JWT, Cross-Browser Tracking, Advocating and being on the Side of Developers, and more

6:54
 
Share
 

Manage episode 294621222 series 2892732
By Security Journey. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

1. JWT should not be your default for sessions
JWT is a bad default -- be deliberate and careful when you use it.
2. Exploiting custom protocol handlers for cross-browser tracking in Chrome, Firefox, Safari, and Tor
Protecting user privacy is a foundational capability of the web browser, and scheme flooding violates that capability.
3. Dustin Lehr -- Advocating and being on the side of developers
As AppSec people, work hard to be an advocate for your developers and evaluate tools that will work for them.​
4. Send My: Arbitrary data transmission via Apple's Find My Network
As consumers, we need to push back on this idea that our devices are used together to form super networks, without us opting in.
5. 47 powerful open-source app sec tools you should consider
Application security tools save us time by doing something manual and providing an automated series of steps to make the action repeatable.​

22 episodes