Application Security Weekly (Audio) Podcast Por Security Weekly Productions arte de portada

Application Security Weekly (Audio)

Application Security Weekly (Audio)

De: Security Weekly Productions
Escúchala gratis

Acerca de esta escucha

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.© 2024 CyberRisk Alliance Política y Gobierno
Episodios
  • How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336
    Jun 24 2025

    Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Artur Cygan shares his experience in building and applying fuzzers to barcode scanners, smart contracts, and just about any code you can imagine. We go through the useful relationship between unit tests and fuzzing coverage, nudging fuzzers into deeper code paths, and how LLMs can help guide a fuzzer into using better inputs for its testing.

    Resources

    • https://blog.trailofbits.com/2024/10/31/fuzzing-between-the-lines-in-popular-barcode-software/
    • https://github.com/crytic/echidna
    • https://github.com/crytic/medusa
    • https://lcamtuf.blogspot.com/2014/11/pulling-jpegs-out-of-thin-air.html

    Visit https://www.securityweekly.com/asw for all the latest episodes!

    Show Notes: https://securityweekly.com/asw-336

    Más Menos
    1 h y 1 m
  • Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
    Jun 17 2025

    What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list like STRIDE? Has an effective process ever come out of a list? Farshad Abasi joins our discussion as we explain why the answer to most of those questions is No and describe the kinds of approaches that are more conducive to useful threat models.

    Resources:

    • https://www.eurekadevsecops.com/agile-devops-and-the-threat-modeling-disconnect-bridging-the-gap-with-developer-insights/
    • https://www.threatmodelingmanifesto.org
    • https://kellyshortridge.com/blog/posts/security-decision-trees-with-graphviz/

    In the news, learning from outage postmortems, an EchoLeak image speaks a 1,000 words from Microsoft 365 Copilot, TokenBreak attack targets tokenizing techniques, Google's layered strategy against prompt injection looks like a lot like defending against XSS, learning about code security from CodeAuditor CTF, and more!

    Visit https://www.securityweekly.com/asw for all the latest episodes!

    Show Notes: https://securityweekly.com/asw-335

    Más Menos
    1 h y 8 m
  • Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
    Jun 10 2025

    CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements on safety and many of them rely on protocols that are four (or more!) decades old. He explains how the considerations in this space go far beyond just memory safety concerns.

    Segment Resources:

    • https://www.cisa.gov/sites/default/files/2025-01/joint-guide-secure-by-demand-priority-considerations-for-ot-owners-and-operators-508c_0.pdf
    • https://www.youtube.com/watch?v=vHSXu1P4ZTo

    Visit https://www.securityweekly.com/asw for all the latest episodes!

    Show Notes: https://securityweekly.com/asw-334

    Más Menos
    1 h y 9 m
Todavía no hay opiniones