- 1 Application Security Weekly Episode #128 - November 02, 2020
- 2 1. Azure App Service and Cloud-native Signal Sciences Deployments - 12:30 PM-01:00 PM
- 3 2. Application News - 01:00 PM-01:30 PM
Application Security Weekly Episode #128 - November 02, 2020
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Azure App Service and Cloud-native Signal Sciences Deployments - 12:30 PM-01:00 PM
Discussing what enterprises have to do while adapting legacy apps in to Azure, while doing in a secure, steady way without leaving any gaps. Signal Sciences site extension makes sure your apps are covered across the board, and will protect any app in Azure.
Alfred Chung is Sr. Product Manager at Signal Sciences
Alfred Chung is a senior product manager at Signal Sciences responsible for modules and the product deployment experience. Prior to Signal Sciences he worked on various enterprise security products in the endpoint security, vulnerability management, and application security spaces.
John Kinsella - Vice President of Container Security at Qualys Matt Alderman - CEO at Security Weekly Mike Shema - Product Security Lead at Square
2. Application News - 01:00 PM-01:30 PM
Segment Description Coming Soon!
John Kinsella's Content:
Matt Alderman's Content:
Mike Shema's Content:
- Exit Stage Left: Eradicating Security Theater from processes and policies in how we build secure software. Check out the video as well. It's an important topic that we wanted to revisit from last episode.
- Lax Security Exposes Smart-Irrigation Systems to Attack Across the Globe also revisits consequence-driven engineering from last episode, and shows why passwordless defaults have different context based on what the device is meant to do. Industrial music on your IoT speakers is a little different than industrial systems on your IoT.
- Update for the removal of Adobe Flash Player: October 27, 2020 shows how to truly end-of-life an application -- you have to downgrade or restore your system to before this patch if you ever want to use Flash again (you don't).
- AWS Nitro Enclaves – Isolated EC2 Environments to Process Confidential Data based on a system that can attest to the integrity of its boot process and similar to Asylo on GCP.
- Home Depot Confirms Data Breach in Order Confirmation SNAFU is a good reminder that data breaches don't always need an external compromise or a cloud misconfiguration -- system errors and software mistakes can be just as dangerous, and can be just as important to your threat modeling discussions.
- Link Previews: How a Simple Feature Can Have Privacy and Security Risks in all sorts of apps, from email to chat to web sites with user-generated content. Most apps that process links have to consider these implications, which means most DevOps teams should be adding them to threat modeling discussions.
- Getting started in macOS security has some useful resources for macOS security. And, of course, there's the Apple Platform Security documentation that gives an overview of security components.