New Year, Same Security Problems – Kris Lahiri – ESW #256
It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for…
Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes – ASW #179
The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security…
Broadening What We Call AppSec – Christien Rioux – ASW #179
There’s an understandable focus on “shift left” in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into…
Bringing Autonomy to AppSec – Dr. David Brumley – ESW #255
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA….
Latest Log4j, Outages & Availability, FPGA Security Concepts, & Bug Bounty Awards – ASW #178
Log4j has more updates and more vulns (but probably not more heartburn…), revisiting outages and whether availability has made it into your threat models, deep…
The Future Is Now: Model-Driven Security Using Data Science – Jim Routh – CSP #48
Sponsored By Visit https://www.cybereason.com/cisostories for more information! Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks…
Are We Ever Going to Get Information Sharing Right? – Edna Conway – ESW #252
In this interview, we discuss defenders sharing information, how Edna deals with Azure’s supply chain challenges, ransomware trends, and some future predictions. Edna has been…
Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach – ASW #176
This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach,…
PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling – ASW #174
In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML…
Lessons Learned from Building an ISAC – Grant Sewell – CSP #59
Sponsored By Visit https://www.cybereason.com/cisostories for more information! Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a…
New Year, Same Security Problems – Kris Lahiri – ESW #256
It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for…
Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes – ASW #179
The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security…
Broadening What We Call AppSec – Christien Rioux – ASW #179
There’s an understandable focus on “shift left” in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into…
Bringing Autonomy to AppSec – Dr. David Brumley – ESW #255
Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA….
Latest Log4j, Outages & Availability, FPGA Security Concepts, & Bug Bounty Awards – ASW #178
Log4j has more updates and more vulns (but probably not more heartburn…), revisiting outages and whether availability has made it into your threat models, deep…
The Future Is Now: Model-Driven Security Using Data Science – Jim Routh – CSP #48
Sponsored By Visit https://www.cybereason.com/cisostories for more information! Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks…
Are We Ever Going to Get Information Sharing Right? – Edna Conway – ESW #252
In this interview, we discuss defenders sharing information, how Edna deals with Azure’s supply chain challenges, ransomware trends, and some future predictions. Edna has been…
Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach – ASW #176
This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach,…
PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling – ASW #174
In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML…
Filter By:
Lessons Learned from Building an ISAC – Grant Sewell – CSP #59
Sponsored By Visit https://www.cybereason.com/cisostories for more information! Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a…