This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing r...
Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170
There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environme...
Twitch Breach, HTTPd Path Traversal, Disabling Macros, & Great Cybersecurity Programs - ASW #169
This week in the AppSec News, Mike and John talk: The Twitch breach, a path traversal in Apache httpd, Microsoft disables macros by default after almo...
Modernizing the Management of Your Software Supply Chain - Tom Gibson - ASW #169
SBOM: What does it really tell you and the importance of having one for your organization. - Finding and fixing known vulnerabilities in dependencies ...
Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168
In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian ...
The Power of Developer-First Security - Hillary Benson - ASW #168
Developers want to write good code. Secure code. Security tools that optimize developer workflows for handling security issues can take a large burden...
AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167
In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and...
Exchange's Great Leak, RCE in VMware, IoT Bug in MQTT, & Chrome's Memory Safety Nets - ASW #167
This week in the AppSec News: The Great Leak flaw in Exchange's auto discover feature, common flaws in VMware and Nagios, memory issues and SSRF in Ap...
OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166
This week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment var...
Transforming Modern Software Development with Developer-First AppSec - Jeff Williams - ASW #166
Modern software development demands a different approach to application security. Contrast’s developer-first Application Security Platform empowers de...