- 1 Application Security Weekly Episode #112 - June 29, 2020
- 2 1. Interview - Using IaC to Establish & Analyze Secure Environments - 12:30 PM-01:00 PM
- 3 2. News - DLL Hijacking, Trust Through Privacy, & Adobe EOL Data - 01:00 PM-01:30 PM
Application Security Weekly Episode #112 - June 29, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Interview - Using IaC to Establish & Analyze Secure Environments - 12:30 PM-01:00 PM
- Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
- With all the recent changes to BlackHat and DefCon, we realized we can keep doing what we do best - host virtual podcasts! I’m proud to announce Hacker Summer Camp 2020, a Security Weekly Virtual, Live-Stream Event, August 3 - August 6, 2020. To reserve your slot now, visit: securityweekly.com/summercamp2020
Teams building Infrastructure as Code still need to ensure that the infrastructure deployed matches the code they created. Not only can IaC help establish secure environments, analyzing that code can help identify when environments have drifted from security baselines or even highlight when misconfigurations lead to exploitable vulns.
To learn more about Accurics, visit: https://securityweekly.com/accurics
Cesar is the Head of Developer Advocacy at Accurics and has spent the last 10+ years working in the cloud security space, securing both private cloud in the military industry and public cloud in the financial sector. He is passionate about contributing to the developer community through open source projects (Terrascan), blogs, and participating in local meetups.
2. News - DLL Hijacking, Trust Through Privacy, & Adobe EOL Data - 01:00 PM-01:30 PM
- We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
- In our first July webcast, you will learn how to stitch and enrich flow data for security with VIAVI Solutions! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
DLL Hijacking at the Trend Micro Password Manager, Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms, The State of Open Source Security 2020, Microservices vs. Monoliths: Which is Right for Your Enterprise?, What Modern CI/CD Should Look Like, and Build trust through better privacy!
Matt Alderman's Content:
Mike Shema's Content:
- DLL Hijacking at the Trend Micro Password Manager updates the severity for an old vuln on the old technique of Hijacking DLLs in Windows and gives us a chance to talk about threat models again.
- Adobe Prompts Users to Uninstall Flash Player As EOL Date Looms and which should have happened a decade ago. Even if you're not using Flash, there's still a relevant question here: what dependencies do your apps rely on that are already deprecated and unsupported?
- The State of Open Source Security 2020 shows once again why software dependencies are a risk to your app.
- Microservices vs. Monoliths: Which is Right for Your Enterprise? is really about how well your DevSecOps culture approaches the SDLC.
- What Modern CI/CD Should Look Like whether you're going for microservices or a monolith.
- Build trust through better privacy from Apple's upcoming iOS 14 shows an engineering approach to protecting data while Apple is switching Macs to its own processors starting later this year in a sign that more security engineering may be on the way as well.