Difference between revisions of "ASWEpisode89"

From Paul's Security Weekly
Jump to: navigation, search
(News)
Line 40: Line 40:
 
* [https://www.portal.reinvent.awsevents.com/connect/sessionDetail.ww?SESSION_ID=99692&csrftkn=4XP9-U8C5-0TGY-PJW6-G1VZ-DZPN-EZC3-HI1H Speculation & leakage: Timing side channels & multi-tenant computing] from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model.
 
* [https://www.portal.reinvent.awsevents.com/connect/sessionDetail.ww?SESSION_ID=99692&csrftkn=4XP9-U8C5-0TGY-PJW6-G1VZ-DZPN-EZC3-HI1H Speculation & leakage: Timing side channels & multi-tenant computing] from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model.
 
* [https://medium.com/swlh/how-to-integrate-security-on-the-devops-pipeline-e36dea836d7b How can we integrate security into the DevOps pipelines?] By picking from many of the great resources in this article.
 
* [https://medium.com/swlh/how-to-integrate-security-on-the-devops-pipeline-e36dea836d7b How can we integrate security into the DevOps pipelines?] By picking from many of the great resources in this article.
 +
* [https://www.computerweekly.com/feature/Using-CI-CD-to-turn-ideas-into-software-quickly Using CI/CD to turn ideas into software – quickly]
  
 
===== Food for Thought =====
 
===== Food for Thought =====

Revision as of 16:47, 16 December 2019

Recorded December 16, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • John Kinsella
    is the Vice President of Container Security for Qualys.
  • Mike Shema
    is the Product Security Lead of Square.
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
    • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
    • Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.


    Interview: Dave Ferguson, Qualys

    Dave Ferguson
    is the Director of Product Management, WAS at Qualys.
    Dave Ferguson is Director of Product Management for Web Application Security at Qualys. After writing code and developing applications for over a decade, Dave transitioned to focus on application security. Prior to Qualys, he led the global application security program at Sabre Corporation and worked as a Principal Consultant at FishNet Security (now Optiv). Dave is the author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.

    Segment Topic:
    API Security – finding flaws, fixing them, and creating effective solutions

    Segment Description:
    Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers.

    Segment Resources:



    News

    Bugs, Breaches, and More!
    If you build it, they will come
    Learning & Tools
    Food for Thought


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+