ES Episode137

From Paul's Security Weekly
Jump to: navigation, search

Recorded May 15, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • John Strand
    Security analyst, Founder of Black Hills Information Security, and CTO of Offensive Countermeasures.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Annoucements:

    • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcasts by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand

    • We need your help in a survey we are running for research purposes for an upcoming webcast. How mature is your process automation for your various security capabilities? Please visit securityweekly.com/fivestagesofautomationmaturity to submit your responses to our 5 Stages of Automation Maturity Survey! We'll share the results in a webcast in November!




    Interview: Ferruh Mavituna, Netsparker

    Ferruh Mavituna is the Founder & Product Manager at Netsparker
    Ferruh Mavituna is the Founder and Product Manager of Netsparker. He developed the first and only proof-based web security scanner with state-of-the-art, accurate vulnerability detection and exploitation features, used by thousands companies around the world today. From 2002-2006, he worked for Turkish Army and Police. Ferruh is a frequent speaker at several conferences about Web Application Security and has released several research papers and tools.



    Centralization of Web Application Security Large Enterprises - Advantages, Disadvantages, and Challenges


    Centralization vs. Decentralization of security is an interesting topic. Decentralization in web app penetration testing is popular in many large organizations because no good centralized solutions solve this problem. Instead small teams do independent or random testing, without consistency or well-defined processes. Web security automation is a better approach. If you have 100 actively developed applications across 10 different development teams, can you (and should you) centralize security testing?

    Enterprise News

    1. LogRhythm : Releases Cloud-Based NextGen Security Information and Event Management (SIEM) Platform
    2. Ixia, Symantec provide security intelligence for hybrid networks
    3. Avast Plc Debuts Omni, a New Approach to Digital Security
    4. Atos launches new unified cloud identity and access management solution for ultimate security
    5. Ping Identity to Highlight Zero Trust and API Security at May Industry Events
    6. Device Authority Innovates KeyScaler for Microsoft Azure IoT Hub Device Provisioning Service (DPS) and Docker Support
    7. ExtraHop Announces New Panorama Partner Program
    8. HyTrust Launches Full-Scale Security Platform for VMware, AWS, Containers
    9. Sysdig and In-Q-Tel partnership to provide U.S. govt agencies with the Sysdig Cloud-Native VSP - Help Net Security

    Tech Segment: Enterprise Open-Source Firewalls?

    Setup:

    FWConfig.png

    Screenshot from 2019-05-15 10-54-44.png

    Screenshot from 2019-05-15 10-53-45-edit.png