ES Episode137

From Paul's Security Weekly
Jump to: navigation, search

Recorded May 15, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

    • So many of the big East Coast cybersecurity tradeshows take place in crowded cities like Boston and New York, where parking is a nightmare and will cost you an arm and a leg. However, this year's Compass Cybersecurity Symposium is being held at Twin River Casino in Lincoln, RI, just 15 minutes outside of Providence! The venue has plenty of free and easy parking. Speakers include social engineering expert Chris Hadnagy and Security Weekly podcast founder Paul Asadoorian. Use the discount code "SW2019" to save $20 on registration!

    • Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man's talk as well!

    • Have you been trying your hardest to get a ticket to DerbyCon FinishLine?! We know that tickets sold out almost immediately, as they do almost every year, and we have an exciting announcement: Security Weekly is giving away 7 tickets to DerbyCon! Here's what you need to do - subscribe to the Security Weekly YouTube channel and send an email to sam@securityweekly.com with either a written or video testimonial about what Security Weekly means to you! That's it, it's really that simple! First 7 people to complete this will receive a ticket to DerbyCon! You will also be invited to participate in our Security Weekly DerbyCon interview series that Sam and Mark will be running at the conference!



    Interview: Ferruh Mavituna, Netsparker

    Ferruh Mavituna is the Founder & Product Manager at Netsparker
    Ferruh Mavituna is the Founder and Product Manager of Netsparker. He developed the first and only proof-based web security scanner with state-of-the-art, accurate vulnerability detection and exploitation features, used by thousands companies around the world today. From 2002-2006, he worked for Turkish Army and Police. Ferruh is a frequent speaker at several conferences about Web Application Security and has released several research papers and tools.



    Centralization of Web Application Security Large Enterprises - Advantages, Disadvantages, and Challenges


    Centralization vs. Decentralization of security is an interesting topic. Decentralization in web app penetration testing is popular in many large organizations because no good centralized solutions solve this problem. Instead small teams do independent or random testing, without consistency or well-defined processes. Web security automation is a better approach. If you have 100 actively developed applications across 10 different development teams, can you (and should you) centralize security testing?

    Enterprise News

    1. LogRhythm : Releases Cloud-Based NextGen Security Information and Event Management (SIEM) Platform
    2. Ixia, Symantec provide security intelligence for hybrid networks
    3. Avast Plc Debuts Omni, a New Approach to Digital Security
    4. Atos launches new unified cloud identity and access management solution for ultimate security
    5. Ping Identity to Highlight Zero Trust and API Security at May Industry Events
    6. Device Authority Innovates KeyScaler for Microsoft Azure IoT Hub Device Provisioning Service (DPS) and Docker Support
    7. ExtraHop Announces New Panorama Partner Program
    8. HyTrust Launches Full-Scale Security Platform for VMware, AWS, Containers
    9. Sysdig and In-Q-Tel partnership to provide U.S. govt agencies with the Sysdig Cloud-Native VSP - Help Net Security

    Tech Segment: Enterprise Open-Source Firewalls?

    Setup:

    FWConfig.png

    Screenshot from 2019-05-15 10-54-44.png

    Screenshot from 2019-05-15 10-53-45-edit.png