- 1 Application Security Weekly Episode #108 - May 18, 2020
- 2 1. Interview - Using Rate Limiting to Protect Web Apps and APIs - 12:30 PM-01:00 PM
- 3 2. Interview - Highlights From The New Open Source Security and Risk Analysis (OSSRA) Report - 01:00 PM-01:30 PM
Application Security Weekly Episode #108 - May 18, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Interview - Using Rate Limiting to Protect Web Apps and APIs - 12:30 PM-01:00 PM
- Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
- Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.
Jack Zarris is a Senior Sales Engineer with Signal Sciences. He has over 20 years of experience in the security industry, with focuses on web application and database security for on-prem and cloud hosted apps, product management, load balancing, and mobile device management and security.
2. Interview - Highlights From The New Open Source Security and Risk Analysis (OSSRA) Report - 01:00 PM-01:30 PM
- Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
- Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.
Tim Mackey is Principal Security Strategist at Synopsys
Tim Mackey is a principal security strategist within the Synopsys Cybersecurity Research Center. He joined Synopsys as part of the Black Duck Software acquisition where he worked to bring integrated security scanning technology to Red Hat OpenShift and the Kubernetes container orchestration platforms. Tim delivers talks globally at well-known events such as RSA, Black Hat, KubeCon, DevSecCon, and Red Hat Summit. Tim is also an O'Reilly Media published author and has been covered in publications around the globe including USA Today, Fortune, NBC News, CNN, and Dark Reading.