ASW #220 - Daniel Krivelevich

<p>CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews</p> <p> </p> <p>Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to identify vulnerabilities to help defenders focus on areas to secure their CI/CD ecosystem. They created a free learning tool with a deliberately vulnerable environment to demonstrate these flaws -- “CI/CD Goat”. Like similar tools, this helps appsec and devops teams gain a better understanding of major CI/CD security risks and, importantly, their appropriate countermeasures.</p> <p>Segment Resources:</p> <p>- <a href= "https://www.cidersecurity.io/top-10-cicd-security-risks/">https://www.cidersecurity.io/top-10-cicd-security-risks/</a></p> <p>- <a href= "https://github.com/cider-security-research/top-10-cicd-security-risks"> https://github.com/cider-security-research/top-10-cicd-security-risks</a></p> <p>- <a href= "https://www.cidersecurity.io/blog/research/ci-cd-goat/">https://www.cidersecurity.io/blog/research/ci-cd-goat/</a></p> <p>- <a href= "https://github.com/cider-security-research/cicd-goat">https://github.com/cider-security-research/cicd-goat</a></p> <p> </p> <p>Visit <a href= "https://www.securityweekly.com/asw">https://www.securityweekly.com/asw</a> for all the latest episodes!</p> <p>Follow us on Twitter: <a href= "https://www.twitter.com/secweekly">https://www.twitter.com/secweekly</a></p> <p>Like us on Facebook: <a href= "https://www.facebook.com/secweekly">https://www.facebook.com/secweekly</a></p> <p> </p> <p>Show Notes: <a href= "https://securityweekly.com/asw220">https://securityweekly.com/asw220</a></p>