, Model Confusion Attacks, Early XSS - ASW #252: Discord.io ceases to be, Azure AD breach to get scrutiny from the CSRB, Zoom's AI stumbles show security concerns, model confusion attacks, a look at how far we have -- and haven't -- come with XSS flaws, an approachable article on AI, and more!... by Application Security Weekly (Video)

38 min listen

Discord.io Stops, Azure AD Pops, Zoom AI Drops, Model Confusion Attacks, Early XSS - ASW #252: Discord.io ceases to be, Azure AD breach to get scrutiny from the CSRB, Zoom's AI stumbles show security concerns, model confusion attacks, a look at how far we have -- and haven't -- come with XSS flaws, an approachable article on AI, and more!... by Security Weekly Podcast Network (Video)

38 min listen

Using Rate Limiting to Protect Web Apps and APIs - Jack Zarris - ASW #108: Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our... by Security Weekly Podcast Network (Video)

1 min listen

Using Rate Limiting to Protect Web Apps and APIs - Jack Zarris - ASW #108: Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our... by Application Security Weekly (Video)

1 min listen

AWS S3 Crypto SDK, ReVoLTE Attack, & Microsoft Bug Bounties - ASW #118 by Application Security Weekly (Video)

33 min listen

AWS S3 Crypto SDK, ReVoLTE Attack, & Microsoft Bug Bounties - ASW #118: Microsoft Bug Bounty Programs Year in Review: $13.7M in Rewards, In-band key negotiation issue in AWS S3 Crypto SDK for golang, ReVoLTE attack can decrypt 4G (LTE) calls to eavesdrop on conversations, Hardware Security Is Hard: How Hardware... by Security Weekly Podcast Network (Video)

33 min listen

Killing the SOC, Burger King Runes, ReliaQuest Valuation, & StrongDM - ESW #252: This week in the enterprise security news: ReliaQuest crests a $1bn valuation, CyCognito raises a $100m Series C, AWS enhances cloud vulnerability management, StrongDM automates access to infrastructure, Can we trust AI written code?, Killing the SOC... by Enterprise Security Weekly (Video)

44 min listen

Killing the SOC, Burger King Runes, ReliaQuest Valuation, & StrongDM - ESW #252: This week in the enterprise security news: ReliaQuest crests a $1bn valuation, CyCognito raises a $100m Series C, AWS enhances cloud vulnerability management, StrongDM automates access to infrastructure, Can we trust AI written code?, Killing the SOC... by Security Weekly Podcast Network (Video)

44 min listen

ASW #226 - Marudhamaran Gunasekaran: Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022 Developers write code. Ideally, secure code.... by Security Weekly Podcast Network (Audio)

78 min listen

Making Service Meshes Work for People - Idit Levine - ASW #267: Service meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro services sounds appealing, but maybe not every monolith needs to be broken up. We'll also talk about... by Security Weekly Podcast Network (Audio)

78 min listen

ASW #237 - Ben Sadeghipour: We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities. A new deps.dev API for supply chain enthusiasts, hacking and modding agricultural devices,... by Security Weekly Podcast Network (Audio)

71 min listen

Stable Diffusion & Generative AI with Emad Mostaque - #604 by The TWIML AI Podcast (formerly This Week in Machine Learning & Artificial Intelligence)

43 min listen

Bug Bounty Costs, GitHub's Advisory Database, ICS Vulns of 2021, CNCF Secure Software - ASW #186: Salesforce reveals their bounty totals for 2021, GitHub opens its advisory database for collaboration, a year in review of ICS vulns, automating WordPress plugin security analysis, the Secure Software Factory from CNCF, Samsung's encryption mistakes,... by Application Security Weekly (Video)

42 min listen

Bug Bounty Costs, GitHub's Advisory Database, ICS Vulns of 2021, CNCF Secure Software - ASW #186: Salesforce reveals their bounty totals for 2021, GitHub opens its advisory database for collaboration, a year in review of ICS vulns, automating WordPress plugin security analysis, the Secure Software Factory from CNCF, Samsung's encryption mistakes,... by Security Weekly Podcast Network (Video)

42 min listen

BotRx Widgets, New Kasada API, & White Ops Bot Protection - ESW #206: In the Enterprise News, BotRx widgets provide analytical context on how attacks impact business operations, New Kasada API protects from botnet attacks and targeted fraud, White Ops Offers Expanded Protection Against Sophisticated Bot Attacks and... by Enterprise Security Weekly (Video)

35 min listen

BotRx Widgets, New Kasada API, & White Ops Bot Protection - ESW #206: In the Enterprise News, BotRx widgets provide analytical context on how attacks impact business operations, New Kasada API protects from botnet attacks and targeted fraud, White Ops Offers Expanded Protection Against Sophisticated Bot Attacks and... by Security Weekly Podcast Network (Video)

35 min listen

ASW #223 - Jeevan Singh: FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against machine learning systems and AIs like ChatGPT Threat modeling is an important part of a security... by Security Weekly Podcast Network (Audio)

81 min listen

Discover this podcast and so much more

Debugging & Dev Tools, Isolating PostgreSQL, Abusing the DevOps Pipeline, Xiaomi Flaw - ASW #209

Debugging & Dev Tools, Isolating PostgreSQL, Abusing the DevOps Pipeline, Xiaomi Flaw - ASW #209

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes