Malicious Ruby Gems & JSON Web Token Bypass - ASW #104 | Security Weekly Podcast Network (Video) Podcast

Malicious Ruby Gems & JSON Web Token Bypass - ASW #104: This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A... by Application Security Weekly (Video)

35 min listen

Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190: In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

42 min listen

Okta & LAPSUS$, Fuzzing Rust, SQL Injection & Stale Code, Log4j Lessons - ASW #190: In the AppSec News: Okta breach, fuzzing Rust find ReDos, SQL injection and the age of code, Log4j numbers paint a not-pretty picture Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

42 min listen

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165: This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit for all the... by Security Weekly Podcast Network (Video)

37 min listen

OWASP Top 10, CISA Bad Practices, Azurescape, Confluence RCE, & API Security Tokens - ASW #165: This week in the AppSec News, Mike and John talk: OWASP Top 10 draft for 2021, bad practices noted by CISA, Azurescape cross-account takeover, Confluence RCE, WhatsApp image handling, API security tokens survey, & more! Visit for all the... by Application Security Weekly (Video)

37 min listen

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Application Security Weekly (Video)

33 min listen

JSON, OpenSSL, Educational Resources, & Flaws in CodeQL - ASW #141: This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more! ... by Security Weekly Podcast Network (Video)

33 min listen

Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199: This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! ... by Security Weekly Podcast Network (Video)

37 min listen

Pwn2own, Verizon's DBIR, Zoom's XMPP Flaws, $10M Bounty, & More Bad Packages - ASW #199: This week in the AppSec News: Pwn2own results, reading the DBIR for appsec insights, XMPP flaws in Zoom, $10M bounty for a blockchain bridge vuln, researcher puts malicious payloads in ancient packages, Argo patches JWT handling, & more! ... by Application Security Weekly (Video)

37 min listen

Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172: This week in the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations! Visit for all the latest... by Application Security Weekly (Video)

39 min listen

Discourse RCE, Trojan Source, WhatsApp Security, & Privacy Engineering - ASW #172: This week in the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations! Visit for all the latest... by Security Weekly Podcast Network (Video)

39 min listen

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Application Security Weekly (Video)

31 min listen

Hertzbleed, SynLapse, Java Deserialization, More MFA, Firmware Flaws, & Zombie 0-Day - ASW #201: This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! Visit for all the latest... by Security Weekly Podcast Network (Video)

31 min listen

ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164: This week in the Application Security News, Mike and John talk: Flaws in Azure's CosmosDB, OpenSSL vulns in string handling, dating app location security, cloud security orienteering, detailed S3 threat model, & more! Show Notes: Visit ... by Application Security Weekly (Video)

35 min listen

ChaosDB, OpenSSL String Bugs, Revealing Locations, & More Top 15 Vulns - ASW #164: This week in the Application Security News, Mike and John talk: Flaws in Azure's CosmosDB, OpenSSL vulns in string handling, dating app location security, cloud security orienteering, detailed S3 threat model, & more! Show Notes: Visit ... by Security Weekly Podcast Network (Video)

35 min listen

OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166: This week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka... by Security Weekly Podcast Network (Video)

32 min listen

OMIGOD, FORCEDENTRY, Code Ownership, Security as a Product, & IoT Device Criteria - ASW #166: This week in the AppSec News, Mike and John talk: RCE in Azure OMI, punching a hole in iMessage BlastDoor, Travis CI exposes sensitive environment variables, keeping code ownership accurate, deploying security as a product, IoT Device Criteria (aka... by Application Security Weekly (Video)

32 min listen

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168: In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

37 min listen

Prototype Pollution, Funding Open Source Security, Expiring Root CA, Mariana Trench - ASW #168: In the AppSec News, John and Mike discuss Prototype pollution vulns, funding open source project hardening, Let's Encrypt root CA expires, and Marian Trench scanner for Android and Java! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

37 min listen

Yubico, Symantec, & Sophos - Enterprise Security Weekly #124: In the Enterprise Security News, we will discuss how Cynets Platform approach tames cyber security issues, Salt Security launches API protection platform, Yubicos 2019 state of password and authentication security report, and we have some acquisition... by Enterprise Security Weekly (Video)

40 min listen

Yubico, Symantec, & Sophos - Enterprise Security Weekly #124: In the Enterprise Security News, we will discuss how Cynets Platform approach tames cyber security issues, Salt Security launches API protection platform, Yubicos 2019 state of password and authentication security report, and we have some acquisition... by Security Weekly Podcast Network (Video)

40 min listen

Router Auth Bypass, Weak IoT RNG, HTTP/2 Request Smuggling, & Kindle Fuzzing - ASW #161: This week in the AppSec News: Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Checklist, & more! Visit for all the latest episodes!... by Application Security Weekly (Video)

34 min listen

Router Auth Bypass, Weak IoT RNG, HTTP/2 Request Smuggling, & Kindle Fuzzing - ASW #161: This week in the AppSec News: Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in HTTP/2, Kindle Fuzzing, Kubernetes Hardening, Countering Dependency Confusion, ATO Checklist, & more! Visit for all the latest episodes!... by Security Weekly Podcast Network (Video)

34 min listen

Thinking Alike - ASW #161: This week, we welcome Tom Hudson, Security Research Team Lead at Detectify, to discuss Securing Modern Web Apps: Development Techniques are Changing! In the AppSec News, Hardware hacking for authn bypass and analyzing IoT RNG, Request Smuggling in... by Security Weekly Podcast Network (Audio)

66 min listen

Docker Boundaries, Google Bounties, 2021's Top Web Hacks, Apple AirTags, AI vs. RFCs - ASW #184: In the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition research! Visit for all the latest episodes!... by Application Security Weekly (Video)

39 min listen

Docker Boundaries, Google Bounties, 2021's Top Web Hacks, Apple AirTags, AI vs. RFCs - ASW #184: In the AppSec News: Docker and security boundaries, Google's year in vuln awards, 2021's year in web hacks, Apple AirTags and privacy, turning AIs onto RFCs for security, & facial recognition research! Visit for all the latest episodes!... by Security Weekly Podcast Network (Video)

39 min listen

Vulns in Markdown Parsers, Census II & Open Source Security, iCloud Private Relay - ASW #187: In the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools! Visit for all the latest episodes! Show Notes: by Application Security Weekly (Video)

31 min listen

Vulns in Markdown Parsers, Census II & Open Source Security, iCloud Private Relay - ASW #187: In the AppSec News: Finding vulns in markdown parsers, Census II and widespread open source dependencies, inside iCloud Private Relay, and cloud pentesting tools! Visit for all the latest episodes! Show Notes: by Security Weekly Podcast Network (Video)

31 min listen

Hospital Hackers, $500K Zoom 0day, & SFO Windows Hackers - PSW #647: This week in the Security News, How to teach your iPhone to recognize you while wearing a mask, Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic, VMware plugs critical flaw in vCenter Server, Russian state... by Security Weekly Podcast Network (Video)

84 min listen

Vulnerability Madness, IoT Botnets, & Breach Chaos - PSW #650: In the Security News, Naikon APT Hid Five-Year Espionage Attack Under Radar, PoC Exploit Released for DoS Vulnerability in OpenSSL, 900,000 WordPress sites attacked via XSS vulnerabilities, Kaiji, a New Linux Malware Targets IoT Devices in the Wild,... by Security Weekly Podcast Network (Video)

94 min listen

Discover this podcast and so much more

Malicious Ruby Gems & JSON Web Token Bypass - ASW #104

Malicious Ruby Gems & JSON Web Token Bypass - ASW #104

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes