Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more!

Show Notes

Main Show

Little Man In My Head: https://littlemaninmyhead.wordpress.com
Java Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html
NaCl: Networking and Cryptography library: https://nacl.cr.yp.to
Don’t Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto
Sony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.html
Cryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysis
Deprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf
Ron Rivest: https://people.csail.mit.edu/rivest/
Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptography
AppSec Australia: https://www.meetup.com/en-AU/appsec-australia/
Grover’s Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithm
Internet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
DevSecOps: Just one definition - https://www.devsecops.org
OWASP: https://owasp.org
CAPTCHA: https://support.google.com/a/answer/1217728?hl=en
reCAPTCHA: https://www.google.com/recaptcha/about/
Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/
OWASP Top 10: https://owasp.org/www-project-top-ten/
OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
SAST: https://www.synopsys.com/glossary/what-is-sast.html
Microservices: https://microservices.io
DAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/
OWASP Zap: https://owasp.org/www-project-zap/
SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.html
Inception: https://www.imdb.com/title/tt1375666/
Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/
Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/
NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html
TruffleHog: https://trufflesecurity.com/trufflehog
Log4Shell: https://log4shell.com/
CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
Heartbleed: https://heartbleed.com
Shellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218
ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143
WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf
Mandiant’s Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor
BurpSuite: https://portswigger.net/burp
    Postshow

Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/