Changes

From Security Weekly Wiki
Jump to navigationJump to search
1,210 bytes added ,  17:46, 26 November 2019
== Episode Audio ==
<!--
<div align="center">
{{#widget:SoundCloud
|id=651835745718825501
|width=75%
|height=100
}}
</div>
-->
==Hosts==
{{Template:Matt}}
<br>
= Interview: Tim Mackey, [https://securityweekly.com/synopsys Synopsys ] =[[File:TimMackey.jpg|right|220px|thumb|<center>'''[https://twitter.com/timintech Tim Mackey]'''<br> is the Principal Security Strategist of at [https://securityweekly.com/Sysdig synopsys Synopsys CyRC (Cybersecurity Research Center)].</center>]] Tim Mackey is a principal security strategist within the Synopsys CyRC (Cybersecurity Research Center). He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. As a security strategist, Tim applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, and large-scale data center operations to customer problems. He takes the lessons learned from those activities and delivers talks globally at well-known events such as RSA, OSCON, Open Source Summit, KubeCon, Interop, CA World, Container World, DevSecCon, DevOps Days, and the IoT Summit. Tim is also an O’Reilly Media published author.<br><br>'''Segment Topic:'''<br>The security of any application is a function of the decisions made during development.<br><br>'''Segment Description:'''<br>Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app.<br><br>'''Segment Resources:'''<br>
* https://synopsys.com/software
<br><br>
===== Bugs, Breaches, and More! =====
* [https://www.itsecurityguru.org/2019/11/22/1m-google-hacking-prize/ $1M Google Hacking Prize]
* [https://www.darkreading.com/application-security/12b-records-exposed-in-massive-server-leak/d/d-id/1336439 1.2B Records Exposed in Massive Server Leak]
* [https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera How Attackers Could Hijack Your Android Camera to Spy on You]
* [https://research.securitum.com/xss-in-amp4email-dom-clobbering/ XSS in GMail’s AMP4Email via DOM Clobbering]
===== If you build it, they will come =====
* [https://aws.amazon.com/blogs/security/defense-in-depth-open-firewalls-reverse-proxies-ssrf-vulnerabilities-ec2-instance-metadata-service/ Add defense in depth against open firewalls, reverse proxies, and SSRF vulnerabilities with enhancements to the EC2 Instance Metadata Service]
===== Learning & Tools =====
* [https://www.darkreading.com/edge/theedge/whats-in-a-waf-/b/d-id/1336402 What's in a WAF?]
* [https://blog.cloudflare.com/introducing-flan-scan/ Introducing Flan Scan: Cloudflare’s Lightweight Network Vulnerability Scanner]
===== Food for Thought =====
* [https://www.darkreading.com/theedge/when-you-know-too-much-protecting-security-data-from-security-people/b/d-id/1336435 When You Know Too Much: Protecting Security Data from Security People]
{{SocialMedia}}
1,067

edits

Navigation menu