Running Out of Fingers – ASW #93
Full Audio
View Show IndexSegments
1. Pwn2Own In Miami, Cloud Vuln., Deconstructing Web Cache Deception Attacks – ASW #93
Pwn2Own Miami -- Schedule and Live Results show just how profitable deserialization, information leaks, and out-of-bounds flaws are, Insecure configurations expose GE Healthcare devices to attacks demonstrate more simple flaws with high impacts, NSA Offers Guidance on [Mitigating Cloud Vulnerabilities Mitigating Cloud Vulnerabilities] across four major classes of misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities that represent the majority of known vulns, Azure Security Benchmark—90 security and compliance best practices for your workloads in Azure, and Enumerating Docker Registries with go-pillage-registries for pentesters searching for useful information. Deconstructing Web Cache Deception Attacks is another class of problems like HTTP Response Smuggling that takes advantage of inconsistencies in systems that handle web traffic.
Hosts
2. Dynamically Protecting Mobile Applications With RASP – John Butler – ASW #93
Mobile applications are a rapidly growing attack surface and the tools and techniques being used to compromise these environments are constantly evolving. As the provider in mobile application protection mapping to two out of 10 security risks found in the OWASP Mobile Top 10, Guardsquare is most effective in providing advanced detection for on-device and off-device attacks. Guardsquare s RASP library adds resilience and prevents a vast array of dynamic attack vectors by providing detection for indicators of threat and compromise, including hooking, jailbreaking, rooting, code tampering - as well providing obstruction for debugger and emulator attachments of all types. To request a demo with Guardsquare, please visit: https://securityweekly.com/guardsquare
Guest
John Butler is a presales engineer at GuardSquare. Before joining GuardSquare, John worked as a security consultant, providing network and web application penetration testing. He holds several certifications in offensive security and is an active OWASP member.