Webinar Q&A from Modern Network Threat Detection and Response

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity. Q: I thought “vendor C” has a devi… Continue reading Webinar Q&A from Modern Network Threat Detection and Response

CRLF, NASA, & GitHub – Application Security Weekly #46

    Another server security lapse at NASA exposed staff and project data, CRLF Injection Into PHP’s cURL Options, System Down: A systemd-journald exploit, GitHub now gives free users unlimited private repositories, Twitter is Broken, Government shutdow… Continue reading CRLF, NASA, & GitHub – Application Security Weekly #46

Rey Bango, Microsoft – Application Security Weekly #46

      Rey is a security advocate at Microsoft focused on helping the community build secure systems & being a voice for researchers within MS. After a long career in software development, he developed a strong interest in cybersecurity 2 years ago … Continue reading Rey Bango, Microsoft – Application Security Weekly #46

WordPress, Silicon Valley, and Hijacking – Application Security Weekly #45

Wormable stored XSS on WordPress.org, a security lapse revealed private complaints from Silicon Valley employees, hackers hijack thousands of Chromecasts to warn of latest security bug, a linting tool for checking accessibility, speed, and security, ho… Continue reading WordPress, Silicon Valley, and Hijacking – Application Security Weekly #45

Harry Sverdlove, Edgewise – Application Security Weekly #44

Harry Sverdlove is the CTO of Edgewise. Harry joins Keith and Paul to discuss what Edgewise does in the AppSec world, segmentation, cloud migration, trying different architectures, and more! To get involved with Edgewise, go to: https://www.edgewise.ne… Continue reading Harry Sverdlove, Edgewise – Application Security Weekly #44

‘Stalkerware’, DHCPv6 Packets , & Python – Application Security Weekly #38

In the Application Security News, a nasty DHCPv6 packet can Pwn vulnerable Linux Boxes, ‘Stalkerware’ website let anyone intercept texts of tens of thousands of people, twelve malicious Python libraries found and removed from PyPI, the U.S…. Continue reading ‘Stalkerware’, DHCPv6 Packets , & Python – Application Security Weekly #38

Securing Apps When User Devices Are Compromised

Corporate networks and user PCs continue to be exploited—leaving your sensitive applications and data vulnerable. Network segmentation is a fundamental way to mitigate the risks associated with these vulnerabilities—but it only works if aut… Continue reading Securing Apps When User Devices Are Compromised

Landing a Job in Application Security – Application Security Weekly #34

Attend local meetups and conferences, practice your coding skills, get educated by World Class security researchers, do your homework, there’s no substitute for Practice, OWASP Juice Shop, and much more! Full Show NotesFollow us on Twitter: https… Continue reading Landing a Job in Application Security – Application Security Weekly #34

Fortnite, Netflix, & Black Hat – Application Security Weekly #30

In the Application security news, ‘Fortnite’ developer had sharp words for Google after an Exploit was discovered, PHP flaw puts WordPress sites at risk, Oracle will charge for Java starting in 2019, how Netflix does Failovers in 7 minutes … Continue reading Fortnite, Netflix, & Black Hat – Application Security Weekly #30

Galen Hunt, Microsoft – Application Security Weekly #27

Galen founded and lead the team building the Azure Sphere, announced at RSA Conference 2018. Our goal is to make IoT safe for society. Azure Sphere provides an end-to-end solution that enables any device manufacturer to create highly-secured devices; d… Continue reading Galen Hunt, Microsoft – Application Security Weekly #27