logo
episode-header-image
Apr 2020
12m 32s

JavaScript Vulnerabilities with Tim Kadl...

Google
About this episode

(Originally aired on YouTube on May 30, 2018)

Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challenge of making your organization aware of these risks, and how they could be exploited.

Snyk State of Open Source Security report → https://goo.gle/3eD00Bv 

HTTP Archive report on vulnerable JavaScript → https://goo.gle/2yub1Vp 

HTTP Archive report on vulnerabilities per page → https://goo.gle/3eFOTI3

Up next
Nov 2020
HTTP Archive's 10th Anniversary
(November 19, 2020) Rick meets with Steve Souders, who created the HTTP Archive project 10 years ago this month, to talk about its origins and reflect on it's growth. They're also joined by Patrick Meenan, creator of WebPageTest and maintainer of HTTP Archive, along with Paul Cal ... Show More
48m 46s
Jul 2020
Design Systems with Brad Frost - The State of the Web
(February 5, 2020) In this episode of the State of the Web, Rick Viscomi talks with Brad Frost (Web Designer and author of Atomic Design) about design systems highlighting web design, material design, and more. Let’s get started! For more info about everything discussed in this v ... Show More
28m 4s
Jul 2020
Accessibility with Marcy Sutton - The State of the Web
(January 8 , 2020) In this episode of the State of the Web, Rick Viscomi talks with Marcy Sutton (Head of Learning at Gatsby Inc) about web accessibility. Learn about what accessibility means, the impact of the Domino’s ruling, and more in this episode. For more info about everyt ... Show More
17m 44s
Recommended Episodes
Mar 2021
High severity flaw can crash your WebServer when using OpenSSL - Let us discuss
On Thursday, OpenSSL maintainers released a fix for two high severity vulnerabilities, let us discuss the impact. OpenSSL two major vulnerabilities 0:00 why OpenSSL 1:00 Bug 1 - Renegotiating TLS 1.2 (CVE-2021-3449) 3:50 Bug 2 - Cert verification bypass (CVE-2021-3450) 8:42 Updat ... Show More
17m 49s
Apr 2021
These New WhatsApp Vulnerabilities Can Leak Images, Voice Notes, and Chat by Opening an HTML message
Few vulnerabilities in WhatsApp for Andriod discovered that allow an attacker to send an HTML file attachment full access to the user's media, voice notes, pictures, and eventually chat messages (through TLS session resumption keys). In this video, we will discuss the scope of th ... Show More
21m 41s
Jul 2021
NodeJS July 2021 Security Releases
In today's show I go through the NodeJS Security Releases for the month of July 2021, lots of interesting vulnerabilities to discuss. 0:00 Intro 1:00 CVE-2021-22918 - libuv DNS Out of bounds Crash 3:40 CVE-2021-22921 - Node Windows installer Local Privilege Escalation 7:30 CVE-20 ... Show More
11m 14s
Mar 2023
A glimpse into Mr. Putin’s cyber war room. 3CXDesktopAppsupply chain risk. XSS flaw in Azure SFX can lead to remote code execution. AlienFox targets misconfigured servers.
The Vulkan papers offer a glimpse into Mr. Putin’s cyber war room. The 3CXDesktopApp vulnerability and supply chain risk. A cross site scripting flaw in Azure Service Fabric Explorer can lead to remote code execution. Rob Boyce from Accenture Security on threats toEV charging sta ... Show More
28m 21s
Jul 2022
This dangerous OpenSSL vulnerability can easily be triggered | CVE-2022-2274 Explained
We discuss the CVE-2022-2274 OpenSSL Vulnerability. The OpenSSL 3.0.4 release introduced a serious bug in the RSA implementation for X86_64 CPUs supporting the AVX512IFMA instructions. This issue makes the RSA implementation with 2048 bit private keys incorrect on such machines a ... Show More
9m 23s
Jan 2023
TA444 and crypto theft on behalf of the Dear Successor. CryptoAPI spoofing vulnerability described. New Python-based malware campaign. User headspace. Tanks vs. hacktivists.
How do the North Koreans get away with it? They do run their cyber ops like a creepy start-up business. A spoofing vulnerability is discovered in Windows CryptoAPI. Python-based malware is distributed via phishing. MacOS may have a reputation for threat-resistance, but users shou ... Show More
29m 40s
May 2021
This Python And NodeJS IP Address Validation Vulnerability is Severe, Watch out
Watch this if you are using IP Address validation in both NodeJS and Python, these two libraries strip leading zeros which can lead to server side request forgery. Let us discuss Resources https://www.bleepingcomputer.com/news/security/critical-netmask-networking-bug-impacts-thou ... Show More
16m 7s
Sep 2023
Malicious ads in a chatbot. A vulnerability gets some clarification. Cl0p switches from Tor to torrents. Influence operations as an adjunct to WMD. And NSA’s new AI Security Center.
Malicious ads in a chatbot. Google provides clarification on a recent vulnerability. Cl0p switches from Tor to torrents. Influence operations as an adjunct to weapons of mass destruction. Our guest Jeffrey Wells, former Maryland cyber czar and partner at Sigma7 shares his thought ... Show More
26m 46s
Sep 2021
Spook.js - This will bloat Chrome even more | The Backend Engineering Show
Spook.js is a new transient execution side channel attack which targets the Chrome web browser. We show that despite Google's attempts to mitigate Spectre by deploying Strict Site Isolation, information extraction via malicious JavaScript code is still possible in some cases. Res ... Show More
18m 5s
Listen to millions of songs and podcasts on Anghami