- 1 Application Security Weekly Episode #120 - August 31, 2020
- 2 1. Detecting Threats & Avoiding Misconfigs In The Cloud-Age - 12:30 PM-01:00 PM
- 3 2. GitHub to Ruby 2.7, CISO Success, & Lessons From Uber - 01:00 PM-01:30 PM
Application Security Weekly Episode #120 - August 31, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Detecting Threats & Avoiding Misconfigs In The Cloud-Age - 12:30 PM-01:00 PM
Join the Security Weekly Mailing List for webcast/virtual training announcements and to receive your personal invite to our Discord server by visiting https://securityweekly.com/subscribe and clicking the button to join the list!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
What are challenges for companies moving to the cloud in forms of security? Marc Tremsal, Director of Product Management - Security at Datadog, will discuss these challenges and how he helps security teams overcome them throughout their cloud transformation. This segment is sponsored by Datadog.
Visit https://securityweekly.com/datadog to learn more about them!
Datadog Security product page: https://www.datadoghq.com/product/security-monitoring/
Datadog Security product blog: https://www.datadoghq.com/blog/announcing-security-monitoring/
Marc is a Director of Product Management at Datadog with 10+ years of experience building products for security and engineering organizations of Fortune 500 companies.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. GitHub to Ruby 2.7, CISO Success, & Lessons From Uber - 01:00 PM-01:30 PM
Security Weekly is ramping up our webcast/technical training schedule for the rest of 2020! In September you can Learn How to Extend the Enterprise Network for Remote Workers and Protect Your Home Network, Find out Why Traditional Data Security Can’t Be Zero Trust, and Learn how to reduce the blast radius of your cloud infrastructure. Visit https://securityweekly.com/webcasts to see what we have coming up! Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
A Tale of Escaping a Hardened Docker container, Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform, Upgrading GitHub to Ruby 2.7, Upgrading GitHub to Ruby 2.7, Redefining What CISO Success Looks Like, and Lessons from Uber: Be crystal clear on the law and your bug bounty policies!
John Kinsella's Content:
Matt Alderman's Content:
Mike Shema's Content:
- A Tale of Escaping a Hardened Docker container should go into the expanding volume of barriers that aren't.
- No need to hack when it’s leaking shows again that secrets shouldn't go into code.
- Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform feature two ways to reach remote code execution by twisting a barrier of read-only memory into a writeable one, and gives another chance to peruse the nineteen cybersecurity best practices for Azure Sphere.
- Upgrading GitHub to Ruby 2.7 shows one way to create a path forward to move off deprecated language or framework versions.
- Did Your Last DevOps Strategy Fail? Try Again with feedback loops and collaboration.
- Redefining What CISO Success Looks Like looks a lot like starting with the threat models and risk scenarios created for your apps.
- Lessons from Uber: Be crystal clear on the law and your bug bounty policies so that your threat models and risk scenarios don't stray from appsec.