ASWEpisode103

From Security Weekly Wiki
Jump to navigationJump to search

Application Security Weekly Episode 103 - 2020-04-13

Episode Audio

Application Security Weekly Episode 103

Announcements

  • Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering - a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020

Interview: Making Kubernetes a Hostile Place for Attackers - 6:00-6:45PM

Description:

Kubernetes is conceptually simple, but in practical terms, a highly complex distributed system with thousands of interdependent settings that drive behavior and security posture. That said, focusing hardening efforts on a handful of key configurations and policies can make the job of an attacker incredibly challenging in a cluster.

Guest: Bio:
Brad Geesaman is Co-founder at Darkbit
Brad Geesaman is a co-founder of Darkbit.io helping clients improve the security of their Kubernetes clusters in cloud-native environments. When he’s not educating others on the security risks inherent in complex distributed systems, he enjoys spending time with his family in Virginia, eating Mexican food, and collecting an impractical amount of ebooks.

Hosts

John Kinsella - Vice President of Container Security at Qualys
Matt Alderman - CEO at Security Weekly
Mike Shema - Product Security Lead at Square

Fullaudio - None

Description:

This week, we welcome Brad Geesaman, Co-Founder of Darkbit, to talk about Making Kubernetes a Hostile Place for Attackers! In the Application Security News, Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit, How we abused Slack's TURN servers to gain access to internal services, Moving from reCAPTCHA to hCaptcha, Automate Security Testing with ZAP and GitHub Actions, Shift-Right Testing: The Emergence of TestOps, and Building Secure and Reliable Systems!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly



John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW103FullaudioJohn Kinsella

Matt Alderman's Content:

MattAlderman-0.png


Template:ASW103FullaudioMatt Alderman

Mike Shema's Content:

Mike-shema-0.jpg


Template:ASW103FullaudioMike Shema


News - Zooming Alex Stamos & Building Security TestOps

Description:

This week in the Application Security News, Zoom Taps Ex-Facebook CISO Amid Security Snafus, Lawsuit, How we abused Slack's TURN servers to gain access to internal services, Moving from reCAPTCHA to hCaptcha, Automate Security Testing with ZAP and GitHub Actions, Shift-Right Testing: The Emergence of TestOps, and Building Secure and Reliable Systems!



John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW103NewsJohn Kinsella

Matt Alderman's Content:

MattAlderman-0.png


Template:ASW103NewsMatt Alderman

Mike Shema's Content:

Mike-shema-0.jpg