Podcasts about swcompositionanalysis

This week, in our first segment, we welcome Ed Rossi, Vice President of Product Management, Asset Inventory & Discovery at Qualys, to talk about Reinventing Asset Inventory for Security! Then, in the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more! Finally, we wrap up the show with two micro interviews from RSAC2021 featuring Mark Ralls from Acunetix by Invicti, and Wayne Haber from GitLab!   Show Notes: https://securityweekly.com/esw235 Segment Resources: CSAM free trial: https://www.qualys.com/forms/cybersecurity-asset-management/ CSAM video overview: https://vimeo.com/551723071 Webpage: https://www.qualys.com/apps/cybersecurity-asset-management/ Visit https://securityweekly.com/qualys to learn more about them! Visit https://securityweekly.com/acunetix to learn more about them! Visit https://securityweekly.com/gitlab to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, we welcome Ed Rossi, Vice President of Product Management, Asset Inventory & Discovery at Qualys, to talk about Reinventing Asset Inventory for Security! Then, in the Enterprise News, SafeBreach adds support for new advanced attacks to the Microsoft Defender for Endpoint evaluation lab, Stellar Cyber XDR Kill Chain allows security analyst teams to disrupt cyberattacks, Bugcrowd Awarded U.S. Patents for Crowd-Enabled Vulnerability Detection, Microsoft puts PCs in the cloud with Windows 365, some funding and acquisition updates from Sysdig, AttackIQ, Stytch, SentinelOne, & more! Finally, we wrap up the show with two micro interviews from RSAC2021 featuring Mark Ralls from Acunetix by Invicti, and Wayne Haber from GitLab!   Show Notes: https://securityweekly.com/esw235 Segment Resources: CSAM free trial: https://www.qualys.com/forms/cybersecurity-asset-management/ CSAM video overview: https://vimeo.com/551723071 Webpage: https://www.qualys.com/apps/cybersecurity-asset-management/ Visit https://securityweekly.com/qualys to learn more about them! Visit https://securityweekly.com/acunetix to learn more about them! Visit https://securityweekly.com/gitlab to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities. In this segment, Mark talks about the best starting point for organizations to get back on track and prioritize your web app security. This segment is sponsored by Acunetix. Visit https://securityweekly.com/acunetix to learn more about them!   Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security. This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw235

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities. In this segment, Mark talks about the best starting point for organizations to get back on track and prioritize your web app security. This segment is sponsored by Acunetix. Visit https://securityweekly.com/acunetix to learn more about them!   Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security. This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw235

This week in the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw158

This week in the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw158

This week, we welcome David DeSanto, Senior Director, Product Management, Dev & Sec at Gitlab! In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future.   In the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more!   Show Notes: https://securityweekly.com/asw158 Visit https://securityweekly.com/gitlab to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome David DeSanto, Senior Director, Product Management, Dev & Sec at Gitlab! In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future.   In the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more!   Show Notes: https://securityweekly.com/asw158 Visit https://securityweekly.com/gitlab to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future. This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw158

In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future. This segment is sponsored by GitLab. Visit https://securityweekly.com/gitlab to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw158

The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren't bogged down by the limitations of legacy solutions. It's never been more clear that it's time for a change. Sean will outline new rules for web application and API security that respect the way modern applications are built. https://www.fastly.com/blog/the-new-rules-for-web-application-and-api-security   This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw157  

In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections.   The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren't bogged down by the limitations of legacy solutions. It's never been more clear that it's time for a change. Sean will outline new rules for web application and API security that respect the way modern applications are built.   Show Notes: https://securityweekly.com/asw157 https://www.fastly.com/blog/the-new-rules-for-web-application-and-api-security This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw157  

In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections.   The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren't bogged down by the limitations of legacy solutions. It's never been more clear that it's time for a change. Sean will outline new rules for web application and API security that respect the way modern applications are built.   Show Notes: https://securityweekly.com/asw157 https://www.fastly.com/blog/the-new-rules-for-web-application-and-api-security This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren't bogged down by the limitations of legacy solutions. It's never been more clear that it's time for a change. Sean will outline new rules for web application and API security that respect the way modern applications are built. https://www.fastly.com/blog/the-new-rules-for-web-application-and-api-security   This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw157  

In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections.   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw157

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain. This segment is sponsored by Reversing Labs. Visit https://securityweekly.com/ReversingLabs to learn more about them!   The development life cycle as we know it is rapidly changing, and today's AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets - you need much more dynamic tools and ways of working. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to production. Using the legacy DevOps can lead to a downfall of the project management triangle (Budget, Scope, and Time). However, with more efficient use of dynamic application security testing tools (DAST) in every single stage/sprint, the legacy DevOps can be transformed into DevSecOps, in turn preventing our projects from failing.   This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

Threat hunters are under increased pressure to rapidly analyze, classify, detect and respond to malicious files. ReversingLabs is stepping forward to address these needs with its new Malware Lab Solution. The ReversingLabs Malware Lab solution powers the next generation of threat hunting by delivering a unique combination of static and dynamic analysis capabilities at scale to identify malicious files including those in the software supply chain. This segment is sponsored by Reversing Labs. Visit https://securityweekly.com/ReversingLabs to learn more about them!   The development life cycle as we know it is rapidly changing, and today's AppSec testing needs to keep up with shorter and faster processes. A shift-left approach is no longer enough to protect web assets - you need much more dynamic tools and ways of working. This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

This week, in our first segment, we welcome Suha Akyuz, Application Security Manager at Invicti Security, to discuss “Why DAST? from the Project Management Perspective”! In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, & JFrog to acquire Vdoo! Finally, we wrap up the show with two micro interviews from RSAC featuring Mario Vuksan, CEO of ReversingLabs, & Rickard Carlsson, CEO Detectify!   Show Notes: https://securityweekly.com/esw233 Visit https://securityweekly.com/ReversingLabs to learn more about them! Visit https://securityweekly.com/detectify to learn more about them! Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, we welcome Suha Akyuz, Application Security Manager at Invicti Security, to discuss “Why DAST? from the Project Management Perspective”! In the Enterprise News, Atos launches thinkAI, AWS welcomes Wickr to the team, U.S. DoD approves two (ISC)² certifications as requirements for staff, & JFrog to acquire Vdoo! Finally, we wrap up the show with two micro interviews from RSAC featuring Mario Vuksan, CEO of ReversingLabs, & Rickard Carlsson, CEO Detectify!   Show Notes: https://securityweekly.com/esw233 Visit https://securityweekly.com/ReversingLabs to learn more about them! Visit https://securityweekly.com/detectify to learn more about them! Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to production. Using the legacy DevOps can lead to a downfall of the project management triangle (Budget, Scope, and Time). However, with more efficient use of dynamic application security testing tools (DAST) in every single stage/sprint, the legacy DevOps can be transformed into DevSecOps, in turn preventing our projects from failing.   This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw233

This week, we welcome Jim Richberg, Public Sector Field CISO at Fortinet, to discuss The Year of Hybrid! In the Leadership and Communications section: Cybersecurity today requires greater digital and business understanding, 12 skills business continuity managers need to succeed, SOC burnout is real: 3 preventative steps every CISO must take, and more!   Show Notes: https://securityweekly.com/bsw222 Visit https://securityweekly.com/fortinet to learn more about them! https://www.fortinet.com/blog   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/bsw for all the latest episodes!

This week, we welcome Jim Richberg, Public Sector Field CISO at Fortinet, to discuss The Year of Hybrid! In the Leadership and Communications section: Cybersecurity today requires greater digital and business understanding, 12 skills business continuity managers need to succeed, SOC burnout is real: 3 preventative steps every CISO must take, and more!   Show Notes: https://securityweekly.com/bsw222 Visit https://securityweekly.com/fortinet to learn more about them! https://www.fortinet.com/blog   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/bsw for all the latest episodes!

This week in the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw156

This week, we welcome Clint Gibler, Head of Security Research at r2c, to discuss Scaling Your Application Security Program! In the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more!   Show Notes: https://securityweekly.com/asw156 Segment Resources: https://semgrep.dev/ https://github.com/returntocorp/semgrep https://github.com/returntocorp/semgrep-rules 2020 GlobalAppSec SF https://docs.google.com/presentation/d/14PjOViz2dE6iToOyoFk_BQ_RUfkEHGX-celIiybDQZA/edit https://tldrsec.com/   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Clint Gibler, Head of Security Research at r2c, to discuss Scaling Your Application Security Program! In the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more!   Show Notes: https://securityweekly.com/asw156 Segment Resources: https://semgrep.dev/ https://github.com/returntocorp/semgrep https://github.com/returntocorp/semgrep-rules 2020 GlobalAppSec SF https://docs.google.com/presentation/d/14PjOViz2dE6iToOyoFk_BQ_RUfkEHGX-celIiybDQZA/edit https://tldrsec.com/   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

For the private sector and government alike, 2021 is proving to be a year of transition and refocused activity. A year of hybrid activity - from cyber threats to IT approaches. Segment Resources: https://www.fortinet.com/blog   This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw222

This week in the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw156

For the private sector and government alike, 2021 is proving to be a year of transition and refocused activity. A year of hybrid activity - from cyber threats to IT approaches. Segment Resources: https://www.fortinet.com/blog   This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw222

In this segment with Clint Gibler, learn: * Why secure defaults are higher ROI than finding vulnerabilities * How modern AppSec teams are working with their engineering counterparts * Targeting vulnerability classes, avoiding bug whack-a-mole * The latest innovations in lightweight static analysis Segment Resources: https://semgrep.dev/ https://github.com/returntocorp/semgrep https://github.com/returntocorp/semgrep-rules 2020 GlobalAppSec SF https://docs.google.com/presentation/d/14PjOViz2dE6iToOyoFk_BQ_RUfkEHGX-celIiybDQZA/edit https://tldrsec.com/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw156

In this segment with Clint Gibler, learn: * Why secure defaults are higher ROI than finding vulnerabilities * How modern AppSec teams are working with their engineering counterparts * Targeting vulnerability classes, avoiding bug whack-a-mole * The latest innovations in lightweight static analysis Segment Resources: https://semgrep.dev/ https://github.com/returntocorp/semgrep https://github.com/returntocorp/semgrep-rules 2020 GlobalAppSec SF https://docs.google.com/presentation/d/14PjOViz2dE6iToOyoFk_BQ_RUfkEHGX-celIiybDQZA/edit https://tldrsec.com/   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw156

Security is a shared responsibility, but teams need to know what's really going on in production with their web apps and APIs, as it's happening, in order to achieve the reliable security that companies crave. In this podcast, Brendon Macaraeg will focus on the mission-critical need for real-time visibility. As many teams no longer work in the same room side by side, the role visibility plays today — and will continue to play in the future — can no longer be ignored. And it's not just a shift toward distributed work that's creating this increased need for information: while security teams may have more application security tools than ever before, very few of them will actually provide visibility into the important decisions they need to make, like which alerts to triage or which APIs are being targeted. Brendon will discuss why companies need to quickly move past legacy technologies that have limited visibility, to instead more active observability tools that provide real insights to act upon — allowing developers and IT security teams to collaborate in real time.   This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw232

Security is a shared responsibility, but teams need to know what's really going on in production with their web apps and APIs, as it's happening, in order to achieve the reliable security that companies crave. In this podcast, Brendon Macaraeg will focus on the mission-critical need for real-time visibility. As many teams no longer work in the same room side by side, the role visibility plays today — and will continue to play in the future — can no longer be ignored. And it's not just a shift toward distributed work that's creating this increased need for information: while security teams may have more application security tools than ever before, very few of them will actually provide visibility into the important decisions they need to make, like which alerts to triage or which APIs are being targeted. Brendon will discuss why companies need to quickly move past legacy technologies that have limited visibility, to instead more active observability tools that provide real insights to act upon — allowing developers and IT security teams to collaborate in real time. This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw232

This week, in our first segment, we welcome Doni Brass, Product Management Lead at Cisco Umbrella, to discuss How Criminals Use Cloud Apps to Inject Chaos into Work Environments! In the second segment, Brendon Macaraeg, Senior Director of Product Marketing at Fastly, joins to talk tell us How Teams Can Reduce the Visibility Gap! In the Enterprise News, Smoothwall Acquires eSafe Global, LookingGlass Cyber Announces Acquisition of AlphaWave, Vectra Launches Detect for AWS, SentinelOne announces IPO, & Building a Better Internet with Code BGP!   Show Notes: https://securityweekly.com/esw232 Visit https://securityweekly.com/ciscoumbrella to learn more about them! Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, in our first segment, we welcome Doni Brass, Product Management Lead at Cisco Umbrella, to discuss How Criminals Use Cloud Apps to Inject Chaos into Work Environments! In the second segment, Brendon Macaraeg, Senior Director of Product Marketing at Fastly, joins to talk tell us How Teams Can Reduce the Visibility Gap! In the Enterprise News, Smoothwall Acquires eSafe Global, LookingGlass Cyber Announces Acquisition of AlphaWave, Vectra Launches Detect for AWS, SentinelOne announces IPO, & Building a Better Internet with Code BGP!   Show Notes: https://securityweekly.com/esw232 Visit https://securityweekly.com/ciscoumbrella to learn more about them! Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, In the Leadership and Communications section, What is the hidden cost of maintaining legacy systems?, 10 Leadership Habits of Highly Effective Leaders, 5 Key Ingredients to Finding Satisfaction and Fulfillment in Your Work, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw221

This week, In the Leadership and Communications section, What is the hidden cost of maintaining legacy systems?, 10 Leadership Habits of Highly Effective Leaders, 5 Key Ingredients to Finding Satisfaction and Fulfillment in Your Work, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw221

What are some of the DAST scanners challenges, like coverage of modern apps, point & shoot, scan time, partial scans, or scanning at scale? What do developers look for in a DAST scanner?   This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155

What are some of the DAST scanners challenges, like coverage of modern apps, point & shoot, scan time, partial scans, or scanning at scale? What do developers look for in a DAST scanner?   This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw155

Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything from bad user experiences to hits to the bottom line. How can teams bridge that gap, and evolve from gatekeepers of their own projects, to partners working in harmony toward a shared goal? In this podcast, Brian Joe will focus on the most overlooked factors in evaluating an organization's InfoSec posture and what development and security teams can do to foster a mutually beneficial partnership and transition from a traditional security team model to a more collaborative one. In doing so, he'll highlight the most common pitfalls of a siloed approach — and what companies can do to avoid them.   This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699

This week, we welcome Brian Joe, Director of Security Product Marketing at Fastly, to discuss Avoiding the Silo: Bridging the Divide Between Security + Dev Teams! In the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more! In our final segment, we air a pre-recorded interview with Timur Guvenkaya, Security Engineer at Invicti Security, to show us what Web Cache Poisoning is all about!   Show Notes: https://securityweekly.com/psw699 Segment Resources: Visit https://securityweekly.com/fastly to learn more about them! Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Too often, developers and security teams have a siloed relationship. That separation can lead to inefficiencies and gaps in security across software development, ultimately leading to anything from bad user experiences to hits to the bottom line. How can teams bridge that gap, and evolve from gatekeepers of their own projects, to partners working in harmony toward a shared goal? In this podcast, Brian Joe will focus on the most overlooked factors in evaluating an organization's InfoSec posture and what development and security teams can do to foster a mutually beneficial partnership and transition from a traditional security team model to a more collaborative one. In doing so, he'll highlight the most common pitfalls of a siloed approach — and what companies can do to avoid them.   This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw699

This week, we welcome Brian Joe, Director of Security Product Marketing at Fastly, to discuss Avoiding the Silo: Bridging the Divide Between Security + Dev Teams! In the Security News: Jeff, Larry, & Doug adjust to our Adrian Overlord! Ransomware galore, Ransomware Poll Results, Windows 11 & Windows 10's End-Of-Life, Drones that hunt for human screams, & more! In our final segment, we air a pre-recorded interview with Timur Guvenkaya, Security Engineer at Invicti Security, to show us what Web Cache Poisoning is all about!   Show Notes: https://securityweekly.com/psw699 Segment Resources: Visit https://securityweekly.com/fastly to learn more about them! Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw154

Are Secure Web Gateways doing their job to keep businesses safe in 2021? Recent survey results from ESG reveal 1 in 10 are not happy with their secure web gateway (SWG) and/or web security. Yet by 2024, the SWG market is projected to grow to 10.9 billion. As this year continues to twist and turn, complexity for an IT security professional continues to rise. Security professionals need to expect more from their security tools so they can stop running from one fire to another, and can simplify daily management. Join us to learn what you can do to get more effective threat detection and reliable, fast secure access. We'll look at ways you can cut complexity, reduce risk exposure, and improve performance with a cloud-delivered, secure internet gateway.   This segment is sponsored by Cisco Umbrella. Visit https://securityweekly.com/ciscoumbrella to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw220

This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw154

Are Secure Web Gateways doing their job to keep businesses safe in 2021? Recent survey results from ESG reveal 1 in 10 are not happy with their secure web gateway (SWG) and/or web security. Yet by 2024, the SWG market is projected to grow to 10.9 billion. As this year continues to twist and turn, complexity for an IT security professional continues to rise. Security professionals need to expect more from their security tools so they can stop running from one fire to another, and can simplify daily management. Join us to learn what you can do to get more effective threat detection and reliable, fast secure access. We'll look at ways you can cut complexity, reduce risk exposure, and improve performance with a cloud-delivered, secure internet gateway.   This segment is sponsored by Cisco Umbrella. Visit https://securityweekly.com/ciscoumbrella to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw22

“Behind the scenes of the cyber fight” – talking about the good on the defender side, taking down cyber criminal supply chains, partnerships, taking down ransomware gangs. This segment is sponsored by Fortinet. Visit https://securityweekly.com/fortinet to learn more about them!   Prior to building a web security program, you have to have a plan. How does one create that plan? In this segment, Kevin will focus on some concrete steps to help you create an AppSec plan using a simple framework. This segment is sponsored by Netsparker. Visit https://securityweekly.com/netsparker to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw230

This week, in our first segment, we welcome Stephen Newman Vice President of Product Marketing, at Gigamon ThreatINSIGHT, to discuss " Redefining SaaS Security so SOC/IR Teams Aren't in the Dark, Distracted, or Alone "! In the enterprise news, Proofpoint unveils people-centric innovations across its three platforms, Citrix Secure Internet Access Simplifies Hybrid Workforce Challenges, CyberArk : Advances Industry-Leading Identity Security Platform, AI-powered cybersecurity provider ExtraHop to be acquired for $900M, New Israeli Unicorn Exabeam Hits $2.4 Billion Valuation, Microsoft acquires ReFirm Labs to boost its IoT security offerings, and more! In our final segment, we have two prerecorded RSAC 2021 interviews airing back-to-back featuring Kevin Gallagher, Chief Revenue Officer at Netsparker, and then Michael Daniel, the President & CEO of Cyber Threat Alliance!   Show Notes: https://securityweekly.com/esw230 Segment Resources: https://www.gigamon.com/content/dam/resource-library/english/solution-brief/sb-gigamon-threatinsight.pdf Visit https://securityweekly.com/fortinet to learn more about them! Visit https://securityweekly.com/netsparker to learn more about them! Visit https://securityweekly.com/gigamon to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly