3D fingerprints and unlocking Android, Ticking off another command injection, Alexa, audio, and annotations, STS no longer just for HTTP, and Hardenize goes beyond TLS.
This last week was pretty busy with announcements and presentations from the Google Next Conference. In 2018 they previewed some security tools and this year many of them are now GA along with a lot of other developer-focused services.
In the News segment, The Matrix turns 20, Containers are Weakest Security Leak Again, The Evolution of Application Security in the Serverless World, and more!
This week, we welcome Loris Degioanni from Sysdig to discuss their open source container native runtime security project called Falco!
XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover, The RedMonk Programming Language Rankings: January 2019, I Deleted Facebook Last Year; Here's What Changed (and What Didn't), CommitStrip: Over-excited, and more!
Owner of MAGA-Friendly Yelp Knockoff Threatens to Call FBI After Researcher Exposes Security Holes, Chinese Data Breach Exposes 'Breed Ready' Status Of Almost 2 Million Women, Dozens of companies leaked sensitive data thanks to misconfigured Box accounts, DARPA Is Building a $10 Million, Open Source, Secure Voting System, and much more!
Jamie Duncan is a recovering history major who has been at Red Hat for just over 7 years. Beginning with his role as a TAM, his focus has increasingly centered on the operations-oriented features of OpenShift, including the May 2018 publication of OpenShift In Action by Manning Publishing. Jamie has had this discussion with customers, OpenShift advocates, and technology fans on multiple continents to date.
WordPress accounted for 90 percent of all hacked CMS sites in 2018, Japanese police charge 13-year-old for sharing 'unclosable popup' prank online, Facebook exploit – Confirm website visitor identities, NSA's top policy advisor: It's time to start putting teeth in cyber deterrence, study shows programmers will take the easy way out and not implement proper password security, and the CommitStrip for the week on Why check for incognito mode?
Keith and Paul discuss the structure and experiences of 2019's RSA Conference.
Matt Springfield is the founder of 12Feet, Inc. an information security consulting firm based in the Dallas area. Matt has more than 23 years of information security experience spanning operations, architecture and consulting with a focus on large scale retail and service provider environments.
Many websites threatened by highly critical code-execution bug in Drupal, UK parliament calls for antitrust, data abuse probe of Facebook, CommitStrip: Get rich quick, Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret', and much more!
A PNG Android Vulnerability, 620 Million Stolen Accounts for Sale on the Dark Web, How Shifting Security Left Speeds Development and more!
Gurpreet S. Sachdeva is the Assistant Vice President of Technology for Altran. Gurpreet Sachdeva will be discussing "Integrating Security into DevOps"!
In the Application Security News, Many popular iPhone apps secretly record your screen without asking, MongoDB databases still being held for ransom, Most of the Fortune 100 still use flawed software that led to the Equifax breach, and a Chrome extension with millions of users is now serving popup ads!
Tim Eades is the CEO at vArmour. Tim joins us on the show to talk about the basic flow of problems, the solutions, and the value.
Three UK customer details exposed in homepage blunder, Microsoft cloud services see global authentication outage, the age of surveillance capitalism, the rise of DevXOps, and much more!
Keith and Paul discuss the current state of privacy and software development.
- Facebook reveals news feed experiment to control emotions
- Facebook pays teens to install VPN that spies on them
- Apple blocks Facebook from running its internal iOS apps
- Apple restores Google’s internal iOS apps after certificate misuse punishment
Dr. Jing Xie is the senior threat intelligence researcher for Venafi, the market leading cybersecurity company in machine identity protection. As a member of the Venafi thought leadership group, she leads Venafi Labs.
Concerns about WordPress' new "White Screen of Death", Google Chrome changes could 'destroy' ad-blockers, Mozilla is adding and ad-blocker to Firefox Focus 9.0, Websites can steal browser data via extensions APIs, a Fortnite security issue would have granted hackers access to accounts, and more!
This week on Application Security Weekly, Matt Alderman is joined by James Wickett, who is the Head of Research at Signal Sciences. They talk about the human element of application security training and testing.
In the News segment, Oracle patches 284 vulnerabilities, bug in Twitter Android app exposed protected tweets, 4 tips for better API Security in 2019, and more!
Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is Broken, Government shutdown: TLS certificates not renewed, many websites are down, and much more!
Rey is a security advocate at Microsoft focused on helping the community build secure systems & being a voice for researchers within MS. After a long career in software development, he developed a strong interest in cybersecurity 2 years ago & worked feverishly to transition into this new community.
Ken Johnson has been hacking web applications professionally for 10 years and giving security training for 7 of those years. Ken is both a breaker and builder who currently works on the GitHub application security team. Ken explains approaching appsec the right way, "running a scanner without context", getting the right context/importance of context, and how do you figure what's real and what's legit?
Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, host websites on GitHub, and UnCaptcha2.