- 1 Application Security Weekly Episode #119 - August 24, 2020
- 2 1. DevOps-First Application Security For Mid-Markets - 12:30 PM-01:00 PM
- 3 2. ATM Attacks, gcploit, & ClusterFuzz - 01:00 PM-01:30 PM
Application Security Weekly Episode #119 - August 24, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. DevOps-First Application Security For Mid-Markets - 12:30 PM-01:00 PM
Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Mid-markets do have AppSec expertise, the current AppSec products are focused on large enterprises and require AppSec expertise. Sken.ai is the new and the only AppSec scan tool, focused on mid-markets where DevOps can get started without any AppSec expertise.
Sundar Krish is CEO & Co-Founder at Sken.ai
Sundar Krish is the CEO & Co-Founder of a application security / DevOps startup called Sken.ai. Previously he did another startup called Waygum that was venture funded and acquired. He was a distinguished architect at Cisco before that and has worked in technology in Silicon valley for over 20 years.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. ATM Attacks, gcploit, & ClusterFuzz - 01:00 PM-01:30 PM
Our next technical training on August 27th will teach you about BootHole, SIGRed and SMBleed… How To Effectively Prioritize & Remediate Vulnerabilities! Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network on September 10th! Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer, ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks, Control Flow Guard for Clang/LLVM and Rust, Fuzzing Services Help Push Technology into DevOps Pipeline, and 7 Things to Make DevSecOps a Reality!
John Kinsella's Content:
Matt Alderman's Content:
Mike Shema's Content:
- gcploit provides the tools covered in the recent presentation, Compromise any GCP Org Via Cloud API Lateral Movement and Privilege Escalation: Blackhat/Defcon 2020.
- The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer echoes the email protocols analysis we touched on in episode 118, with an added bonus of disclosure timeline treatment.
- ATM makers Diebold and NCR deploy fixes for 'deposit forgery' attacks that, although they rely on gaining a physical connection to the ATM, serve as a reminder that unencrypted and unsigned messages are trivial to modify.
- Control Flow Guard for Clang/LLVM and Rust brings compiler countermeasures in C++ to Rust's boundaries with C++ systems and more confidence for devs who venture into the 'unsafe' keyword.
- Fuzzing Services Help Push Technology into DevOps Pipeline, with lots of success from Google Open sourcing ClusterFuzz and similar work from Microsoft we touched on in episode 107.
- 7 Things to Make DevSecOps a Reality really just might mean smart software engineering steps that lead to more secure code.
- Blog post from Sonatype introducing the 2020 State of the Software Supply Chain adds more data to the discussion of successful approaches to securing software dependencies.