DiscoverApplication Security Weekly (Video)Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307
Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307

Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307

Update: 2024-11-12
Share

Description

This week, in the Application Security News, we spend a lot of time on some recent vulnerabilities. We take this opportunity to talk about how to determine whether or not a vulnerability is worth a critical response.

Can AI fully automate DevSecOps Governance? Adrian has his reservations, but JLK is bullish.

Is it bad that 70% of DevSecOps professionals don't know if code is AI generated or not?

All that and more on this week's news segment.

Show Notes: https://securityweekly.com/asw-307

Comments 
Top Podcasts
The Best New Comedy Podcast Right Now – June 2024The Best News Podcast Right Now – June 2024The Best New Business Podcast Right Now – June 2024The Best New Sports Podcast Right Now – June 2024The Best New True Crime Podcast Right Now – June 2024The Best New Joe Rogan Experience Podcast Right Now – June 20The Best New Dan Bongino Show Podcast Right Now – June 20The Best New Mark Levin Podcast – June 2024
In Channel
Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307

Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307

2024-11-1235:50

Modernizing AppSec - Melinda Marks - ASW #307

Modernizing AppSec - Melinda Marks - ASW #307

2024-11-1233:41

Total Recall? LLM finds bug in SQLite, C++ safety failures, zero time for zero privs - ASW #306

Total Recall? LLM finds bug in SQLite, C++ safety failures, zero time for zero privs - ASW #306

2024-11-0533:29

Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306

Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306

2024-11-0532:08

Protecting Identity of AI Agents & Standardizing Identity Security for SaaS Apps - Shiven Ramji, Arnab Bose - ASW #305

Protecting Identity of AI Agents & Standardizing Identity Security for SaaS Apps - Shiven Ramji, Arnab Bose - ASW #305

2024-10-2930:42

Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - ASW #305

Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - ASW #305

2024-10-2953:04

JSON Parsing, Email Parsing, CISA's Bad Practices Guide, Abusing Disclosure Policies - ASW #304

JSON Parsing, Email Parsing, CISA's Bad Practices Guide, Abusing Disclosure Policies - ASW #304

2024-10-2238:34

The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304

The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304

2024-10-2238:53

Perl & PHP Vulns, Fuzzing & Parsers, Protecting Multi-Hosted Tenants, Secure Design - ASW #303

Perl & PHP Vulns, Fuzzing & Parsers, Protecting Multi-Hosted Tenants, Secure Design - ASW #303

2024-10-1542:00

RCE from Iconv + PHP, Fuzzing a Codec, Fuzzing LLMs, Revisiting Recall - ASW #302

RCE from Iconv + PHP, Fuzzing a Codec, Fuzzing LLMs, Revisiting Recall - ASW #302

2024-10-0837:03

The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302

The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302

2024-10-0835:34

More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - ASW #301

More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - ASW #301

2024-09-3045:57

Fuzzing for Vulns, GitLab Auth Bypass, JPEG Vulns, Programming Language Ranks - ASW #300

Fuzzing for Vulns, GitLab Auth Bypass, JPEG Vulns, Programming Language Ranks - ASW #300

2024-09-2432:45

Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300

Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300

2024-09-2435:07

A TLD Takeover, An LLM CTF, A Firmware Flaw, 6 Truths of Cyber Risk - ASW #299

A TLD Takeover, An LLM CTF, A Firmware Flaw, 6 Truths of Cyber Risk - ASW #299

2024-09-1729:16

Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299

Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299

2024-09-1733:10

Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298

Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298

2024-09-1056:25

Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault

Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault

2024-09-0237:48

Apache HTTPD Vulns, Hacking IoT Speakers, Use Cases for WASM, Slack AI Leak - ASW #297

Apache HTTPD Vulns, Hacking IoT Speakers, Use Cases for WASM, Slack AI Leak - ASW #297

2024-08-2727:08

Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297

Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297

2024-08-2737:21

loading
Google Play
Download from Google Play
Castbox
Download from App Store
usUnited States
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307

Typosquatting NPM, vulnerability analysis, and AI challenges - ASW #307