Application Security Weekly (Audio)
Technology
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of trust to obscuring the changes and suppressing warnings. It also has a few lessons about software development, the social and economic dynamics of open source, and strategies for patching software.
It's an exciting topic partially because so much other appsec is boring. And that boring stuff is important to get right first. We also talk about what parts of this that orgs should be worried about and what types of threats they should be prioritizing instead.
Segment Resources:
OWASP leaks resumes, defining different types of prompt injection, a secure design example in device-bound sessions, turning an ASVS requirement into practice, Ivanti has its 2000s-era Microsoft moment, HTTP/2 CONTINUATION flood, and more!
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-280
Shrug & Move On - ASW #160
Policy of Truth - ASW #159
Fall On Our Sword - ASW #158
Drink Our Own Champagne - ASW #157
Everything Looks Crazy - ASW #156
Crawling Like a Human - ASW #155
Dead Simple - ASW #154
Something's Out There - ASW #153
Everybody's Looking For Something - ASW #152
Hot Potato - ASW #151
Talking Heads - ASW #150
Alert Your Star Destroyers - ASW #149
Minimum Safe Distance - ASW #148
That Will Bite Ya - ASW #147
Contortions - ASW #146
Grab A Sword - ASW #145
The Cure - ASW #144
Always Interesting - ASW #143
Check Your Alibis - ASW #142
New Wave Post Punk Security Hour - ASW #141
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Lex Fridman Podcast