Info

Paul's Security Weekly TV

Security news, interviews, how-to technical segments. For security professionals by security professionals. We Hack Naked.
RSS Feed Subscribe in Apple Podcasts
Paul's Security Weekly TV
2019
February
January


2018
December
November
October
September
August
July
June
May
April
March
February
January


2017
December
November
October
September
August
July
June
May
April
March
February
January


2016
December
November
October
September
August
July
June
May
April
March
February
January


2015
December
November
October
September
August
July
June
May
April
March
February
January


2014
December
November
October
September
August
July
June
May
April
March
February
January


2013
December
November
October
September
August
July
June


Categories

All Episodes
Archives
Categories
Now displaying: Category: Application Security Weekly
Feb 14, 2019

In the Application Security News, Many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, Most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 13, 2019

Tim Eades is the CEO at vArmour. Tim joins us on the show to talk about the basic flow of problems, the solutions, and the value.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode50 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 7, 2019

Three UK customer details exposed in homepage blunder, Microsoft cloud services see global authentication outage, the age of surveillance capitalism, the rise of DevXOps, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49 Follow us on Twitter: https://www.twitter.com/securityweekly

Feb 7, 2019

Keith and Paul discuss the current state of privacy and software development.

- Facebook reveals news feed experiment to control emotions

- Facebook pays teens to install VPN that spies on them

- Apple blocks Facebook from running its internal iOS apps

- Apple restores Google’s internal iOS apps after certificate misuse punishment

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode49 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 31, 2019

Dr. Jing Xie is the senior threat intelligence researcher for Venafi, the market leading cybersecurity company in machine identity protection. As a member of the Venafi thought leadership group, she leads Venafi Labs.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 30, 2019

Concerns about WordPress' new "White Screen of Death", Google Chrome changes could 'destroy' ad-blockers, Mozilla is adding and ad-blocker to Firefox Focus 9.0, Websites can steal browser data via extensions APIs, a Fortnite security issue would have granted hackers access to accounts, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode48 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 24, 2019

This week on Application Security Weekly, Matt Alderman is joined by James Wickett, who is the Head of Research at Signal Sciences. They talk about the human element of application security training and testing.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 23, 2019

In the News segment, Oracle patches 284 vulnerabilities, bug in Twitter Android app exposed protected tweets, 4 tips for better API Security in 2019, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode47 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 17, 2019

Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is Broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 16, 2019

Rey is a security advocate at Microsoft focused on helping the community build secure systems & being a voice for researchers within MS. After a long career in software development, he developed a strong interest in cybersecurity 2 years ago & worked feverishly to transition into this new community.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode46 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 9, 2019

Ken Johnson has been hacking web applications professionally for 10 years and giving security training for 7 of those years. Ken is both a breaker and builder who currently works on the GitHub application security team. Ken explains approaching appsec the right way, "running a scanner without context", getting the right context/importance of context, and how do you figure what's real and what's legit?

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Follow us on Twitter: https://www.twitter.com/securityweekly

Jan 8, 2019

Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and UnCaptcha2.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode45 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 20, 2018

Facebook bug exposed private photos of 6.8 million users, thousands of Jenkins servers will let anonymous users become admins, Signal app can't include a backdoor for the Australian government, WordPress plugs bug that led to Google indexing some user passwords, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 19, 2018

Harry Sverdlove is the CTO of Edgewise. Harry joins Keith and Paul to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more!

To get involved with Edgewise, go to: https://www.edgewise.net/securityweekly

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode44 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 13, 2018

Kubernetes instances are being hijacked worldwide, malicious sites abuse 11-year old Firefox bug that Mozilla failed to fix, Google is on a Witch Hunt for Internal Leakers, a botnet of over 20,000 WordPress sites is attacking other WordPress sites, the rise of visual studio code, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 12, 2018

Chris Elgee is a full time husband, father of four, and technical engineer at Counter Hack Challenges. Chris joins Keith and Paul this week to talk about the Counter Hack Challenge, how it's been working on the challenge vs. playing it, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode43 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 6, 2018

Hackers are opening SMB ports on routers to infect PCs with NSA malware, bug detectives whip up smarter version of classic AFL fuzzer to hunt code vulnerabilities, malware & rogue users can spy on some apps' HTTPS crypto, exploiting developer infrastructure is insanely easy, the state of JavaScript, Amazon announces Firecracker, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 Follow us on Twitter: https://www.twitter.com/securityweekly

Dec 5, 2018

Aleksei Tiurin is the Senior Security Researcher for Acunetix. He is performing a technical segment on reverse proxies using weblogic, Tomcat, and Nginx.

To learn more about Acunetix, go to: www.acunetix.com/securityweekly

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode42 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 29, 2018

Hackers use Drupalgeddon 2 and Dirty COW exploits to take over web servers, second WordPress hacking campaign underway, USPS took a year to fix a vulnerability that exposed all 60 million users' data, this JavaScript can snoop on other Browser Tabs to work out what you're visiting, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 28, 2018

Brent Dukes is a hacker, and Director of Information Security for an established manufacturing company. He joins Keith and Paul this week to talk about WAF’s, Pentesting, Burp Suite, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode41 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 20, 2018

Instagram leaks passwords to the public, Clickjacking on Google MyAccount Worth $7,500, James Wickett's thread on Open Source SAST options, an advanced search tool for sensitive information stored in GitHub repos, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Follow us on Twitter: https://www.twitter.com/securityweekl

 

Nov 19, 2018

Previously co-founder and head of product at Layered Insight, John now leads container security engineering at Qualys after it's acquisition of Layered Insight. John talks about Qualys' Container Security that centralized, continuous discovery and tracking for containers and images.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode40 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 15, 2018

Brian Kelly is Head of Conjur Engineering at CyberArk, where he focuses on creating products that add much-needed security and identity management to the landscape of DevOps tools and cloud systems.

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39

To learn more about Conjur, go to: www.conjur.org/asw

Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 14, 2018

DJI Drone Vulnerability, Hackers are increasingly destroying logs to hide attacks, Adobe ColdFusion servers under attack from APT group, understanding Open Source Code use in your business, and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode39 Follow us on Twitter: https://www.twitter.com/securityweekly

Nov 8, 2018

In the Application Security News, a nasty DHCPv6 packet can Pwn vulnerable Linux Boxes, 'Stalkerware' website let anyone intercept texts of tens of thousands of people, twelve malicious Python libraries found and removed from PyPI, the U.S. Department of Defense Guide for "Detecting Agile BS", and more!

Full Show Notes: https://wiki.securityweekly.com/ASW_Episode38 Follow us on Twitter: https://www.twitter.com/securityweekly

1 2 3 4 5 Next »