Difference between revisions of "ASWEpisode104"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
(Added By Paul's Craptastic PPWorks Code)
 
(4 intermediate revisions by the same user not shown)
Line 24: Line 24:
 
 
 
<li>We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!</li>
 
<li>We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!</li>
 +
 +
<li>Join us at InfoSecWorld 2020 - June 22nd-24th now at Disney's Coronado Springs Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!</li>
 
 
 
<li>We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!</li>
 
<li>We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!</li>
Line 30: Line 32:
  
 
</p>
 
</p>
= News - Application News - TBD =
+
= Interview: Building an AppSec Ecosystem - 6:00-6:45PM =
 +
<!-- 
 +
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 +
-->
 +
{|style="width: 100%;margin: auto; " cellpadding="10"
 +
 
 +
|<center>{{#ev:youtube|1NEFxOXXjHs }}</center>
 +
 
 +
|-
 +
|<p>'''Description:'''<br><br> It's possible to check the boxes and have an AppSec program that looks great on paper, but still not have positive results. We will cover using continuous feedback from AppSec testing activities passing through threat models to make life better for AppSec, red teams, QA, and engineers.</p>
 +
 
 +
|}
 +
{|style="width: 100%;margin: auto; " cellpadding="5"
 +
 
 +
|'''Guest:'''
 +
|'''Bio:'''
 +
|-
 +
 +
|[[Image:RebeccaDeck-0.jpg|200px|thumb|<center>'''[https://twitter.com/@rangercha Rebecca Deck]''' is Senior Staff Application Security Engineer at Avalara</center>]]
 +
 +
|Rebecca Deck is a Staff Application Security Engineer at Avalara. She determines application security tools and strategy and (hopefully) gets to perform application security testing. She has more than 20 years of experience in IT that includes QA, software development, engineering, incident response, and consulting. She's currently quarantined with her wife and kids living the dream of working and home schooling.
 +
|-
 +
 
 +
|}
 +
==Hosts==
 +
<!-- 
 +
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 +
-->
 +
 
 +
{|style="width: 100%;margin: auto; " cellpadding="1"
 +
 +
|[[Image:John_Kinsella-1.jpg|100px|thumb|<center>[https://twitter.com/@johnlkinsella John Kinsella]  - Vice President of Container Security at Qualys</center>]]
 +
 +
|[[Image:MattAlderman-0.png|100px|thumb|<center>[https://twitter.com/@maldermania Matt Alderman]  - CEO at Security Weekly</center>]]
 +
 +
|[[Image:mike-shema-0.jpg|100px|thumb|<center>[https://twitter.com/@Codexatron Mike Shema]  - Product Security Lead at Square</center>]]
 +
 +
|}
 +
 
 +
= Fullaudio - None =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
Line 37: Line 78:
  
 
|-
 
|-
|<p>'''Description:'''<br><br> Description TBD</p>
+
|<p>'''Description:'''<br><br> This week, we welcome Rebecca Black, Senior Staff Application Security Engineer at Avalara, to talk about Building an AppSec Ecosystem! This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A process for anticipating cyber attacks!
 +
 
 +
Visit https://www.securityweekly.com/asw for all the latest episodes!
 +
 
 +
Follow us on Twitter: https://www.twitter.com/securityweekly
 +
Like us on Facebook: https://www.facebook.com/secweekly</p>
  
  
Line 47: Line 93:
 
[[Image:John_Kinsella-1.jpg|50px|thumb|left]]
 
[[Image:John_Kinsella-1.jpg|50px|thumb|left]]
 
<br>
 
<br>
{{Template:ASW104NewsJohn Kinsella}}
+
{{Template:ASW104FullaudioJohn Kinsella}}
 
 
 
==[https://twitter.com/@maldermania Matt Alderman]'s Content: ==
 
==[https://twitter.com/@maldermania Matt Alderman]'s Content: ==
 
[[Image:MattAlderman-0.png|50px|thumb|left]]
 
[[Image:MattAlderman-0.png|50px|thumb|left]]
 
<br>
 
<br>
{{Template:ASW104NewsMatt Alderman}}
+
{{Template:ASW104FullaudioMatt Alderman}}
 
 
 
==[https://twitter.com/@Codexatron Mike Shema]'s Content: ==
 
==[https://twitter.com/@Codexatron Mike Shema]'s Content: ==
 
[[Image:mike-shema-0.jpg|50px|thumb|left]]
 
[[Image:mike-shema-0.jpg|50px|thumb|left]]
 
<br>
 
<br>
{{Template:ASW104NewsMike Shema}}
+
{{Template:ASW104FullaudioMike Shema}}
 
 
  
= Interview: Building an AppSec Ecosystem - 6:00-6:45PM =
+
= News - Malicious Ruby Gems & JSON Web Token Bypass  =
 
<!--   
 
<!--   
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
+
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
 
{|style="width: 100%;margin: auto; " cellpadding="10"
 
{|style="width: 100%;margin: auto; " cellpadding="10"
 +
 +
|<center>{{#ev:youtube|CzlqxGdNDhE }}</center>
  
 
|-
 
|-
|<p>'''Description:'''<br><br> It's possible to check the boxes and have an AppSec program that looks great on paper, but still not have positive results. We will cover using continuous feedback from AppSec testing activities passing through threat models to make life better for AppSec, red teams, QA, and engineers.</p>
+
|<p>'''Description:'''<br><br> This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A process for anticipating cyber attacks!</p>
  
|}
 
{|style="width: 100%;margin: auto; " cellpadding="5"
 
  
|'''Guest:'''
 
|'''Bio:'''
 
|-
 
 
|[[Image:RebeccaDeck-0.jpg|200px|thumb|<center>'''[https://twitter.com/@rangercha Rebecca Deck]''' is Senior Staff Application Security Engineer at Avalara</center>]]
 
 
|Rebecca Deck is a Staff Application Security Engineer at Avalara. She determines application security tools and strategy and (hopefully) gets to perform application security testing. She has more than 20 years of experience in IT that includes QA, software development, engineering, incident response, and consulting. She's currently quarantined with her wife and kids living the dream of working and home schooling.
 
|-
 
  
 
|}
 
|}
==Hosts==
 
<!-- 
 
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 
-->
 
  
{|style="width: 100%;margin: auto; " cellpadding="1"
 
 
 
|[[Image:John_Kinsella-1.jpg|100px|thumb|<center>[https://twitter.com/@johnlkinsella John Kinsella]  - Vice President of Container Security at Qualys</center>]]
+
==[https://twitter.com/@johnlkinsella John Kinsella]'s Content: ==
 +
[[Image:John_Kinsella-1.jpg|50px|thumb|left]]
 +
<br>
 +
{{Template:ASW104NewsJohn Kinsella}}
 
 
|[[Image:MattAlderman-0.png|100px|thumb|<center>[https://twitter.com/@maldermania Matt Alderman]  - CEO at Security Weekly</center>]]
+
==[https://twitter.com/@maldermania Matt Alderman]'s Content: ==
 +
[[Image:MattAlderman-0.png|50px|thumb|left]]
 +
<br>
 +
{{Template:ASW104NewsMatt Alderman}}
 
 
|[[Image:mike-shema-0.jpg|100px|thumb|<center>[https://twitter.com/@Codexatron Mike Shema]  - Product Security Lead at Square</center>]]
+
==[https://twitter.com/@Codexatron Mike Shema]'s Content: ==
+
[[Image:mike-shema-0.jpg|50px|thumb|left]]
|}
+
<br>
 +
{{Template:ASW104NewsMike Shema}}

Latest revision as of 22:25, 20 April 2020

Application Security Weekly Episode 104 - 2020-04-20

Episode Audio

Application Security Weekly Episode 104

Announcements

  • Going cloudnative? See how to integrate application security in our next webcast with Signal Sciences! Learn how penetration testing reduces risk in our May webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand. Each webcast will earn you 1 CPE credit that we will submit on your behalf if you provide your ISC2 number.
  • We have officially migrated our mailing list to BACK to our original platform! We have our categories nailed down and you are now able to customize what you receive from us based on your preferences by visiting securityweekly.com/subscribe and clicking the button to join the list! Once you have joined, you will also be able to go back and update your "interests" so that we can grow with you as you progress through your journey in InfoSec!
  • Join us at InfoSecWorld 2020 - June 22nd-24th now at Disney's Coronado Springs Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
  • We are looking for high-quality guest suggestions for our Enterprise Security Weekly podcast to fill our upcoming recording schedule! We're committed to educating and providing entertainment for the InfoSec community and we would love to hear from you about who you would like us to interview on the show! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

Interview: Building an AppSec Ecosystem - 6:00-6:45PM

Description:

It's possible to check the boxes and have an AppSec program that looks great on paper, but still not have positive results. We will cover using continuous feedback from AppSec testing activities passing through threat models to make life better for AppSec, red teams, QA, and engineers.

Guest: Bio:
Rebecca Deck is Senior Staff Application Security Engineer at Avalara
Rebecca Deck is a Staff Application Security Engineer at Avalara. She determines application security tools and strategy and (hopefully) gets to perform application security testing. She has more than 20 years of experience in IT that includes QA, software development, engineering, incident response, and consulting. She's currently quarantined with her wife and kids living the dream of working and home schooling.

Hosts

John Kinsella - Vice President of Container Security at Qualys
Matt Alderman - CEO at Security Weekly
Mike Shema - Product Security Lead at Square

Fullaudio - None

Description:

This week, we welcome Rebecca Black, Senior Staff Application Security Engineer at Avalara, to talk about Building an AppSec Ecosystem! This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A process for anticipating cyber attacks!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly



John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW104FullaudioJohn Kinsella

Matt Alderman's Content:

MattAlderman-0.png


Template:ASW104FullaudioMatt Alderman

Mike Shema's Content:

Mike-shema-0.jpg


Template:ASW104FullaudioMike Shema


News - Malicious Ruby Gems & JSON Web Token Bypass

Description:

This week in the Application Security News, JSON Web Token Validation Bypass in Auth0 Authentication API, Mining for malicious Ruby gems, A Brief History of a Rootable Docker Image, Privacy In The Time Of COVID, and Threat modeling explained: A process for anticipating cyber attacks!



John Kinsella's Content:

John Kinsella-1.jpg


Template:ASW104NewsJohn Kinsella

Matt Alderman's Content:

MattAlderman-0.png


Template:ASW104NewsMatt Alderman

Mike Shema's Content:

Mike-shema-0.jpg