Application Security Weekly Episode #136 – January 11, 2021
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Fuzz Testing – 12:30 PM-01:00 PM
Announcements
-
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
-
Learn how to conquer cloud complexity in our first Security Weekly webcast of 2021 on January 28th @ 11am ET! Register at https://securityweekly.com/webcasts. If you missed any of our 2020 webcasts or technical trainings, they are available at https://securityweekly.com/ondemand
Description
Fuzzing can be successful appsec strategy for finding software bugs. And deploying a fuzzer no longer needs to be a cumbersome process. Find out how fuzzing can help secure software beyond just memory safety issues and what the future holds for making this strategy more effective for modern apps.
Guest(s)
Andrei Serban – Co-Founder at Fuzzbuzz |
Andrei is the CEO and co-founder of Fuzzbuzz, a security startup based in San Francisco, that builds fuzz testing tools and infrastructure to help developers find severe vulnerabilities and bugs in their code with minimal effort. Today, Fuzzbuzz works with some of the largest tech companies to reduce the number of vulnerabilities that make it into production by enabling teams to fuzz test as part of their DevSecOps pipeline, finding bugs as soon as they get introduced. Andrei studied Computer Science at University of Waterloo before dropping out to start Fuzzbuzz and accept the Thiel Fellowship. |
Hosts
John Kinsella – Chief Architect at Accurics |
Matt Alderman – Executive Director at CyberRisk Alliance |
Mike Shema – Product Security Lead at Square |
2. Google 2FA Cloning, Speed vs. Security, & “Hack The Army” Bug Bounty 3.0 – 01:00 PM-01:30 PM
Announcements
-
Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!
-
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Description
Significant source code leak from misconfigured repo, side-channel attack on hardware authentication keys, a third bug bounty for the U.S. Army, the cost of poor software quality, the benefits of DevOps approaches to building systems.
Hosts
John Kinsella –
|
Matt Alderman – |
Mike Shema –
|