Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks – ASW #93

 

 

Pwn2Own Miami — Schedule and Live Results show just how profitable deserialization, information leaks, and out-of-bounds flaws are, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on [Mitigating Cloud Vulnerabilities Mitigating Cloud Vulnerabilities] across four major classes of misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities that represent the majority of known vulns, Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure, and Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information.
Deconstructing Web Cache Deception Attacks is another class of problems like HTTP Response Smuggling that takes advantage of inconsistencies in systems that handle web traffic.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks

Featured Flaws & Big Breaches
Cloud, Code & Controls
Learning & Tools

Hosts

Matt Alderman
Matt Alderman – CEO
Mike Shema
Mike Shema – Product Security Lead

Guests

Announcements

  • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • Attend RSA Conference 2020, February 24-28 in San Francisco, CA! Visit securityweekly.com/rsac2020 to sponsor an interview with us on-site at the conference or register using our code to save $150!