Application Security Weekly (Audio)
Technology
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.
It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing instead.
Segment Resources:
OWASP leaks resumes, defining different types of prompt injection, a secure design example in device-bound sessions, turning an ASVS requirement into practice, Ivanti has its 2000s-era Microsoft moment, HTTP/2 CONTINUATION flood, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-280
Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254
Broadening What We Call AppSec - Christien Rioux - ASW Vault
How Can Security Be Smart About Using AI? - Jeff Pollard - ASW #253
Security in a Cloud Native World & Mobile App Attacks - ASW #252
Pointers and Perils for Presentations - Josh Goldberg - ASW #251
You've Got Appsec, But Do You Have ArchSec? - Merritt Baer - ASW #250
Identity and Verifiable Credentials in Cars - Eve Maler - ASW #249
Navigating the Complexities of Development to Create Secure APIs - Kristen Bell - ASW #248
Securing Non-Election Election Systems, Modernizing AppSec Education - Brian Glas - ASW #247
Software Trust & Adversaries, Developer-Focused Security - Shannon Lietz, Melinda Marks - ASW #246
The Psychology of Training - Matias Madou - ASW Vault
Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245
Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault
Enhancing Security: App Modernization, Identity Orchestration, & Big IAM Challenge - Eric Olden - ASW #244
What's the Deal with API Security? - Sandy Carielli - ASW #243
Doing Application Security Right – Farshad Abasi – ASW VAULT
Ten Things I Hate About Lists - ASW #242
Securing the App Lifecycle: Strategies for Long-Term Software Security and Mitigating the Threat of Malicious Packages - ASW #241
From Security Theater to Resilience: Unveiling New Approaches to Application Security - ASW #240
Navigating the Complexities of Application Security: Vulnerability Management, Risk Mitigation, and Business Logic Attacks - ASW #239
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast