WebSocket Hijack, Post-Quantum Side-Channel, OWASP's Future, OAuth Misconfigs, ZAP - ASW #231 | Security Weekly Podcast Network (Video) Podcast

WebSocket Hijack, Post-Quantum Side-Channel, OWASP's Future, OAuth Misconfigs, ZAP - ASW #231: WebSocket hijack that leads to a full workspace takeover in a cloud IDE, malicious packages flood public repos, side-channel attack on a post-quantum algorithm, looking at OWASP's evolution, OAuth misconfigs lead to account takeover, AI risk... by Application Security Weekly (Video)

41 min listen

ASW #231 - Neatsun Ziv: In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a consortium of leading cybersecurity leaders. OSC&R the... by Security Weekly Podcast Network (Audio)

80 min listen

Go Vuln Project, OSS-Fuzz Successes, No More Basic Auth, NSA Supply Chain Hardening - ASW #211: Go releases their own curated vuln management resources, OSS-Fuzz finds command injection, Microsoft gets rid of Basic Auth in Exchange, NSA provides guidance on securing SDLC practices, reflections on pentesting, comments on e2e Visit for all... by Security Weekly Podcast Network (Video)

40 min listen

Go Vuln Project, OSS-Fuzz Successes, No More Basic Auth, NSA Supply Chain Hardening - ASW #211: Go releases their own curated vuln management resources, OSS-Fuzz finds command injection, Microsoft gets rid of Basic Auth in Exchange, NSA provides guidance on securing SDLC practices, reflections on pentesting, comments on e2e Visit for all... by Application Security Weekly (Video)

40 min listen

A Forecast for Threat Groups, K8s Security Audit, GhostToken on Google, BrokenSesame - ASW #238: Microsoft turns to a weather-based taxonomy, k8s shares a security audit, a GhostToken that can't be exorcised from Google accounts, BrokenSesame RCE, typos and security, generative AI and security that's more than prompt injection Visit... by Application Security Weekly (Video)

35 min listen

A Forecast for Threat Groups, K8s Security Audit, GhostToken on Google, BrokenSesame - ASW #238: Microsoft turns to a weather-based taxonomy, k8s shares a security audit, a GhostToken that can't be exorcised from Google accounts, BrokenSesame RCE, typos and security, generative AI and security that's more than prompt injection Visit... by Security Weekly Podcast Network (Video)

35 min listen

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254: Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why... by Security Weekly Podcast Network (Audio)

73 min listen

Smart Lock and Simple Vulns, Macros and Secure Defaults, Breaches and Costs - ASW #206: Multiple vulns in a smart lock, Office Macros finally disabled by default, data breach costs and threat modeling, designing migration paths for 2FA Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

37 min listen

Smart Lock and Simple Vulns, Macros and Secure Defaults, Breaches and Costs - ASW #206: Multiple vulns in a smart lock, Office Macros finally disabled by default, data breach costs and threat modeling, designing migration paths for 2FA Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

37 min listen

Twitter 2FA, Server-Side Prototype Pollution, AI Security & Privacy, Smarter Testing - ASW #230: Twitter 2FA goes away, safe testing for server-side prototype pollution, OWASP's guide on AI security & privacy, Adobe's approach to smarter security testing, a fast web fuzzer Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

38 min listen

Twitter 2FA, Server-Side Prototype Pollution, AI Security & Privacy, Smarter Testing - ASW #230: Twitter 2FA goes away, safe testing for server-side prototype pollution, OWASP's guide on AI security & privacy, Adobe's approach to smarter security testing, a fast web fuzzer Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

38 min listen

Supply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - #ASW 256: Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline. Segment resources: In the news, a... by Security Weekly Podcast Network (Audio)

87 min listen

Yossi Sassi, Javelin Networks - Paul's Security Weekly #580: Yossi Sassi is the Co-Founder and Cybersecurity Researcher at CyberArtSecurity.com. Yossi joins us for a tech segment to talk about using windows powershell, discussing DCSync, DCShadow, creative Event Log manipulation & thoughts about... by Security Weekly Podcast Network (Video)

58 min listen

Shodan, Apache, ICS, and Controllers - Paul's Security Weekly #579: How to use the Shodan search engine to secure an enterprise's internet presence, Apache access vulnerability could affect thousands of applications, vulnerable controllers could allow attackers to manipulate marine diesel engines, & ICS Security... by Security Weekly Podcast Network (Video)

49 min listen

Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256: A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: by Security Weekly Podcast Network (Video)

40 min listen

Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256: A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security). Show Notes: by Application Security Weekly (Video)

40 min listen

Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207: Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go's net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from... by Application Security Weekly (Video)

42 min listen

Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207: Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go's net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from... by Security Weekly Podcast Network (Video)

42 min listen

JavaScript Web Tokens, NVIDIA GeForce Experience Vulns, & Hacking Coffee Pots - PSW #672: In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic... by Security Weekly Podcast Network (Video)

95 min listen

Junior High Geometry - PSW #674: This week, we welcome Joseph Salazar, Technical Deception Engineer at Attivo Networks, to discuss how to Disrupt Attacks at the Endpoint with Attivo Networks! Then, Badri Raghunathan, Director of Product Management, and Sumedh Thakar, President and... by Security Weekly Podcast Network (Audio)

192 min listen

Application News - Application Security Weekly #70 by Application Security Weekly (Video)

32 min listen

Application News - Application Security Weekly #70: SupPy Chain Malware - Detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and... by Security Weekly Podcast Network (Video)

32 min listen

Malicious PHP Commits, OAuth Attacks & XML Injection, & Zines For DevSecOps - ASW #146: PHP deals with two malicious commits, SSO and OAuth attack vectors to remember for your threat models, zines for your DevSecOps education! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

33 min listen

Malicious PHP Commits, OAuth Attacks & XML Injection, & Zines For DevSecOps - ASW #146: PHP deals with two malicious commits, SSO and OAuth attack vectors to remember for your threat models, zines for your DevSecOps education! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

33 min listen

wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175: CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely. Segment Resources: - - Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

34 min listen

wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175: CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely. Segment Resources: - - Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

34 min listen

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Application Security Weekly (Video)

34 min listen

Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167: This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Apache's HTTP server, Chrome's plans for memory safety, State of DevOps report, OWASP's 20th... by Security Weekly Podcast Network (Video)

34 min listen

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Application Security Weekly (Video)

31 min listen

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Security Weekly Podcast Network (Video)

31 min listen

Discover this podcast and so much more

WebSocket Hijack, Post-Quantum Side-Channel, OWASP's Future, OAuth Misconfigs, ZAP - ASW #231

WebSocket Hijack, Post-Quantum Side-Channel, OWASP's Future, OAuth Misconfigs, ZAP - ASW #231

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes