ASWEpisode98

From Security Weekly Wiki
Jump to navigationJump to search

Application Security Weekly Episode 98 - 2020-03-02

Episode Audio

Application Security Weekly Episode 98

Announcements

  • Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • Join us at InfoSecWorld 2020 - June 22nd-24th at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!

Fullaudio - None

Description:

This week, we welcome Dan Petit, to discuss his upcoming 2-day workshop at InfoSec World 2020! The workshop is a "deep survey" into all things DevSecOps. In the Application Security News, CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly



John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW98FullaudioJohn Kinsella

Matt Alderman's Content:

MattAlderman-0.png


Template:ASW98FullaudioMatt Alderman

Mike Shema's Content:

Mike-shema-0.jpg


Template:ASW98FullaudioMike Shema


News - Ghsotcat, Apache, NeTworks, Starliner

Description:

CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol.

IMP4GT: IMPersonation Attacks in 4G NeTworks demonstrates a proven insecurity on a layer above provably secure protocol, Boeing implementing more rigorous testing of Starliner after software problems shows how problems in cloud computing will be just the same in star systems, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple’s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020.



John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW98NewsJohn Kinsella

Matt Alderman's Content:

MattAlderman-0.png


Template:ASW98NewsMatt Alderman

Mike Shema's Content:

Mike-shema-0.jpg


Template:ASW98NewsMike Shema


Interview: InfoSec World Workshop: DevSecOps and Cultural Transformation - 6:00-6:45PM

Description:

Dan discusses his upcoming 2-day workshop at InfoSec World. The workshop is a "deep survey" into all things DevSecOps.

Guest: Bio:
Dan Petit is Principal DevOps Architect at Undisclosed]
Dan Petit has been deep in the development world for most of his working life, serving as a developer, consultant, architect, and technical leader for a wide variety of companies in the aerospace, telecommunications, insurance, hospitality, logistics, and service industries. Throughout his career, Dan and his teams have been responsible for large-scale DevOps adoption and transformations, reducing cycle time of application changes from weeks to hours across dozens of agile development teams.

Hosts

John Kinsella - Vice President of Container Security at Qualys
Matt Alderman - CEO at Security Weekly
Mike Shema - Product Security Lead at Square