Tanya Janca, also known as SheHacksPurple, is a senior cloud advocate for Microsoft, specializing in application, cloud security, and more! Tanya is joining us on the show to talk about DevSecOps and Securing Software Supply Chains!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode64 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Duo reveals a path from a Docker container to its host, Google fumbles some password functionality, GitHub makes dependency tracking more dependable, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly
Mike and John delve into some DevSecOps topics. They discuss good design patterns that emerged from cloud native environments, Kubernetes and containers, and building blocks of unique services in the AppSec world.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode63 Follow us on Twitter: https://www.twitter.com/securityweekly
Cisco Expressway goes off path and a Cisco IOS XE vuln goes for emojis, More erosion of CPU data boundaries, RDP patches a pre-auth problem and even resuscitates a patch process for XP, Microsoft's Attack Surface Analyzer gives DevSecOps teams more data, Clear design goals for better privacy and security, and Google Security blogs that basics are best!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly
Mike Shema and John Kinsella interview Cody Wood. Cody Wood is the AppSec Product Support Engineer at Signal Sciences.
To get involved with Signal Sciences, visit: https://securityweekly.com/signalsciences
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode62 Follow us on Twitter: https://www.twitter.com/securityweekly
In the Application News, Chrome constrains the cookies and Edge pushes privacy, Windows builds a sandbox for Linux, Android Q for more quarantined code with more LLVM features, Steve Singh stepping down as Docker CEO, and Verizon releases its 2019 DBIR! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Derek Weeks joins us to talk about DevSecOps and Securing Software Supply Chains. Derek is the VP and DevOps Advocate at Sonatype. Derek is the world's foremost researcher on the topic of DevSecOps and securing software supply chains.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode61 Follow us on Twitter: https://www.twitter.com/securityweekly
Firefox gives more scrutiny to add-ons but Firefox also forgot to give more scrutiny to a cert, Path traversals trampled by ransomware, Secure Software Design: The Next Frontier In Cybersecurity, Trust the Stack, Not the People, VRT adds a CAN, and MDM, parental controls, and security.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60
Follow us on Twitter: https://www.twitter.com/securityweekly
Sven joins us to talk about securing our applications, how confident can we be about the security of web applications, and how we can make it easier to build applications that we don't need to worry about the OWASP top 10 because of secure defaults.
To learn more about Netsparker, visit: https://securityweekly.com/netsparker
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode60
Follow us on Twitter: https://www.twitter.com/securityweekly
In the Application Security News, Software update gums up fingerprints, a counterproductive security practice expires thanks to well-considered guidelines, Docker Hub breach response, a path to hacking Ruby Gems, 5 Security Challenges to API Protection, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, we welcome Larry Maccherone, Senior Director of Comcast, to talk about the world of SecOps vs. DevSecOps!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode59 Follow us on Twitter: https://www.twitter.com/securityweekly
In the Application Security News, Breach at IT outsourcer Wipro, SCP serves the file it wants, Confluence Path traverses to RCE, another Local PrivEsc on Windows, easier sandboxing for C and C++ APIs, and Computer Science plus Ethics!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58
Follow us on Twitter: https://www.twitter.com/securityweekly
Thomas is the creator of the Salt open source software project and the CTO of SaltStack, the company behind Salt. He has spent his career writing software to orchestrate and automate the work of securing and maintaining enterprise IT infrastructure from core data center systems to the very edge of the network and IoT.
To learn more about SaltStack, visit: https://securityweekly.com/saltstack
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode58
Follow us on Twitter: https://www.twitter.com/securityweekly
3D fingerprints and unlocking Android, Ticking off another command injection, Alexa, audio, and annotations, STS no longer just for HTTP, and Hardenize goes beyond TLS.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly
This last week was pretty busy with announcements and presentations from the Google Next Conference. In 2018 they previewed some security tools and this year many of them are now GA along with a lot of other developer-focused services.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode57 Follow us on Twitter: https://www.twitter.com/securityweekly
In the News segment, The Matrix turns 20, Containers are Weakest Security Leak Again, The Evolution of Application Security in the Serverless World, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, we welcome Loris Degioanni from Sysdig to discuss their open source container native runtime security project called Falco!
To learn more about Sysdig, visit: https://securityweekly.com/sysdig Full Show Notes: https://wiki.securityweekly.com/ASW_Episode56 Follow us on Twitter: https://www.twitter.com/securityweekly
XSS Vulnerability in Abandoned Cart Plugin Leads to WordPress Site Takeover, The RedMonk Programming Language Rankings: January 2019, I Deleted Facebook Last Year; Here's What Changed (and What Didn't), CommitStrip: Over-excited, and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode55 Follow us on Twitter: https://www.twitter.com/securityweekly
Owner of MAGA-Friendly Yelp Knockoff Threatens to Call FBI After Researcher Exposes Security Holes, Chinese Data Breach Exposes 'Breed Ready' Status Of Almost 2 Million Women, Dozens of companies leaked sensitive data thanks to misconfigured Box accounts, DARPA Is Building a $10 Million, Open Source, Secure Voting System, and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode54 Follow us on Twitter: https://www.twitter.com/securityweekly
Jamie Duncan is a recovering history major who has been at Red Hat for just over 7 years. Beginning with his role as a TAM, his focus has increasingly centered on the operations-oriented features of OpenShift, including the May 2018 publication of OpenShift In Action by Manning Publishing. Jamie has had this discussion with customers, OpenShift advocates, and technology fans on multiple continents to date.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode54 Follow us on Twitter: https://www.twitter.com/securityweekly
WordPress accounted for 90 percent of all hacked CMS sites in 2018, Japanese police charge 13-year-old for sharing 'unclosable popup' prank online, Facebook exploit – Confirm website visitor identities, NSA's top policy advisor: It's time to start putting teeth in cyber deterrence, study shows programmers will take the easy way out and not implement proper password security, and the CommitStrip for the week on Why check for incognito mode?
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode53 Follow us on Twitter: https://www.twitter.com/securityweekly
Keith and Paul discuss the structure and experiences of 2019's RSA Conference.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode53 Follow us on Twitter: https://www.twitter.com/securityweekly
Matt Springfield is the founder of 12Feet, Inc. an information security consulting firm based in the Dallas area. Matt has more than 23 years of information security experience spanning operations, architecture and consulting with a focus on large scale retail and service provider environments.
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode52 Follow us on Twitter: https://www.twitter.com/securityweekly
Many websites threatened by highly critical code-execution bug in Drupal, UK parliament calls for antitrust, data abuse probe of Facebook, CommitStrip: Get rich quick, Google says the built-in microphone it never told Nest users about was 'never supposed to be a secret', and much more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode52 Follow us on Twitter: https://www.twitter.com/securityweekly
A PNG Android Vulnerability, 620 Million Stolen Accounts for Sale on the Dark Web, How Shifting Security Left Speeds Development and more!
Full Show Notes: https://wiki.securityweekly.com/ASW_Episode51 Follow us on Twitter: https://www.twitter.com/securityweekly