Application Security Weekly #19
Recorded June 11, 2018 at G-Unit Studios in Rhode Island!
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- Ticket Sales are open for Social Engineering RI Conference. Saturday, June 16th at Salve Regina University in Newport RI. Go to - http://se-ri.org/ to register! We are giving away 2 tickets to this conference. Please send your best meme of Paul and Larry to email@example.com.
- How do you feel about User and Entity Behavior Analytics? What about your SEIM? Check out Logrhythm's webcast on June 14th at 3:00pm-4:00pm.
Interview: Peter Chestna, Veracode
Pete Chestna has more than 25 years of experience developing software and leading development teams. As Director of Developer Engagement at CA Veracode, Pete provides customers and prospects with practical advice on how to successfully roll out developer-centric application security (AppSec) programs. Relying on more than 11 years of direct AppSec practitioner experience as both a developer and development leader, Pete provides information on best practices amassed from personal experience in addition to working with Veracode’s many global customers. In addition to his extensive security experience, he led Veracode’s transformation from Waterfall to Agile to DevOps and from monolith to microservice architecture. He is certified as both a scrum master and product owner. From his experience as both a practitioner and consultant, Pete has spoken internationally at both security and developer conferences on the topics of AppSec, Agile and DevOps. He is also a contributing editor at DevOps.com and SecurityBoulevard.com. Buy him a whisk(e)y and he’ll tell you all about it.
The 3 ways of DevSecOps (Part 1)
Bugs, Breaches, and More!
1.) FireFox uXSS and CSS XSS
2.) Windows 10 April 2018 Update Breaks SMBv1
3.) Some Signal Disappearing Messages Are Not Disappearing
4.) Cloudflare mistakes own 188.8.131.52 DNS for DDoS attack Cloudflare Blog post
If you build it, they will come
1.) A Brief Analysis of Serverless Security
2.) GitHub vs. GitLab
Food for Thought
1.) ThoughtWorks Technology Radar
2.) DevOps Brings Value to Security (and Vice Versa)
3.) DevOps Introduceds Complexity. Really.
4.) When you think you've finished the project, but actually you haven't... at all...
Learning & Tools
1.) BitHubLab: Search all Open Source Repositories
2.) WhaleTail: Reverse Docker Images into Dockerfiles with Golang