POPULARITY
Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and setting an example for transparency in security disclosures. Segment resources https://youtu.be/ydg95R2QKwM 00:00 Welcome to Application Security Weekly! 01:49 Meet the Experts 03:28 What Are Non-Human Identities? 06:17 Balancing Security & Usability 08:24 MFA Challenges & Admin Security 12:09 Navigating Breaking Changes 16:05 Security by Design in Action 18:42 Identity Management for Startups 20:18 Secure by Design: Real Impact 24:03 Transparency After a Critical Vulnerability 31:39 Looking Ahead to 2025 32:45 Application Security in Three Words Show Notes: https://securityweekly.com/asw-311
We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays and yawns. CISA's Secure by Design and Secure by Default CVSS 4.0 Generative AI MFA mandates Microsoft, Rust, and Memory Safety New TLDs OAuth OpenSSF and OWASP In the news, repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-265
We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? Here are a few headline topics that have alternately generated yays and yawns. CISA's Secure by Design and Secure by Default CVSS 4.0 Generative AI MFA mandates Microsoft, Rust, and Memory Safety New TLDs OAuth OpenSSF and OWASP In the news, repetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more! Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw-265
Inoffensive in every region of the world Hello, again. My name is Trey. This is part 2 of a 6 part series related to information security podcasts. To recap Why am I recording this series? "What podcasts you listen to" was on the list of recommended topics I am passionate about information security We desperately need people to fill infosec jobs in many different specialties Infosec is a rapidly changing field, and it is critical to stay current As a result I listen to TONS of infosec related podcasts Because there are so many podcasts to list, I have broken them down into 6 different episodes based on topics: Part 1 – News & Current Events Part 2 – General Information Security Part 3 - Career & Personal Development Part 4 – Social Engineering Part 5 - Hacks & Attacks Technical Information & Learning Infosec Community / Social / History Part 6 – Infosec Leadership Part 2 General Information Security Caveat – Dave Bittner & Ben Yelin (Weekly) Weekly discussion of cybersecurity law and policy, with a particular focus on surveillance and digital privacy https://thecyberwire.com/podcasts/caveat.html Defense in Depth - David Spark & Guests (Weekly) Weekly podcast digging deeper into a currently trending infosec topic https://cisoseries.com/subscribe-podcast/ Recorded Future - Dave Bittner & Recorded Future (Weekly) A weekly podcast about practical applications of security intelligence https://www.recordedfuture.com/resources/podcast/ Brakeing Down Security - Bryan Brake, Brian Boettcher, and Amanda Berlin (Weekly) A weekly discussion of current infosec topics and events Covers concepts that aspiring Information Security Professionals need to know, or refresh the memories of the seasoned veterans. https://www.brakeingsecurity.com/ Down the Security Rabbit Hole - Rafal Los (Weekly) A weekly interview based podcast discussing various challenges of implementing infosec http://podcast.wh1t3rabbit.net/ Security Weekly Podcast Network - Network of shows with various hosts A collection of podcasts including: Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, Security & Compliance Weekly, Security Weekly News, Tradecraft Security Weekly, & Secure Digital Life. Interesting and diverse discussions. Warning: Discussions sometimes promote the consumption of alcohol and smoking cigars These podcasts are long https://securityweekly.com/ Security Stories - Cisco with Hazel Burton, Ben Nahorney, & Noureen Njoroge (Weekly) A unique weekly interview-based podcast by sponsored by Cisco focusing on infosec stories https://www.cisco.com/c/en/us/products/security/securitystories.html The Confident Defense Podcast - Conor Sherman (Weekly) Interviews with influential and inspirational people in all areas of security https://linktr.ee/ConfidentDefense Open Source Security Podcast - Kurt Seifried & Josh Bressers (Weekly) Lighthearted discussions of information security topics related to open source https://opensourcesecurity.io/category/podcast/ See? I told you I listen to lots of podcasts! I hope that this episode has introduced you to some new sources of information. Give some of them a try, and I would love to get your feedback. The next episode will be about Information Security Careers & Personal Development Thank you for listening.
Today's guest, Mike Shema, is no stranger to podcasts. As the host of the Application Security Weekly show, he has firsthand insights into the trends and movements in the industry. When he is not on air, Mike works with developers at Square to protect applications, their data, and their users. With a broad range of AppSec experience, from manual security testing to building a commercial web scanner and helping teams build secure products, he has seen it all. In this episode, we hear about Mike's moderator role at Square and how it ties into the organization's engineering-biased security approach. We learn about their partnership strategy, how they split up cloud and governance security, and the benefits of specialist teams. Mike candidly shares how his empathy for developers has grown over the years, and as such, he is cognizant of not playing the gatekeeper role. The conversation goes to tooling, where Mike sheds light on his ‘why bother?' addition to the age-old question of whether to build or buy. Moving away from his work at Square, we then take a look at some of the industry developments he has picked up on as a podcast host himself. He talks about how developers have leapfrogged security teams over the past few years and why this is a good thing for the industry. Be sure to tune in to hear this and much more.
This week, we have the pleasure to welcome back Keith Hoodlet, Senior Manager, Application Experience at Thermo Fisher Scientific, and former Host of Application Security Weekly, to discuss how Security Is a Feature! In the Application Security News, China's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software from multiple vendors, and CVE naming turns into wibbly wobbly timey wimey stuff! Show Notes: https://wiki.securityweekly.com/asw129 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we have the pleasure to welcome back Keith Hoodlet, Senior Manager, Application Experience at Thermo Fisher Scientific, and former Host of Application Security Weekly, to discuss how Security Is a Feature! In the Application Security News, China's top hacking contest turns months of effort into 15 minutes of exploits, an injection flaw in GitHub Actions, understanding post-compromise activity in exploits targeting Solaris and VoIP, security and quality challenges in integrating software from multiple vendors, and CVE naming turns into wibbly wobbly timey wimey stuff! Show Notes: https://wiki.securityweekly.com/asw129 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
In this episode, we catch up with Keith Hoodlet (@securingdev) Senior Manager, Application Experience at Thermo Fisher Scientific. Keith has a strong background in application security and is the former host for 55 episodes on the Application Security Weekly podcast. I saw a tweet by Keith and wanted to dig deeper in that. The tweet was responding to Dino Dai Zovi who said "Security" as a single dimension of expertise increasingly makes no sense. Saying that you are a "security expert" is like saying you are a "computer expert." Computing is a part of everything we do and we don't isolate expertise on all of it within the "computers team.", Keith said "Agreed; in the same way that Ops became part of the Software Engineering team, we need Security to become part of the Software Engineering team. This is why I say that Security is a Feature, because features are: - Funded - Have time allocated to them - Are tested and maintained" We also walk through Keith's journey into the industry and also share advice to companies looking to mature their Application Security and DevSecOps. You can watch Keith's keynote talk at OWASP AppSec Day Melbourne 2018 https://www.youtube.com/watch?v=QT_omddhJzo&list=PLPvxR0i93gjQjrIJK0PdMdFkUbnHhRBRN&index=2&t=0s
What do you do if your ambition is to provide security for all the mobile apps in the world? You hire a data scientist! Machine Learning is more than just a buzz word, it is the science behind making decisions quickly and at scale. Catherine Chambers returns to Application Security Weekly with Irdeto's lead data scientist Will Hickie to describe how they turned Mobile Application Security into a data science problem, and what that means for your mobile app. To download the white paper, visit: https://securityweekly.com/irdeto Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode113
What do you do if your ambition is to provide security for all the mobile apps in the world? You hire a data scientist! Machine Learning is more than just a buzz word, it is the science behind making decisions quickly and at scale. Catherine Chambers returns to Application Security Weekly with Irdeto's lead data scientist Will Hickie to describe how they turned Mobile Application Security into a data science problem, and what that means for your mobile app. To download the white paper, visit: https://securityweekly.com/irdeto Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode113
On this week’s show Patrick and Adam discuss the week’s security news, including: Facebook commissioned custom 0day to de-cloak child sex predator IP stack bugs to plague IoT, ICS for years Sandworm was doxxed by the NSA and hardly anyone noticed Congress demands answers on 2015 Juniper NetScreen back door investigation Amazon, Microsoft join moratorium on sale of facial recognition to police Much, much more This week’s show is brought to you by Signal Sciences. And instead of having one of their staff on the show, they nominated one of their customers to appear instead. So in this week’s sponsored segment we’re going to hear from Keith Hoodlet. Keith is currently the Senior Manager of Application Experience at Thermo Fisher Scientific, a $137 billion company. He built their appsec program and he’ll be along later on to talk through all of that. It’s a rapid-fire interview about how he was able to get started and make a dent quickly. Keith used to co-host the Application Security Weekly podcast and he’s worked for Bugcrowd and Veracode. He’s a cool guy, it’s a great interview, make sure you stick around for that one. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Facebook Helped the FBI Hack a Child Predator - VICE gov.uscourts.insd.77308.131.0.pdf Ripple20 vulnerabilities will haunt the IoT landscape for years to come | ZDNet Exclusive: Sandworm's Exim hacks reveal wider Russian activity - Risky Business Driving Discord through Disinformation and Disruption – Stranded on Pylos Wyden seeks details on spies' data protection after scathing CIA audit on Vault 7 leaks wyden-cybersecurity-lapses-letter-to-dni.pdf Congress asks Juniper for the results of its 2015 NSA backdoor investigation | ZDNet Wyden House Juniper Letter Juniper 'fesses up to TWO attacks from 'unauthorised code' • The Register Amazon Won’t Let Police Use Its Facial-Recognition Tech for One Year | WIRED Microsoft Won’t Sell Facial Recognition To American Cops After Protests (5) Richard Grenell on Twitter: "They should now be barred from federal government contracts - there should be consequences for not selling technology to police departments. @realDonaldTrump" / Twitter Research shows human rights activists in India were targeted with spyware Italian company exposed as a front for malware operations | ZDNet US intelligence bill takes aim at commercial spyware makers | TechCrunch Text - S.3905 - 116th Congress (2019-2020): Intelligence Authorization Act for Fiscal Year 2021 | Congress.gov | Library of Congress Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More | WIRED South African bank to replace 12m cards after employees stole master key | ZDNet Intel will soon bake anti-malware defenses directly into its CPUs | Ars Technica Arm CPUs impacted by rare side-channel attack | ZDNet Twitter bans 32k accounts pushing Chinese, Russian, and Turkish propaganda | ZDNet COVID-19 Tracking Apps ‘A Privacy Trash Fire’ As Norway Nixes Its Own Zoom Promises To Do Better After Banning Tiananmen Square Protests—Then Builds Tech To Help China’s Censorship Chinese users saw Zoom as a window through the 'Great Firewall' - Reuters Coder-Turned-Kingpin Paul Le Roux Gets His Comeuppance | WIRED Stalkerware detection rates are improving across antivirus products | ZDNet Lamphone attack lets threat actors recover conversations from your light bulb | ZDNet Hackers breached A1 Telekom, Austria's largest ISP | ZDNet Google email domains spoofed by SMTP exploit in G Suite | The Daily Swig Former eBay Employees Sent Cockroaches, Bloody Pig Mask to Mass. Couple In Harassment Campaign: US Attorney – NBC Boston
This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles. This discussion includes these topics: Proactive not Reactive; Preventative not Remedial, Privacy as the Default, Privacy Embedded into Design, Full Functionality - Positive-Sum, not Zero-Sum, End-to-End Security - Lifecycle Protection, Visibility and Transparency, Respect for User Privacy, and OWASP API Security Project. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode90
This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles! In the Application Security News, Featured Flaws and Big Breaches, Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs)! Show Notes: https://wiki.securityweekly.com/ASWEpisode90 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles! In the Application Security News, Featured Flaws and Big Breaches, Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs)! Show Notes: https://wiki.securityweekly.com/ASWEpisode90 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design - The 7 Foundational Principles. This discussion includes these topics: Proactive not Reactive; Preventative not Remedial, Privacy as the Default, Privacy Embedded into Design, Full Functionality - Positive-Sum, not Zero-Sum, End-to-End Security - Lifecycle Protection, Visibility and Transparency, Respect for User Privacy, and OWASP API Security Project. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode90
In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update tool set, and Java vs. Python: Which should you choose? So stay tuned, for Application Security Weekly! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode88
In the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update tool set, and Java vs. Python: Which should you choose? So stay tuned, for Application Security Weekly! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode88
Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about The state of container security in the enterprise. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!
Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, in the Application Security News, Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more! In our second segment, we welcome Murray Goldschmidt, COO & Co-founder of Sense of Security, to talk about The State of Container Security in the Enterprise! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, in the Application Security News, Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more! In our second segment, we welcome Murray Goldschmidt, COO & Co-founder of Sense of Security, to talk about The State of Container Security in the Enterprise! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Rare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!
Murray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about The state of container security in the enterprise. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!
SupPy Chain Malware - Detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, Enables Tracking on Windows 10, iOS & macOS Devices, 2019 Global Developer Report: DevSecOps finds security roadblocks divide teams and GitLab Survey Surfaces Major DevSecOps Challenges Ahead. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes!
SupPy Chain Malware - Detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, Enables Tracking on Windows 10, iOS & macOS Devices, 2019 Global Developer Report: DevSecOps finds security roadblocks divide teams and GitLab Survey Surfaces Major DevSecOps Challenges Ahead. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes!
This week, we welcome Ian Eyberg, CEO of NanoVMs! In the Application Security News, detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Ian Eyberg, CEO of NanoVMs! In the Application Security News, detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Ian Eyber is the CEO of NanoVMs. Unikernels are an emerging trend in software deployment because of their isolation, performance and size. However they are still very much new so it's good to learn what benefits they bring and what their current drawbacks are. Listeners might be surprised to learn how many unikernel implementations there are and what organizations are actively using them. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes!
Ian Eyber is the CEO of NanoVMs. Unikernels are an emerging trend in software deployment because of their isolation, performance and size. However they are still very much new so it's good to learn what benefits they bring and what their current drawbacks are. Listeners might be surprised to learn how many unikernel implementations there are and what organizations are actively using them. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/asw for all the latest episodes!
Yes, the zoom thing, 50 Ways to Leak Your Data in 1,300 Popular Android Apps Access Data, Without Proper Permissions, GE Aviation exposed internal configs via open Jenkins instance, Preparing your enterprise to eliminate passwords, DevSecOps Survey Finds Failure to Communicate, What Quality Metrics Matter Most for DevOps? Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly
Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj is coming on the show to discuss security in multi-cloud environments. To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly
Yes, the zoom thing, 50 Ways to Leak Your Data in 1,300 Popular Android Apps Access Data, Without Proper Permissions, GE Aviation exposed internal configs via open Jenkins instance, Preparing your enterprise to eliminate passwords, DevSecOps Survey Finds Failure to Communicate, What Quality Metrics Matter Most for DevOps? Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, we welcome Gururaj Pandurangi, Founder and CEO of Cloudneeti, to discuss Security in Multi-Cloud Environments! In the Application Security News, yes, the Zoom thing, 50 ways to leak your data in 1,300 popular Android apps access data, without proper permissions, GE Aviation exposed internal configs via open Jenkins instance, and more! To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome Gururaj Pandurangi, Founder and CEO of Cloudneeti, to discuss Security in Multi-Cloud Environments! In the Application Security News, yes, the Zoom thing, 50 ways to leak your data in 1,300 popular Android apps access data, without proper permissions, GE Aviation exposed internal configs via open Jenkins instance, and more! To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Visit our website: https://www.securityweekly.com Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Gururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj is coming on the show to discuss security in multi-cloud environments. To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly
WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly
WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly
Mike Shema, John Kinsella, and Matt Alderman talk cloud native from an application perspective. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Mike Shema, John Kinsella, and Matt Alderman talk Cloud Native from an application perspective! In the Application Security News, WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Mike Shema, John Kinsella, and Matt Alderman talk cloud native from an application perspective. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Mike Shema, John Kinsella, and Matt Alderman talk Cloud Native from an application perspective! In the Application Security News, WordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly
Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs! In the Application Security News, GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, and Developers and Security Teams Under Pressure to Collaborate! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, Developers and Security Teams Under Pressure to Collaborate! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly
This week, Mike Shema, John Kinsella, & Matt Alderman discuss security training for Devs! In the Application Security News, GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, and Developers and Security Teams Under Pressure to Collaborate! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
GKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, Developers and Security Teams Under Pressure to Collaborate! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly
API are now over 80% of the HTTP traffic and enterprise application breaches through compromised APIs are mounting!. A guide to API Security. They also discuss Public VS Private APIs and if the best practice should be segregation of the two. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly
Mozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly
API are now over 80% of the HTTP traffic and enterprise application breaches through compromised APIs are mounting!. A guide to API Security. They also discuss Public VS Private APIs and if the best practice should be segregation of the two. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly