Difference between revisions of "ASWEpisode90"

From Security Weekly Wiki
Jump to navigationJump to search
 
(9 intermediate revisions by 2 users not shown)
Line 2: Line 2:
  
 
== Episode Audio ==
 
== Episode Audio ==
<!--
+
 
 
<div align="center">
 
<div align="center">
 
{{#widget:SoundCloud
 
{{#widget:SoundCloud
|id=651835745
+
|id=739613473
 
|width=75%
 
|width=75%
 
|height=100
 
|height=100
Line 12: Line 12:
 
}}
 
}}
 
</div>
 
</div>
-->
+
 
 
==Hosts==
 
==Hosts==
 +
{{Template:Shema}}
 
{{Template:Matt}}
 
{{Template:Matt}}
{{Template:Kinsella}}
 
{{Template:Shima}}
 
  
 
== Announcements ==
 
== Announcements ==
Line 22: Line 21:
 
<br>
 
<br>
  
= Discussion Topic: Privacy by Design =
+
= Topic: Privacy by Design =
 
<br>'''Segment Resources:'''<br>
 
<br>'''Segment Resources:'''<br>
* ...
+
* [https://iapp.org/resources/article/privacy-by-design-the-7-foundational-principles/ Privacy by Design - The 7 Foundational Principles]
 +
** Proactive not Reactive; Preventative not Remedial
 +
** Privacy as the Default
 +
** Privacy Embedded into Design
 +
** Full Functionality – Positive-Sum, not Zero-Sum
 +
** End-to-End Security – Lifecycle Protection
 +
** Visibility and Transparency
 +
** Respect for User Privacy
 +
* [https://oag.ca.gov/privacy/facts/online-privacy/privacy-policy How to Read a Privacy Policy]
 +
* [https://www.owasp.org/index.php/OWASP_API_Security_Project OWASP API Security Project]
 +
 
 
<br><br>
 
<br><br>
 
==News==
 
==News==
  
 
===== Featured Flaws & Big Breaches =====
 
===== Featured Flaws & Big Breaches =====
 
+
* [https://www.tenable.com/blog/cve-2019-15975-cve-2019-15976-cve-2019-15977-critical-authentication-bypass-vulnerabilities-in Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager, including three critical authentication bypass vulnerabilities.] -- Not likely common software among the DevOps crowd, but the variety of vulns reads like a review of the OWASP Top 10 list. Looks like 2020 will keep plenty of app flaws alive and well.
  
 
===== Cloud, Code & Controls =====
 
===== Cloud, Code & Controls =====
  
 +
* [https://nakedsecurity.sophos.com/2020/01/03/python-is-dead-long-live-python/ Python is dead. Long live Python!] -- Version 3 from here on out. (Unless you really have to delay until April.)
 +
* [https://threatpost.com/why-cloud-collaboration-insider-threats/151272/ Why Cloud, Collaboration Breed Insider Threats] -- Automation still needs access controls.
  
 
===== Learning & Tools =====
 
===== Learning & Tools =====
  
 +
* [https://devops.com/breaking-down-the-owasp-api-security-top-10-part-1/ Breaking Down the OWASP API Security Top 10, Part 1] and [https://devops.com/breaking-down-the-owasp-api-security-top-10-part-2/ Part 2] -- Two older articles that serve as good reminders about the OWASP API Security Top 10. It's a more relevant and meaningful list than its OWASP Top 10 predecessor.
  
 
===== Food for Thought =====
 
===== Food for Thought =====
 +
 +
* [https://nakedsecurity.sophos.com/2019/12/23/facebook-will-stop-mining-contacts-with-your-2fa-number/ Facebook will stop mining contacts with your 2FA number]
 +
* [https://www.darkreading.com/application-security/6-security-team-goals-for-devsecops-in-2020/d/d-id/1336701 6 Security Team Goals for DevSecOps in 2020]
 +
* [https://www.csoonline.com/article/3510640/7-security-incidents-that-cost-cisos-their-jobs.html 7 security incidents that cost CISOs their jobs] -- Application security has consequences, but the message here isn't about job security.

Latest revision as of 16:48, 13 January 2020

Recorded January 6, 202 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Mike Shema
    is the Product Security Lead of Square.
  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Topic: Privacy by Design


    Segment Resources:



    News

    Featured Flaws & Big Breaches
    Cloud, Code & Controls
    Learning & Tools
    Food for Thought