Difference between revisions of "ASWEpisode108"

From Security Weekly Wiki
Jump to navigationJump to search
(Added By Paul's Craptastic PPWorks Code)
(Added By Paul's Craptastic PPWorks Code)
 
(3 intermediate revisions by the same user not shown)
Line 14: Line 14:
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
 +
 +
<center>{{#ev:youtube|LsKOSd8ZeXQ }}</center>
  
  
Line 37: Line 39:
  
 
Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.
 
Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.
 +
 +
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
  
  
Line 65: Line 69:
 
</gallery>
 
</gallery>
  
= 2. Interview - Highlights From The New Open Source Security and Risk Analysis (OSSRA) Report - 01:00 PM-01:30 PM  =
+
= 2. Interview - Highlights From the New Open Source Security and Risk Analysis Report - 01:00 PM-01:30 PM  =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
 +
 +
<center>{{#ev:youtube|mGSAOWYnmq8 }}</center>
  
  
Line 84: Line 90:
  
 
<li>Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!</li>
 
<li>Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!</li>
 +
 +
<li>Join the Security Weekly Mailing List &amp; receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list! </li>
  
 
</ul>
 
</ul>
Line 90: Line 98:
  
 
The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.
 
The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.
 +
 +
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
  
  

Latest revision as of 20:42, 18 May 2020

Application Security Weekly Episode #108 - May 18, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Interview - Using Rate Limiting to Protect Web Apps and APIs - 12:30 PM-01:00 PM


Visit https://securityweekly.com/signalsciences for more information!


Announcements

  • Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences



Guest(s)

Jack Zarris

Jack Zarris is a Senior Sales Engineer with Signal Sciences. He has over 20 years of experience in the security industry, with focuses on web application and database security for on-prem and cloud hosted apps, product management, load balancing, and mobile device management and security.


Hosts

2. Interview - Highlights From the New Open Source Security and Risk Analysis Report - 01:00 PM-01:30 PM


Visit https://securityweekly.com/synopsys for more information!


Announcements

  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!

Description

The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.

To learn more about Synopsys, visit: https://securityweekly.com/synopsys


https://www.synopsys.com/software-integrity/resources/analyst-reports/2020-open-source-security-risk-analysis.html?cmp=pr-sig


Guest(s)

Tim Mackey

Tim Mackey is a principal security strategist within the Synopsys Cybersecurity Research Center. He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. Tim delivers talks globally at well-known events such as RSA, Black Hat, KubeCon, DevSecCon, and Red Hat Summit. Tim is also an O'Reilly Media published author and has been covered in publications around the globe including USA Today, Fortune, NBC News, CNN, and Dark Reading.


Hosts