Tuesday, January 31, 2023
OWASP Podcast

2022 Year in Review

In this episode, I go solo and review the last year of podcasts but with a twist. I do my best to compare the topics covered to the OWASP Flagship projects. The goal is to see if the episodes...
OWASP Podcast

You've got some Kubernetes in my AppSec!

In this episode, I speak with Jimmy Mesta, the project leader of the new OWASP Kubernetes Top 10. Beyond covering the actual Kubernetes Top 10 project, we cover how AppSec has expanded to cover other areas. You not...
OWASP Podcast

Little Zap of Horrors

In this episode, I speak with Simon Bennetts, the creator of OWASP Zed Attack Proxy lovely known as ZAP. We talk about how it all got started, some of the surprises and lessons learned running a wildly successful...
OWASP Podcast

Breaching the wirefall with community

In this episode, Matt Tesauro hosts wirefall to talk about creating and growing a security community and his 26 years of pen testing experience. In wirefall's case, it's the Dallas Hackers Association or DHA. Our conversation includes what motivated...
OWASP Podcast

Going Way Beyond 2FA

In this episode, Matt Tesauro hosts Neil Matatall to talk about going beyond 2FA as he relates lessons learned from Twitter and Github on account security. This is another episode with some good nuggets of wisdom and some sound...
OWASP Podcast

Getting Lean and Mean in the DefectDojo

In this episode, Matt Tesauro hosts Greg Anderson and Cody Maffucci to talk about OWASP DefectDojo. DefectDojo is an OWASP flagship project that aims to be the single source of truth for AppSec or Product Security teams. ...
OWASP Podcast

Giving a jot about JWTs: JWT Patterns and Anti-Patterns – OWASP Podcast e002

In this episode, Matt Tesauro hosts David Gillman about JWT Patterns and Anti-Patterns. I first met David at LASCON in the fall of 2021 when I sat in on his conference talk. Based on David’s experiences with JWTs...
OWASP Podcast

Threat Modeling using the Force with Adam Shostack – OWASP Podcast e001

In this episode, Matt Tesauro hosts Adam Shostack to talk about threat modeling - not only what it is but what Adam has learned from teaching numerous teams how to do threat modeling. Learn what makes a good threat...
OWASP Podcast

The Void: Verica Open Incident Database

Welcome back to the OWASP podcast. In this episode, we're headed to The VOID. I speak with Courtney Nash about the Verica Open Incident Database, otherwise known as The VOID, which is a collection of software-related incident reports available...
OWASP Podcast

Fast Times at SBOM High with Wendy Nather and Matt Tesauro

Hello, it's Matt Tesauro. Welcome back to my take on the OWASP Podcast. It seems as if I'm turning my episodes into the equivalent of a conference hall track, those wonderful interactions you have at conferences, running between rooms...
OWASP Podcast

SAFe or UnSAFe at Any Speed

“I absolutely hate SAFe!” -- Bryan Finster That is Bryan Finster, Distinguished Engineer at Defense Unicorns out of Colorado Springs. I was scrolling through LinkedIn a couple days ago, saw a thread on SAFe, The Scaled Agile Framework, and what...
OWASP Podcast

Tanya Janca – She Hacks Purple

Hello, I'm Matt Tesauro, one of the OWASP Podcast co-hosts. I had the opportunity to interview Tanya Janca for this podcast. To be honest, I kind of wish it was a video recording because you'd be able to see...
OWASP Podcast

New Ideas. New Voices. New Hosts.

8 years ago I took over the OWASP Podcast from Jim Manico, originator of the project. In that time over 160 episodes have been published, with over 500,000 downloads. It has been a fun project, but it’s time to...

GitHub says hackers cloned code-signing certificates in breached repository

Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place...
Security Affairs

QNAP addresses a critical flaw impacting its NAS devices

Taiwanese vendor QNAP is warning customers to install QTS and QuTS firmware updates to address a critical flaw impacting its NAS devices. QNAP released QTS and QuTS firmware updates to address a critical vulnerability, tracked as CVE-2022-27596 (CVSS v3 score: 9.8), that...
The Register

Chromebook SH1MMER exploit promises admin jailbreak

Schools' laptops are out if this one gets around, but beware bricking Users of enterprise-managed Chromebooks now, for better or worse, have a way to break the shackles of administrative control through an exploit called SHI1MMER.…

MusicLM: Google AI generates music in various genres at 24 kHz

Enlarge / An AI-generated image of an exploding ball of music. (credit: Ars Technica) On Thursday, researchers from Google announced a new generative AI model called MusicLM that can create...

Russia's Sandworm APT Launches Swarm of Wiper Attacks in Ukraine

The incidents are the latest indication of the growing popularity of dangerous disk wipers, created to disrupt and degrade critical infrastructure and other organizations.