ASW Episode19

From Paul's Security Weekly
Jump to: navigation, search

Application Security Weekly #19

Recorded June 11, 2018 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Annoucements:

    • Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
    • Ticket Sales are open for Social Engineering RI Conference. Saturday, June 16th at Salve Regina University in Newport RI. Go to - http://se-ri.org/ to register! We are giving away 2 tickets to this conference. Please send your best meme of Paul and Larry to psw@securityweekly.com.
    • How do you feel about User and Entity Behavior Analytics? What about your SEIM? Check out Logrhythm's webcast on June 14th at 3:00pm-4:00pm.

    Interview: Peter Chestna, Veracode

    Peter Chestna
    is the Director of Developer Engagement Veracode.
    Pete Chestna has more than 25 years of experience developing software and leading development teams. As Director of Developer Engagement at CA Veracode, Pete provides customers and prospects with practical advice on how to successfully roll out developer-centric application security (AppSec) programs. Relying on more than 11 years of direct AppSec practitioner experience as both a developer and development leader, Pete provides information on best practices amassed from personal experience in addition to working with Veracode’s many global customers. In addition to his extensive security experience, he led Veracode’s transformation from Waterfall to Agile to DevOps and from monolith to microservice architecture. He is certified as both a scrum master and product owner. From his experience as both a practitioner and consultant, Pete has spoken internationally at both security and developer conferences on the topics of AppSec, Agile and DevOps. He is also a contributing editor at DevOps.com and SecurityBoulevard.com. Buy him a whisk(e)y and he’ll tell you all about it.

    The 3 ways of DevSecOps (Part 1)

    News

    Bugs, Breaches, and More!

    1.) FireFox uXSS and CSS XSS

    2.) Windows 10 April 2018 Update Breaks SMBv1

    3.) Some Signal Disappearing Messages Are Not Disappearing

    4.) Cloudflare mistakes own 1.1.1.1 DNS for DDoS attack Cloudflare Blog post

    If you build it, they will come

    1.) A Brief Analysis of Serverless Security

    2.) GitHub vs. GitLab

    Food for Thought

    1.) ThoughtWorks Technology Radar

    2.) DevOps Brings Value to Security (and Vice Versa)

    3.) DevOps Introduceds Complexity. Really.

    4.) When you think you've finished the project, but actually you haven't... at all...

    Learning & Tools

    1.) BitHubLab: Search all Open Source Repositories

    2.) WhaleTail: Reverse Docker Images into Dockerfiles with Golang


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+