ASWEpisode102

From Security Weekly Wiki
Jump to navigationJump to search

Application Security Weekly Episode 102 - 2020-04-06

Episode Audio

Application Security Weekly Episode 102

Announcements

  • Is your Open Source code secure? Learn how to verify your code during development, not after the build in our next webcast with Synopsys. Going cloudnative? See how to integrate application security in our webcast with Signal Sciences! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
  • Join Qualys for VMDR Live on April 21 at 2pm ET for a live demonstration of the game-changing Vulnerability Management, Detection & Response offering - a unified solution that integrates vulnerability management, threat prioritization and patching in a single app. Register at securityweekly.com/VMDR2020

Fullaudio - None

Description:

This week, we welcome Grant Ongers, Co-Founder of Secure Delivery, to discuss why "You re (probably) Doing AppSec Wrong"! In the Application Security News, Zoom is gaining lots of attention for flaws, Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak, 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope, and more!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly



John Kinsella's Content:


Template:ASW102FullaudioJohn Kinsella

Matt Alderman's Content:


Template:ASW102FullaudioMatt Alderman

Mike Shema's Content:


Template:ASW102FullaudioMike Shema


Interview: You're (probably) Doing AppSec Wrong - 6:00-6:45PM

Description:

Most security programs generally get in the way of delivery (if they don't, to all intents and purposes, prevent it altogether) and are probably also failing to provide the required level of actual security. This segment can try to look at why this is the case and how (in general terms) security and product teams can change this.

Guest: Bio:
 
Grant Ongers is Co-Founder at Secure Delivery
Grant Ongers is co-founder and one half of the bearded duo of Secure Delivery. Twenty-plus years in Ops, doing everything from running operational teams in global NOCs to managing mainframe and database systems. Teaching classes and consulting on ITIL, and running Prince 2 and King III projects to both the public and private sectors throughout the world.

Hosts

 
John Kinsella - Vice President of Container Security at Qualys
 
Matt Alderman - CEO at Security Weekly
 
Mike Shema - Product Security Lead at Square

News - Zoom Flaws, 'Zombie' win32k Bug, & Inputscope

Description:

This week in the Application Security News, Zoom is gaining lots of attention for flaws and serves as a good exercise in threat modeling and communicating security trade-offs, Popular Digital Wallet Exposes Millions to Risk in Huge Data Leak from the usual suspect of an S3 bucket for an unusual amount of sensitive data, 12k+ Android apps contain master passwords, secret access keys, secret commands in not-so-secret client-side code identified by a research tool Inputscope, and more!



John Kinsella's Content:


Template:ASW102NewsJohn Kinsella

Matt Alderman's Content:


Template:ASW102NewsMatt Alderman

Mike Shema's Content: