Recorded June 19, 2019 at G-Unit Studios in Rhode Island!
- We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand
- So many of the big East Coast cybersecurity tradeshows take place in crowded cities like Boston and New York, where parking is a nightmare and will cost you an arm and a leg. However, this year's Compass Cybersecurity Symposium is being held at Twin River Casino in Lincoln, RI, just 15 minutes outside of Providence! The venue has plenty of free and easy parking. Speakers include social engineering expert Chris Hadnagy and Security Weekly podcast founder Paul Asadoorian. Use the discount code "SW2019" to save $20 on registration!
- Security Weekly will be at Hacker Halted in Atlanta, GA this October 10th-11th! EC-Council is offering our listeners a $100 discount to attend the two day conference. Use discount code HH19SW when you register or go to securityweekly.com/hackerhalted and register there! Make sure you checkout the keynote (Paul Asadoorian) and Mr. Jeff Man's talk as well!
- Have you been trying your hardest to get a ticket to DerbyCon FinishLine?! We know that tickets sold out almost immediately, as they do almost every year, and we have an exciting announcement: Security Weekly is giving away 7 tickets to DerbyCon! Here's what you need to do - subscribe to the Security Weekly YouTube channel and send an email to firstname.lastname@example.org with either a written or video testimonial about what Security Weekly means to you! That's it, it's really that simple! First 7 people to complete this will receive a ticket to DerbyCon! You will also be invited to participate in our Security Weekly DerbyCon interview series that Sam and Mark will be running at the conference!
Interview: Challenges of Healthcare Security - Bryan Warren, WarSec Security
Topic: Challenges of Healthcare Security
Security in a healthcare environment takes on many unusual aspects that other industries do not typically deal with. From patient restraints to drug diversion to the highest workplace violence rates in any US industry, healthcare is one of the most complex and challenging security environments to maintain.
Topic: So You've Inherited Someone Else's Code? - Practical Tips
I've spent the past few weeks updating software. I was not the primary developer, mostly I was working with other people's code. I ran into several challenges, here are some tips for when you are in this situation:
- Use an IDE - My project is Python, so I chose to use PyCharm. I am a hardcore Vim user, however, I use Vim emulation and it works good enough. There are several advantages to using an IDE vs. a command line text editor
- Variable Usage - The editor will highlight variables that are unused and those that are undefined. Handy for making updates to code you are not familiar with.
- Jump To Implementation and Declaration - This is super handy as you are likely not familiar with the application flow or the code base. You can right click on anything and follow it to the declaration or where it is being used.
- Global Search - I use this all the time to find out where functions or object references are being used. Usually to make sure I am not breaking anything and to trace back the flow of execution. You can double click on a result and it takes you to it.
- Inspection - There are many plugins for this, I use the built-in one. This tells me all of the errors, warnings, etc... in the code. I use this as the first step to figuring out what negative impact my code changes may have had.
- Logging and Exceptions - Spend some time adding additional logging and exceptions, especially around new code that you write. Often times developers will leave out logging or debugging statements once they are comfortable with the code. Go ahead and add some back in, you can always adjust them later if you are concerned about performance. Python exception handling is really neat as well.
- Don't Trust Logs or Comments - Logging statements and comments get stale very fast. So many times I've reviewed code, understood what it does, but the log entry or comment says it does something completely different. They cannot be trusted. Also, many developers write either no comments at all or crappy comments. Here's a tip, if you are writing anything, write good descriptive comments. It will help you as the developer, and those that follow. For tips, read Code Complete, great book!
- Beware Of Spelling Mistakes - In the code I am working on, there are spelling mistakes. Lots of spelling mistakes. In comments. In code. Across multiple files. Your IDE likely has a spell checker, use it. Don't leave any spelling mistakes in code! If you are making changes, be sure you are spelling it incorrectly or do a search and replace.
- Unit Testing - This helped me tremendously to clean-up a ton of code fast. Most languages have unit testing modules (e.g. Python unittest). This allows you to automatically test your code, and more importantly someone else's.
- Docker Desktop for Windows 10 Will Soon Switch to WSL 2
- Aqua Security announces container vulnerabilities detecting and blocking solution in industry first. - DevOps Online
- Netskope Introduces Zero-Trust Secure Access to Private Enterprise Applications
- CipherCloud : Extends Zero Trust Cloud Security to Email for Office 365 and G Suite
- Skybox Security launches update to simplify hybrid cloud risk management
- System76s Supercharged Linux-powered Gazelle Laptop is Finally Available
- RedSeal launches new suite of professional services
- Cybersecurity risk-monitoring platform SecurityScorecard nabs $50 million
- 10 Notable Security Acquisitions of 2019 (So Far)
- What does runtime container security really mean? - Help Net Security
- Programming Measures to Take When Dealing With Sensitive Data
- CipherCloud adds new email security capabilities in its CipherCloud Zero Trust CASB+ platform - Help Net Security
- Can Your Patching Strategy Keep Up with the Demands of Open Source?