Podcasts about invicti

Play Episode Listen Later Jun 28, 2023 74:56

Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who brought together Acunetix and Netsparker, analyzes common web application vulns across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of vulnerability trends from automated scan results. In this talk, Invicti Director of Product Patrick Vandenberg shares a deep dive into the trends currently impacting AppSec programs and discusses some of the best practices that will help organizations achieve efficiencies in their programs. Segment Resources: - [AppSec Indicator Spring 2023 edition | Invicti](https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_CRA-ASW-Jun2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand) This segment is sponsored by Invicti. Visit [securityweekly.com/invicti](https://securityweekly.com/invicti) to learn more about them! In the news, two XSS vulns via postMessage methods in Azure, how to choose (and move on from) a web research topic, OpenSSF finances a security developer-in-residence for Python, more infosec myths, free cybersecurity training resources. Visit [securityweekly.com/asw](https://securityweekly.com/asw) for all the latest episodes! Follow us on Twitter: [@SecWeekly](https://www.twitter.com/secweekly) Like us on Facebook: [facebook.com/secweekly](https://www.facebook.com/secweekly) Visit https://securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-245

vulnerability best practices python azure vandenberg appsec xss openssf invicti netsparker acunetix

Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245

Play Episode Listen Later Jun 28, 2023 74:56

Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who brought together Acunetix and Netsparker, analyzes common web application vulns across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of vulnerability trends from automated scan results. In this talk, Invicti Director of Product Patrick Vandenberg shares a deep dive into the trends currently impacting AppSec programs and discusses some of the best practices that will help organizations achieve efficiencies in their programs. Segment Resources: - [AppSec Indicator Spring 2023 edition | Invicti](https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_CRA-ASW-Jun2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand) This segment is sponsored by Invicti. Visit [securityweekly.com/invicti](https://securityweekly.com/invicti) to learn more about them! In the news, two XSS vulns via postMessage methods in Azure, how to choose (and move on from) a web research topic, OpenSSF finances a security developer-in-residence for Python, more infosec myths, free cybersecurity training resources. Visit [securityweekly.com/asw](https://securityweekly.com/asw) for all the latest episodes! Follow us on Twitter: [@SecWeekly](https://www.twitter.com/secweekly) Like us on Facebook: [facebook.com/secweekly](https://www.facebook.com/secweekly) Visit https://securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-245

vulnerability best practices python azure vandenberg appsec xss openssf invicti netsparker acunetix

Invicti AppSec Indicator: Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245

Play Episode Listen Later Jun 27, 2023 37:15

Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who brought together Acunetix and Netsparker, analyzes common web application vulns across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of vulnerability trends from automated scan results. In this talk, Invicti Director of Product Patrick Vandenberg shares a deep dive into the trends currently impacting AppSec programs and discusses some of the best practices that will help organizations achieve efficiencies in their programs. Segment Resources: AppSec Indicator Spring 2023 edition: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_CRA-ASW-Jun2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand) This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-245

vulnerability best practices indicator vandenberg appsec invicti netsparker acunetix

Invicti AppSec Indicator: Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245

Play Episode Listen Later Jun 27, 2023 37:15

Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who brought together Acunetix and Netsparker, analyzes common web application vulns across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of vulnerability trends from automated scan results. In this talk, Invicti Director of Product Patrick Vandenberg shares a deep dive into the trends currently impacting AppSec programs and discusses some of the best practices that will help organizations achieve efficiencies in their programs. Segment Resources: AppSec Indicator Spring 2023 edition: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_CRA-ASW-Jun2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand) This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-245

vulnerability best practices indicator vandenberg appsec invicti netsparker acunetix

ASW #239 - Patrick Vandenberg, Karl Triebes, Francesco Cipollone

Play Episode Listen Later May 2, 2023 80:42

Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud security and application security is getting squeezed all together. Modern vulnerability maturity needs a new approach and guidance. Vulnerability management framework and mature defect management is often overlooked as organizations tend to identify issues and stop there. The devil is usually in the details and time gets burned down in identifying who needs to solve what where. Vulnerability Management Maturity Framework has been created to address that. Segment Resources: Framework: https://phoenix.security/vulnerability-management-framework/ Books on metrics: https://phoenix.security/whitepapers-resources/data-driven-application-security-vulnerability-management-are-sla-slo-dead/ Vulnerability aggregation and prioritization https://phoenix.security/whitepapers-resources/whitepaper-vulnerability-management-in-application-cloud-security/ Shift left: https://phoenix.security/shift-everywhere/ Vulnerability management talk: https://phoenix.security/web-vuln-management/ Vulnerability management framework playlist (explained) https://www.youtube.com/playlist?list=PLVlvQpDxsvqHWQfqej5Gs7bOd-cq8JO24 How to act on risk: https://phoenix.security/phoenix-security-act-on-risk-calculation/ Without visibility into your entire web application attack surface and a continuous find and fix strategy, dangerous threats can expose your organization's blind spots and create risk. Invicti analyzes common web application vulnerabilities across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of application vulnerability trends from automated scan results across regions. In this interview, Invicti's Patrick Vandenberg zooms in on the vulnerabilities plaguing organizations, providing insight into this year's report trends, and guidance on how CISOs and AppSec program leaders can create an environment for their teams that mitigates risk. Segment Resources: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_RSA-CRA-interview-2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand T his segment is sponsored by Invicti. Visit https://securityweekly.com/invictirsac to learn more about them! Flaws in the design and implementation of an application can create business logic vulnerabilities that allow attackers to manipulate legitimate functionality to achieve a malicious goal. What's more, API-related security incidents exploit business logic, the programming that manages communication between the application and the database. In this discussion, Karl Triebes shares what you need to know about business logic attacks to effectively protect against them. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw239

books modern shift cloud vulnerability application api flaws francesco cisos vandenberg appsec imperva cipollone invicti segment resources

Mitigating AppSec Risk with Systematic Testing and Effective Attack Mitigation - Karl Triebes, Patrick Vandenberg - ASW #239

Play Episode Listen Later May 2, 2023 28:43

Without visibility into your entire web application attack surface and a continuous find and fix strategy, dangerous threats can expose your organization's blind spots and create risk. Invicti analyzes common web application vulnerabilities across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of application vulnerability trends from automated scan results across regions. In this interview, Invicti's Patrick Vandenberg zooms in on the vulnerabilities plaguing organizations, providing insight into this year's report trends, and guidance on how CISOs and AppSec program leaders can create an environment for their teams that mitigates risk. Segment Resources: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_RSA-CRA-interview-2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand This segment is sponsored by Invicti. Visit https://securityweekly.com/invictirsac to learn more about them! Flaws in the design and implementation of an application can create business logic vulnerabilities that allow attackers to manipulate legitimate functionality to achieve a malicious goal. What's more, API-related security incidents exploit business logic, the programming that manages communication between the application and the database. In this discussion, Karl Triebes shares what you need to know about business logic attacks to effectively protect against them. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw239

risk attack testing api flaws systematic mitigating mitigation cisos vandenberg appsec imperva invicti segment resources

ASW #239 - Patrick Vandenberg, Karl Triebes, Francesco Cipollone

Play Episode Listen Later May 2, 2023 80:42

Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud security and application security is getting squeezed all together. Modern vulnerability maturity needs a new approach and guidance. Vulnerability management framework and mature defect management is often overlooked as organizations tend to identify issues and stop there. The devil is usually in the details and time gets burned down in identifying who needs to solve what where. Vulnerability Management Maturity Framework has been created to address that. Segment Resources: Framework: https://phoenix.security/vulnerability-management-framework/ Books on metrics: https://phoenix.security/whitepapers-resources/data-driven-application-security-vulnerability-management-are-sla-slo-dead/ Vulnerability aggregation and prioritization https://phoenix.security/whitepapers-resources/whitepaper-vulnerability-management-in-application-cloud-security/ Shift left: https://phoenix.security/shift-everywhere/ Vulnerability management talk: https://phoenix.security/web-vuln-management/ Vulnerability management framework playlist (explained) https://www.youtube.com/playlist?list=PLVlvQpDxsvqHWQfqej5Gs7bOd-cq8JO24 How to act on risk: https://phoenix.security/phoenix-security-act-on-risk-calculation/ Without visibility into your entire web application attack surface and a continuous find and fix strategy, dangerous threats can expose your organization's blind spots and create risk. Invicti analyzes common web application vulnerabilities across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of application vulnerability trends from automated scan results across regions. In this interview, Invicti's Patrick Vandenberg zooms in on the vulnerabilities plaguing organizations, providing insight into this year's report trends, and guidance on how CISOs and AppSec program leaders can create an environment for their teams that mitigates risk. Segment Resources: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_RSA-CRA-interview-2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand T his segment is sponsored by Invicti. Visit https://securityweekly.com/invictirsac to learn more about them! Flaws in the design and implementation of an application can create business logic vulnerabilities that allow attackers to manipulate legitimate functionality to achieve a malicious goal. What's more, API-related security incidents exploit business logic, the programming that manages communication between the application and the database. In this discussion, Karl Triebes shares what you need to know about business logic attacks to effectively protect against them. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw239

books modern shift cloud vulnerability application api flaws francesco cisos vandenberg appsec imperva cipollone invicti segment resources

Mitigating AppSec Risk with Systematic Testing and Effective Attack Mitigation - Karl Triebes, Patrick Vandenberg - ASW #239

Play Episode Listen Later May 2, 2023 28:43

Without visibility into your entire web application attack surface and a continuous find and fix strategy, dangerous threats can expose your organization's blind spots and create risk. Invicti analyzes common web application vulnerabilities across thousands of assets yearly and releases the Invicti AppSec Indicator for a holistic view of application vulnerability trends from automated scan results across regions. In this interview, Invicti's Patrick Vandenberg zooms in on the vulnerabilities plaguing organizations, providing insight into this year's report trends, and guidance on how CISOs and AppSec program leaders can create an environment for their teams that mitigates risk. Segment Resources: https://www.invicti.com/clp/appsec-indicator/?utm_medium=contentsyn&utm_source=sc_media&utm_campaign=i-syn_RSA-CRA-interview-2023&utm_content=230424-ga_spring-appsec-indicator&utm_term=brand This segment is sponsored by Invicti. Visit https://securityweekly.com/invictirsac to learn more about them! Flaws in the design and implementation of an application can create business logic vulnerabilities that allow attackers to manipulate legitimate functionality to achieve a malicious goal. What's more, API-related security incidents exploit business logic, the programming that manages communication between the application and the database. In this discussion, Karl Triebes shares what you need to know about business logic attacks to effectively protect against them. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw239

risk attack testing api flaws systematic mitigating mitigation cisos vandenberg appsec imperva invicti segment resources

ASW #234 - Frank Catucci

Play Episode Listen Later Mar 28, 2023 74:53

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti's CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a number of security aspects to consider, including security from the supply chain perspective, SBOMs, licensing, as well as risk mitigation, and risk assessment. Frank also covers some of the types of attacks that might happen as a result of utilizing AI-generated code, like intellectual property leaking via a prompt injection attack, data poisoning, etc. And lastly, Frank shares the Invicti security team's real-life experience of utilizing AI, including early successes and failures. Segment Resources: On-demand webinar on the topic of generative AI - https://www.scmagazine.com/cybercast/generative-ai-understanding-the-appsec-risks-and-how-dast-can-mitigate-them Invicti Research - https://www.invicti.com/blog/web-security/analyzing-security-github-copilot-suggestions/ - https://github.com/svenmorgenrothio/Prompt-Injection-Playground This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Ferrari refuses ransomware, OpenAI deals with security issues from cacheing, video killed a crypto ATM, GitHub rotates their RSA SSH key, bypassing CloudTrail, terms and techniques for measuring AI security and safety Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw234

head ai chatgpt ferrari openai atm github github copilot gtp sboms invicti

Real-life Examples. Benefits, Risk & Security Implications of AI - Frank Catucci - ASW #234

Play Episode Listen Later Mar 28, 2023 38:23

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti's CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a number of security aspects to consider, including security from the supply chain perspective, SBOMs, licensing, as well as risk mitigation, and risk assessment. Frank also covers some of the types of attacks that might happen as a result of utilizing AI-generated code, like intellectual property leaking via a prompt injection attack, data poisoning, etc. And lastly, Frank shares the Invicti security team's real-life experience of utilizing AI, including early successes and failures. Segment Resources: On-demand webinar on the topic of generative AI - https://www.scmagazine.com/cybercast/generative-ai-understanding-the-appsec-risks-and-how-dast-can-mitigate-them Invicti Research - https://www.invicti.com/blog/web-security/analyzing-security-github-copilot-suggestions/ - https://github.com/svenmorgenrothio/Prompt-Injection-Playground This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw234

head ai benefits risk security chatgpt implications github copilot real life examples gtp sboms invicti

ASW #234 - Frank Catucci

Play Episode Listen Later Mar 28, 2023 74:53

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti's CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a number of security aspects to consider, including security from the supply chain perspective, SBOMs, licensing, as well as risk mitigation, and risk assessment. Frank also covers some of the types of attacks that might happen as a result of utilizing AI-generated code, like intellectual property leaking via a prompt injection attack, data poisoning, etc. And lastly, Frank shares the Invicti security team's real-life experience of utilizing AI, including early successes and failures. Segment Resources: On-demand webinar on the topic of generative AI - https://www.scmagazine.com/cybercast/generative-ai-understanding-the-appsec-risks-and-how-dast-can-mitigate-them Invicti Research - https://www.invicti.com/blog/web-security/analyzing-security-github-copilot-suggestions/ - https://github.com/svenmorgenrothio/Prompt-Injection-Playground This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Ferrari refuses ransomware, OpenAI deals with security issues from cacheing, video killed a crypto ATM, GitHub rotates their RSA SSH key, bypassing CloudTrail, terms and techniques for measuring AI security and safety Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw234

head ai chatgpt ferrari openai atm github github copilot gtp sboms invicti

Real-life Examples. Benefits, Risk & Security Implications of AI - Frank Catucci - ASW #234

Robert Carrigan Album Reviews

Play Episode Listen Later Mar 28, 2023 38:23

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti's CTO & Head of Security Research Frank Catucci discusses potential use cases and talks through real-life examples of using AI in production environments. Frank delves into benefits, as well as security implications, touching on a number of security aspects to consider, including security from the supply chain perspective, SBOMs, licensing, as well as risk mitigation, and risk assessment. Frank also covers some of the types of attacks that might happen as a result of utilizing AI-generated code, like intellectual property leaking via a prompt injection attack, data poisoning, etc. And lastly, Frank shares the Invicti security team's real-life experience of utilizing AI, including early successes and failures. Segment Resources: On-demand webinar on the topic of generative AI - https://www.scmagazine.com/cybercast/generative-ai-understanding-the-appsec-risks-and-how-dast-can-mitigate-them Invicti Research - https://www.invicti.com/blog/web-security/analyzing-security-github-copilot-suggestions/ - https://github.com/svenmorgenrothio/Prompt-Injection-Playground This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw234

head ai benefits risk security chatgpt implications github copilot real life examples gtp sboms invicti

Invicti

Play Episode Listen Later Feb 22, 2023 39:40

My interview with the band discussing the new album and much more! --- Support this podcast: https://podcasters.spotify.com/pod/show/robert-carrigan/support

invicti

TubbTalk 121: Application Security: What MSPs and MSSPs Should Know for Success

TubbTalk - The Podcast for IT Consultants

Play Episode Listen Later Jan 29, 2023 58:24

In this episode, Richard talks to Michael George, CEO of Invicti Security. They're an accurate automated application security testing platform that scales like no other solution.Michael tells Richard about his past experience of leading Continuum, and what the buyout and merger process was like. He also explains what led him to found Invicti, and how the business helps MSPs. They talk about the importance of a positive company culture and how Michael and the Invicti team build and nurture theirs. Michael also explains the organisation's relationship with the wider cybersecurity company and how it fits in to the MSP market.Richard asks Michael why he thinks that application security testing is so important in modern cybersecurity, the practicalities of solution consolidation in cybersecurity, and how Invicti helps MSPs manage risk in a scalable way.They also look at the good and the bad when it comes to private equity funding for MSP vendors and how to spot red flags, what's next for Invicti and what's next for Michael – including mountain climbing.Mentioned in This EpisodeInvictiConnectWiseJiraJenkinsServiceNowA3Sec SASSmart Solution Consulting GmbHMonogoBulletproofKaseyaLinuxSummit Partners (growth equity firm)Book: David Foster Wallace: Infinite JestDavid Foster Wallace Kenyon College commencement address: This is WaterInvicti's AppSec Indicator reportInvicti's MSSP ProgramInvicti Resources Library

ceo success continuum msp msps application security mssps michael george invicti invicti security

The CyBUr Guy Podcast Ep. 84 - Application Vulnerability Scanning Discussion at the 2022 National Cyber Summit

The CyBUr Guy Podcast

Play Episode Listen Later Nov 6, 2022 41:28

In Episode 84 I interviewed Rusty Sides and Eric Friese of Checkmarx and Ted Rutcsh of Invicti about Application Vulnerability Scanning at the 2022 National Cyber Summit from Huntsville. Before the interviews I go on a slight rant about an NY Times editorial called "Why the FBI is so Far Behind in Cybercrime" (Opinion | Why the F.B.I. Is So Far Behind on Cybercrime - The New York Times (nytimes.com). Needless to say, I have thoughts... Give a listen, tell a friend. Check out the companies interviewed on this episode at www.checkmarx.com and www.invicti.com

new york times national fbi vulnerability summit application cyber needless huntsville scanning far behind checkmarx invicti

Shifting Left Probably Left You Vulnerable. Here's How You Can Make it Right. - Sonali Shah - ASW #211

Play Episode Listen Later Sep 14, 2022 36:54

Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this talk, Invicti's Chief Product Officer Sonali Shah discusses the challenges and misunderstandings around shifting left, and provides tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw211

left shifting vulnerable shah make it right sonali invicti

Shifting Left Probably Left You Vulnerable. Here's How You Can Make it Right. - Sonali Shah - ASW #211

Play Episode Listen Later Sep 14, 2022 36:54

Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this talk, Invicti's Chief Product Officer Sonali Shah discusses the challenges and misunderstandings around shifting left, and provides tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw211

left shifting vulnerable shah make it right sonali invicti

ASW #211 - Sonali Shah

Play Episode Listen Later Sep 13, 2022 77:34

Go releases their own curated vuln management resources, OSS-Fuzz finds command injection, Microsoft gets rid of Basic Auth in Exchange, NSA provides guidance on securing SDLC practices, reflections on pentesting, comments on e2e Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this talk, Invicti's Chief Product Officer Sonali Shah discusses the challenges and misunderstandings around shifting left, and provides tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw211

microsoft shifting exchange shah nsa sonali sdlc invicti

ASW #211 - Sonali Shah

Play Episode Listen Later Sep 13, 2022 77:34

Go releases their own curated vuln management resources, OSS-Fuzz finds command injection, Microsoft gets rid of Basic Auth in Exchange, NSA provides guidance on securing SDLC practices, reflections on pentesting, comments on e2e Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this talk, Invicti's Chief Product Officer Sonali Shah discusses the challenges and misunderstandings around shifting left, and provides tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw211

microsoft shifting exchange shah nsa sonali sdlc invicti

Ransomware groups continue to shift identities and targets. Assessments of the cyber phases of a hybrid war. Is wartime tough for criminals? Anonymous counts coup…against Moscow's taxis.

The CyberWire

Play Episode Listen Later Sep 2, 2022 29:50

REvil (or an impostor, or successor) may be back. A Paris-area medical center continues to work to recover from cyber extortion. An assessment of Russian failure (or disinclination) to mount effective cyber campaigns. Cyber criminals find wartime to be a tough time. Josh Ray from Accenture looks at cyber threats to the rail industry. Our guest is Dan Murphy of Invicti making the case that not all vulnerabilities are created equal. And Yandex Taxi's app was hacked in a nuisance attack. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/170 Selected reading. REvil says they breached electronics giant Midea Group (Cybernews) Paralysed French hospital fights cyber attack as hackers lower ransom demand (RFI) French hospital hit by $10M ransomware attack, sends patients elsewhere (BleepingComputer) Hacks tied to Russia and Ukraine war have had minor impact, researchers say (The Record by Recorded Future) Getting Bored of Cyberwar: Exploring the Role of the Cybercrime Underground in the Russia-Ukraine Conflict (arXiv:2208.10629v2) Why Russia's cyber war in Ukraine hasn't played out as predicted (New Atlas) Cyber key in Ukraine war, says spy chief (The Canberra Times) Montenegro Sent Back to Analog by Unprecedented Cyber Attacks (Balkan Insight) Montenegro blames criminal gang for cyber attacks on government (EU Reporter) Ransomware Attack Sends Montenegro Reaching Out to NATO Partners (Bloomberg) “I'm tired of living in poverty” – Russian-Speaking Cyber Criminals Feeling the Economic Pinch (Digital Shadows) Yandex Taxi hack creates huge traffic jam in Moscow (Cybernews) Anonymous hacked Russia's largest taxi firm and caused a massive traffic jam (Daily Star)

How to Build a Successful Continuous Application Security Program - Ferruh Mavituna - ASW #205

Play Episode Listen Later Jul 29, 2022 36:48

Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw205

continuous pressured application security security program appsec invicti invicti security ferruh mavituna

How to Build a Successful Continuous Application Security Program - Ferruh Mavituna - ASW #205

Play Episode Listen Later Jul 29, 2022 36:48

Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw205

continuous pressured application security security program appsec invicti invicti security ferruh mavituna

ASW #205 - Ferruh Mavituna

Play Episode Listen Later Jul 25, 2022 76:47

Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises. Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw205

dirty dancing pressured vuln oauth appsec atlassian confluence invicti invicti security ferruh mavituna

How to Build a Successful Continuous Application Security Program - Ferruh Mavituna - ASW #205

Play Episode Listen Later Jul 25, 2022 36:47

Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw205

continuous pressured application security security program appsec invicti invicti security ferruh mavituna

ASW #205 - Ferruh Mavituna

Play Episode Listen Later Jul 25, 2022 76:47

Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises. Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw205

dirty dancing pressured vuln oauth appsec atlassian confluence invicti invicti security ferruh mavituna

ASW #200 - Keith Hoodlet

Play Episode Listen Later Jul 8, 2022 68:25

HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134 Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that everything is connected, and everyone is vulnerable. In today's world, security resilience is imperative, and Cisco believes it requires an open, unified security platform that crosses hybrid multi-cloud environments. Our vision for the Cisco Security Cloud will reshape the way organizations approach and protect the integrity of the entire IT ecosystem. Segment Resources: Cisco Security Resilience: https://www.cisco.com/c/en/us/products/security/security-resilience.html This segment is sponsored by Cisco. Visit https://securityweekly.com/cisco to learn more about them! The Culture Blindspot: Harmonizing DevSecOps Helps Curb Burnout Recent data shows that security and development teams are still stressed, and they're taking that stress home with them. Not only are they spending unnecessary hours addressing security issues that they could have otherwise prevented with modern tools and best practices, but also these teams are taking time out of their personal lives during holidays and on weekends to manage critical issues, contributing to burnout and ultimately churn. There's good news, though: relationships between security and development are steadily improving, and with the right support and modern tooling at hand, you can transform the lives of cybersecurity professionals while also boosting your organization's security posture, too. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw200

cisco professional development career advice cloudflare invicti keithhoodlet segment resources

ASW #200 - Keith Hoodlet

Play Episode Listen Later Jul 8, 2022 68:25

HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134 Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that everything is connected, and everyone is vulnerable. In today's world, security resilience is imperative, and Cisco believes it requires an open, unified security platform that crosses hybrid multi-cloud environments. Our vision for the Cisco Security Cloud will reshape the way organizations approach and protect the integrity of the entire IT ecosystem. Segment Resources: Cisco Security Resilience: https://www.cisco.com/c/en/us/products/security/security-resilience.html This segment is sponsored by Cisco. Visit https://securityweekly.com/cisco to learn more about them! The Culture Blindspot: Harmonizing DevSecOps Helps Curb Burnout Recent data shows that security and development teams are still stressed, and they're taking that stress home with them. Not only are they spending unnecessary hours addressing security issues that they could have otherwise prevented with modern tools and best practices, but also these teams are taking time out of their personal lives during holidays and on weekends to manage critical issues, contributing to burnout and ultimately churn. There's good news, though: relationships between security and development are steadily improving, and with the right support and modern tooling at hand, you can transform the lives of cybersecurity professionals while also boosting your organization's security posture, too. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw200

cisco professional development career advice cloudflare invicti keithhoodlet segment resources

RSAC Micro Interviews - Cisco & Invicti Security - Jeetu Patel, Sonali Shah - ASW #200

Play Episode Listen Later Jun 14, 2022 31:50

Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that everything is connected, and everyone is vulnerable. In today's world, security resilience is imperative, and Cisco believes it requires an open, unified security platform that crosses hybrid multi-cloud environments. Our vision for the Cisco Security Cloud will reshape the way organizations approach and protect the integrity of the entire IT ecosystem. Segment Resources: Cisco Security Resilience: https://www.cisco.com/c/en/us/products/security/security-resilience.html This segment is sponsored by Cisco. Visit https://securityweekly.com/cisco to learn more about them! The Culture Blindspot: Harmonizing DevSecOps Helps Curb Burnout Recent data shows that security and development teams are still stressed, and they're taking that stress home with them. Not only are they spending unnecessary hours addressing security issues that they could have otherwise prevented with modern tools and best practices, but also these teams are taking time out of their personal lives during holidays and on weekends to manage critical issues, contributing to burnout and ultimately churn. There's good news, though: relationships between security and development are steadily improving, and with the right support and modern tooling at hand, you can transform the lives of cybersecurity professionals while also boosting your organization's security posture, too. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw200

security micro cisco shah sonali rsac jeetu patel invicti invicti security

RSAC Micro Interviews - Cisco & Invicti Security - Jeetu Patel, Sonali Shah - ASW #200

The BragWorthy Culture Podcast

Play Episode Listen Later Jun 14, 2022 31:50

Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that everything is connected, and everyone is vulnerable. In today's world, security resilience is imperative, and Cisco believes it requires an open, unified security platform that crosses hybrid multi-cloud environments. Our vision for the Cisco Security Cloud will reshape the way organizations approach and protect the integrity of the entire IT ecosystem. Segment Resources: Cisco Security Resilience: https://www.cisco.com/c/en/us/products/security/security-resilience.html This segment is sponsored by Cisco. Visit https://securityweekly.com/cisco to learn more about them! The Culture Blindspot: Harmonizing DevSecOps Helps Curb Burnout Recent data shows that security and development teams are still stressed, and they're taking that stress home with them. Not only are they spending unnecessary hours addressing security issues that they could have otherwise prevented with modern tools and best practices, but also these teams are taking time out of their personal lives during holidays and on weekends to manage critical issues, contributing to burnout and ultimately churn. There's good news, though: relationships between security and development are steadily improving, and with the right support and modern tooling at hand, you can transform the lives of cybersecurity professionals while also boosting your organization's security posture, too. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw200

security micro cisco shah sonali rsac jeetu patel invicti invicti security

”Building a Pandemic-Proof Culture” Mark Ralls, Invicti

Play Episode Listen Later Jun 1, 2022 32:14

On this episode of the BragWorthy Culture Podcast, Jordan talks with Mark Ralls, President and COO at Invicti Security. Invicti has been an Applications Security leader for more than 15 years and enables organizations in every industry to continuously scan and secure all of their web apps and APIs, regardless of platform. Invicti provides proof of any vulnerabilities so the client doesn't have to spend time verifying them. Invicti's HQ is in Austin, Texas, and it serves more than 3,500 organizations. Throughout his career, Mark has had the opportunity to build and manage teams and coax great work out of them. He shares hiring tips (he loves candidates that are “his kind of crazy”), the importance of diversity (“the more diverse your team is, the better performing it will be”), what Covid-19 triggered for Invicti (revealed that they were true to their values), and why he thinks it should be called the Great Reckoning, not the Great Resignation. Looking to build your own BragWorthy Culture? Fringe can help. Fringe is the number one lifestyle benefits platform. Give your people the power of choice and save a ton of administrative headaches by consolidating existing vendors and programs into a simple, automated platform. Contact us at https://fringe.us/

covid-19 texas president culture pandemic coo proof hq great resignation fringe apis invicti invicti security

Alboino e i Longobardi con Matteo Grudina, Invicti Lupi (ep.10)

Storia d'Italia Extra

Play Episode Listen Later May 30, 2022 128:41

In questo episodio, parlo con Matteo Grudina, un grande rievocatore del Friuli che è tra gli iniziatori della nuova ondata di attenzione e ricerca sui Longobardi. Il suo gruppo di rievocatori – gli Invicti Lupi – è conosciuto in tutta Italia e all'estero. Come ci spiegherà Matteo, la frequentazione di luoghi e gruppi rievocativi oltralpe gli ha dato l'ispirazione per sognare in grande: con gli Invicti Lupi, un team di collaboratori – tra i quali il nostro Nicola Bergamo, che ho già intervistato, ricordate? – il regista Simone Vrech ha dato vita al documentario “Langobardi – Alboino e Romans”. Un documentario che è stato presentato sul programma della RAI di Alessandro Barbero – A.c D.c – e che sta mietendo successi in tutto il mondo. Ma Matteo ha anche altri obiettivi di rievocazione, come la costruzione del primo villaggio longobardo. Ce ne parla in questa bella diretta che abbiamo fatto assieme, buon ascolto! ---Per sostenere il podcast: www.patreon.com/italiastoria---Per sapere come acquistare il documentario "Langobardi - Alboino e Romans"http://www.invictilupi.org/?page_id=2317 Hosted on Acast. See acast.com/privacy for more information.

romans acast italia rai lupi friuli longobardi invicti

Invicti Solis: The Rise of The Unconquered Sun by Gary Bryant

WebTalkRadio.net

Play Episode Listen Later May 26, 2022

Invicti Solis addresses the most important questions that perplex postmodern humanity and civilization-and in so doing points the way toward the authentic destiny of both. · How can we discover the true heart’s desire in the thicket of conflicting desires that bid for our attention? · How can we discover absolute or objective truth in an age that […] The post Invicti Solis: The Rise of The Unconquered Sun by Gary Bryant appeared first on WebTalkRadio.net.

solis webtalkradio invicti unconquered sun

Invicti Solis: The Rise of The Unconquered Sun by Gary Bryant

WebTalkRadio.net » Books On Air

Play Episode Listen Later May 26, 2022 24:46

Invicti Solis addresses the most important questions that perplex postmodern humanity and civilization-and in so doing points the way toward the authentic destiny of both. · How can we discover the true heart’s desire in the thicket of conflicting desires that bid for our attention? · How can we discover absolute or objective truth in an age that […] The post Invicti Solis: The Rise of The Unconquered Sun by Gary Bryant appeared first on WebTalkRadio.net.

solis webtalkradio invicti unconquered sun

Authentication Vulnerabilities - PSW #720

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Dec 4, 2021 37:40

Sven will present common vulnerabilities and issues that arise when implementing authentication and authorization in web applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw720

sven vulnerabilities authentication invicti

Authentication Vulnerabilities - PSW #720

Play Episode Listen Later Dec 3, 2021 37:40

Sven will present common vulnerabilities and issues that arise when implementing authentication and authorization in web applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw720

sven vulnerabilities authentication invicti

How Does Pokemon GO Automate? TGNS20

TestGuild News Show

Play Episode Listen Later Nov 1, 2021 10:00

Want to know how to do QA testing in the cloud. How does Pokémon go scale to millions of requests? And why is the next generation of application security needed? Find out, the answers to these and all other end and full stack pipeline DevOps automation, testing, performance, testing, security testing, in this episode of the TestGuild new show for the week of October 31st. TIME-STAMPED SHOW NOTES: 00:23 Sponsored by Applitools 00:54 QA Cloud Testing Adrian Brociek Azimo 01:50 Prepare QA Teams for Automation Julia Pottinger 02:37 Postman survey from a Testers Beth Marshall view 03:18 TestAutomationU Angie Jones 100,000 testers! 04:01 Cypress.io new release 04:37 Automation Trends for 2022 05:08 Roblox #SRE performance issues Stephen Townshend 06:46 The Pokémon Company International Priyanka Vergadia James Prompanya 07:47 Autonomous Security Testing David Brumley ForAllSecure, Inc #appsecurity 08:33 625 Million Invicti Security Links mentioned in Today's Episode: *** Applitools free account: https://rcl.ink/xroZw *** 1. https://link.medium.com/hbJCo65bMkb 2. Julia https://bit.ly/3jVZvH5 3. Beth https://bit.ly/3jWIPiK 4. TAU https://prn.to/3GCHgAl 5. Cypress https://bit.ly/3nNEjEf 6. 2022 Trends: https://bit.ly/3nGGIjW 7. Roblox https://bit.ly/2ZIVwa6 8. Pokemon https://bit.ly/31fmoi5 9. Autonomous Security https://bit.ly/3mwwV0K 10. Invicti: https://bit.ly/2ZLMPeU Leave Some - Feedback Did you enjoy this episode? If so, please leave a short review Connect with Us: TestGuild.com AutomationGuild.com YouTube @joecolantonio @testguilds

pokemon pok pokemon go automate roblox qa devops postman cypress tau applitools invicti

Piiano, Scanning Your Eyes, Rainbow Unicorns, Netflix Execs, & Yeast Milk - ESW #248

Enterprise Security Weekly (Video)

Play Episode Listen Later Oct 30, 2021 44:30

In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, A silicon valley entrepreneur wants to scan your eyes, All that and don't forget to stick around for the squirrel story on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw248

netflix milk privacy unicorns rainbow exec devo yeast scanning new us transunion dragos invicti enterprise security weekly enterprise security news

Piiano, Scanning Your Eyes, Rainbow Unicorns, Netflix Execs, & Yeast Milk - ESW #248

Play Episode Listen Later Oct 29, 2021 44:30

In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, A silicon valley entrepreneur wants to scan your eyes, All that and don't forget to stick around for the squirrel story on this episode of Enterprise Security Weekly! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw248

netflix milk privacy unicorns rainbow exec devo yeast scanning new us transunion dragos invicti enterprise security weekly enterprise security news

World Chocolate Day - ESW #248

Enterprise Security Weekly (Audio)

Play Episode Listen Later Oct 29, 2021 122:38

This week, we welcome Jamie Moles, Senior Technical Marketing Manager at ExtraHop, to discuss Decrypt As If Your Security Depends On It! In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, and a silicon valley entrepreneur wants to scan your eyes! In the final segment, we spoke with Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups! Show Notes: https://securityweekly.com/esw248 Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

chocolate privacy vc devo new us transunion dragos extrahop world chocolate day invicti forgepoint enterprise security news

World Chocolate Day - ESW #248

Play Episode Listen Later Oct 29, 2021 122:38

This week, we welcome Jamie Moles, Senior Technical Marketing Manager at ExtraHop, to discuss Decrypt As If Your Security Depends On It! In the Enterprise Security News, Devo, Dragos, Cato Networks and Aura have all announced $200m or larger funding rounds, TransUnion acquires Sontiq for $638m, Summit Partners acquires Invicti for $625m, Privacy engineering startup Piiano emerges, from stealth mode, Will cybersecurity funding top $20bn for 2021, New US spyware export rules, and a silicon valley entrepreneur wants to scan your eyes! In the final segment, we spoke with Will Lin, co-founder of Forgepoint, one of the few VC firms that exclusively invests in cybersecurity startups! Show Notes: https://securityweekly.com/esw248 Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

chocolate privacy vc devo new us transunion dragos extrahop world chocolate day invicti forgepoint enterprise security news

GraphQL - Sven Morgenroth - PSW #714

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Oct 16, 2021

Sven will talk about GraphQL APIs. He is going to show common issues that arise from its usage and how to attack GraphQL applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw714

sven graphql graphql apis invicti sven morgenroth

GraphQL - Sven Morgenroth - PSW #714

Play Episode Listen Later Oct 15, 2021

Sven will talk about GraphQL APIs. He is going to show common issues that arise from its usage and how to attack GraphQL applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw714

sven graphql graphql apis invicti sven morgenroth

Space Force - PSW #714

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Oct 15, 2021 196:49

This week, we kick off the show with an interview featuring Zach Wasserman, CTO & Co-Founder of Fleet, who joins us to discuss Open Source Endpoint Security with OSquery & Fleet! Then, Sven Morgenroth, Security Researcher at Invicti, joins us for a technical segment on GraphQL!! In the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school,, refusing bug bounties in favor of disclosure, Apple still treats researchers like dog poo, prosecuting people for reading HTML, giving up on security and a high school hacking prank that never wants to give you up and won't let you down! Show Notes: https://securityweekly.com/psw714 Segment Resources: Visit https://securityweekly.com/invicti to learn more about them! https://osquery.io https://fleetdm.com Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

apple co founders space force fleet html graphql security researcher invicti ai hunter sven morgenroth

Space Force - PSW #714

Play Episode Listen Later Oct 15, 2021 196:49

This week, we kick off the show with an interview featuring Zach Wasserman, CTO & Co-Founder of Fleet, who joins us to discuss Open Source Endpoint Security with OSquery & Fleet! Then, Sven Morgenroth, Security Researcher at Invicti, joins us for a technical segment on GraphQL!! In the Security News: Following the ransomware money, the Mystery Snail, school cybersecurity is the law, sue anyone, just not security researchers, "hacking" a flight school,, refusing bug bounties in favor of disclosure, Apple still treats researchers like dog poo, prosecuting people for reading HTML, giving up on security and a high school hacking prank that never wants to give you up and won't let you down! Show Notes: https://securityweekly.com/psw714 Segment Resources: Visit https://securityweekly.com/invicti to learn more about them! https://osquery.io https://fleetdm.com Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

apple co founders space force fleet html graphql security researcher invicti ai hunter sven morgenroth

Web Asset Discovery in Application Security - Tolga Kayas - ESW #242

Enterprise Security Weekly (Video)

Play Episode Listen Later Sep 16, 2021 29:37

Large organizations develop hundreds of new web applications every year. Some of those deployments are lost in time, and others go wild with high severity vulnerabilities. Forgotten and outdated web applications are a common culprit of successful hack attacks. What can you do to protect your organization? Let's talk about the first step to securing web applications - continuous web asset discovery. Segment Resources: https://www.acunetix.com/blog/docs/benefits-of-web-asset-discovery/ https://www.netsparker.com/features/continous-web-asset-discovery-engine/ This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw242

discovery large forgotten asset application security tolga invicti segment resources

Web Asset Discovery in Application Security - Tolga Kayas - ESW #242

Play Episode Listen Later Sep 15, 2021 29:37

Large organizations develop hundreds of new web applications every year. Some of those deployments are lost in time, and others go wild with high severity vulnerabilities. Forgotten and outdated web applications are a common culprit of successful hack attacks. What can you do to protect your organization? Let's talk about the first step to securing web applications - continuous web asset discovery. Segment Resources: https://www.acunetix.com/blog/docs/benefits-of-web-asset-discovery/ https://www.netsparker.com/features/continous-web-asset-discovery-engine/ This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw242

discovery large forgotten asset application security tolga invicti segment resources

Shifting Left Probably Left You Vulnerable, Here's How To Make it Right - Sonali Shah - PSW #707

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Aug 22, 2021 31:57

Shifting security left is good - but it's an incomplete strategy that often leads to a false sense of security. In this segment, Sonali will discuss how organizations can reduce their risk of breach by embracing the modern AppSec techniques, that will allow development, operations and security teams to work together in order to efficiently and effectively secure all of their applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

left shifting vulnerable shah make it right sonali appsec invicti

Shifting Left Probably Left You Vulnerable, Here's How To Make it Right - Sonali Shah - PSW #707

Play Episode Listen Later Aug 21, 2021 31:57

Shifting security left is good - but it's an incomplete strategy that often leads to a false sense of security. In this segment, Sonali will discuss how organizations can reduce their risk of breach by embracing the modern AppSec techniques, that will allow development, operations and security teams to work together in order to efficiently and effectively secure all of their applications. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw707

left shifting vulnerable shah make it right sonali appsec invicti

Sales Enablement Innovation | Spenser Miller-Fellows, Invicti

Sales Enablement Innovation

Play Episode Listen Later Jul 29, 2021 22:44

From call center worker, to coach & trainer, to channel enabler - and now heading up the sales enablement team at Invicti, Spenser says his current role is the best he's ever had. His team motto is ‘we build roads to success', and that extends beyond the sales function. Spenser says: “I very intentionally try to call the department that I run the enablement department rather than sales enablement, because we're here to help the entire revenue organisation and anyone that interacts with customers.” Hear more about this - and his predictions for enablement over the coming year, and more - in this episode of Sales Enablement Innovation.

innovation fellows sales enablement spenser invicti

Everyone Works Everywhere - ESW #235

Enterprise Security Weekly (Audio)

Play Episode Listen Later Jul 23, 2021 101:23

This week, in our first segment, we welcome Ed Rossi, Vice President of Product Management, Asset Inventory & Discovery at Qualys, to talk about Reinventing Asset Inventory for Security! Then, in the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more! Finally, we wrap up the show with two micro interviews from RSAC2021 featuring Mark Ralls from Acunetix by Invicti, and Wayne Haber from GitLab! Show Notes: https://securityweekly.com/esw235 Segment Resources: CSAM free trial: https://www.qualys.com/forms/cybersecurity-asset-management/ CSAM video overview: https://vimeo.com/551723071 Webpage: https://www.qualys.com/apps/cybersecurity-asset-management/ Visit https://securityweekly.com/qualys to learn more about them! Visit https://securityweekly.com/acunetix to learn more about them! Visit https://securityweekly.com/gitlab to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

vice president microsoft security software windows asset product management pcs devops patents docker vulnerabilities webpage gitlab sca devsecops endpoint mobile applications waf dast sentinelone openshift xss microsoft defender apisecurity rasp sast qualys sysdig microsegmentation stytch safebreach attackiq invicti acunetix enterprise news swcompositionanalysis

Everyone Works Everywhere - ESW #235