The Shellsharks Podcast

Join myself (@shellsharks) and Scott Contini (from https://littlemaninmyhead.wordpress.com) as we discuss cryptography, AppSec, Log4J and more!

Show Notes

Main Show

• Little Man In My Head: https://littlemaninmyhead.wordpress.com
• Java Cryptography Architecture (JCA) Reference Guide - https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/CryptoSpec.html
• NaCl: Networking and Cryptography library: https://nacl.cr.yp.to
• Don’t Roll Your Own Crypto: https://www.vice.com/en/article/wnx8nq/why-you-dont-roll-your-own-crypto
• Sony Playstation Hardcoded Key: https://www.engadget.com/2010-12-29-hackers-obtain-ps3-private-cryptography-key-due-to-epic-programm.html
• Cryptology vs Cryptography vs Cryptanalysis: https://militaryembedded.com/comms/encryption/cryptology-cryptography-and-cryptanalysis
• Deprecating MD5: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r2.pdf
• Ron Rivest: https://people.csail.mit.edu/rivest/
• Quantum Cryptography: https://csrc.nist.gov/projects/post-quantum-cryptography
• AppSec Australia: https://www.meetup.com/en-AU/appsec-australia/
• Grover’s Algorithm: https://en.wikipedia.org/wiki/Grover%27s_algorithm
• Internet Communications - TLS: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/
• DevSecOps: Just one definition - https://www.devsecops.org
• OWASP: https://owasp.org
• CAPTCHA: https://support.google.com/a/answer/1217728?hl=en
• reCAPTCHA: https://www.google.com/recaptcha/about/
• Analyzing the OWASP Top 10: https://shellsharks.podbean.com/e/analyzing-the-owasp-top-10-2021/
• OWASP Top 10: https://owasp.org/www-project-top-ten/
• OWASP ASVS: https://owasp.org/www-project-application-security-verification-standard/
• SAST: https://www.synopsys.com/glossary/what-is-sast.html
• Microservices: https://microservices.io
• DAST: https://www.whitesourcesoftware.com/resources/blog/dast-dynamic-application-security-testing/
• OWASP Zap: https://owasp.org/www-project-zap/
• SCA: https://www.synopsys.com/glossary/what-is-software-composition-analysis.html
• Inception: https://www.imdb.com/title/tt1375666/
• Checkmarx Codebashing: https://checkmarx.com/product/codebashing-secure-code-training/
• Security Champions: https://www.synopsys.com/blogs/software-security/security-champions-program-appsec-culture/
• NIST SP 800-63B, Digital Identity Guidelines: https://pages.nist.gov/800-63-3/sp800-63b.html
• TruffleHog: https://trufflesecurity.com/trufflehog
• Log4Shell: https://log4shell.com/
• CISA on Log4J Issue: https://www.cisa.gov/news/2021/12/11/statement-cisa-director-easterly-log4j-vulnerability
• Heartbleed: https://heartbleed.com
• Shellshock: https://nvd.nist.gov/vuln/detail/CVE-2014-6271
• The Morris Worm: https://www.fbi.gov/news/stories/morris-worm-30-years-since-first-major-attack-on-internet-110218
• ETERNALBLUE: https://nvd.nist.gov/vuln/detail/CVE-2017-0143
• WANNACRY: https://www.cisa.gov/uscert/sites/default/files/FactSheets/NCCIC%20ICS_FactSheet_WannaCry_Ransomware_S508C.pdf
• Mandiant’s Report on Solarwinds Incident: https://www.mandiant.com/resources/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor
• BurpSuite: https://portswigger.net/burp

    Postshow

• Domain Squatting: https://www.godaddy.com/garage/what-is-domain-squatting-and-what-can-you-do-about-it/