Difference between revisions of "Asw131"

From Security Weekly Wiki
Jump to navigationJump to search
 
(7 intermediate revisions by the same user not shown)
Line 10: Line 10:
 
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 
************************* DO NOT EDIT THIS SECTION. THIS IS AUTO-GENERATED BY PPWORKS. YOUR CHANGES WILL BE LOST! ***************************
 
-->
 
-->
= 1. Fuzz Testing! - 12:30 PM-01:00 PM  =
+
= 1. Threat Modeling Deep Dive - 12:30 PM-01:00 PM  =
 
<!--   
 
<!--   
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
-->
 +
 +
<center>{{#ev:youtube|WbrhjMkkHaQ }}</center>
  
  
Line 26: Line 28:
 
=== Description ===
 
=== Description ===
  
Segment Description Coming Soon!
+
We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models?
  
  
 +
Articles
 +
- https://www.threatmodelingmanifesto.org
 +
- https://securityboulevard.com/2020/05/data-security-and-threat-models/
 +
- https://speakerdeck.com/abhaybhargav/agile-threat-modeling-as-code
  
  
==Guest(s)==
+
==Hosts==
  
  
===Andrei Serban===
+
==[https://twitter.com/@sawaba Adrian Sanabria]'s Content: ==
<gallery mode="nolines" widths=175px heights=175px>
+
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:AdrianSanabria-2.jpg
 +
</gallery>
 +
{{Template:ASW131TopicAdrianSanabria}}
  
Image:AndreiSerban-0.jpg|'''[https://twitter.com/@ndreiserban Andrei Serban]''' is Co-Founder at Fuzzbuzz<br>
+
==[https://twitter.com/@johnlkinsella John Kinsella]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:John_Kinsella-1.jpg
 +
</gallery>
 +
{{Template:ASW131TopicJohnKinsella}}
  
 +
==[https://twitter.com/@Codexatron Mike Shema]'s Content: ==
 +
<gallery mode="nolines" widths=150px heights=150px>
 +
Image:mike-shema-0.jpg
 
</gallery>
 
</gallery>
Andrei is the CEO and co-founder of Fuzzbuzz, a security startup based in San Francisco, that builds fuzz testing tools and infrastructure to help developers find severe vulnerabilities and bugs in their code with minimal effort. Today, Fuzzbuzz works with some of the largest tech companies to reduce the number of vulnerabilities that make it into production by enabling teams to fuzz test as part of their DevSecOps pipeline, finding bugs as soon as they get introduced.
+
{{Template:ASW131TopicMikeShema}}
  
Andrei studied Computer Science at University of Waterloo before dropping out to start Fuzzbuzz and accept the Thiel Fellowship.<br>
 
  
 +
= 2. Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper - 01:00 PM-01:30 PM  =
 +
<!-- 
 +
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 +
-->
  
==Hosts==
+
<center>{{#ev:youtube|F6iWOhK6vGs }}</center>
  
<gallery mode="nolines" widths=175px heights=175px>
 
  
Image:AdrianSanabria-2.jpg|<center>[https://twitter.com/@sawaba Adrian Sanabria]  - Senior Research Engineer at CyberRisk Alliance</center>
 
  
Image:John_Kinsella-1.jpg|<center>[https://twitter.com/@johnlkinsella John Kinsella]  - Chief Architect at Accurics</center>
+
=== Announcements ===
 +
<ul style="margin-left: 50px;">
  
Image:mike-shema-0.jpg|<center>[https://twitter.com/@Codexatron Mike Shema]  - Product Security Lead at Square</center>
+
<li> <p>Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam &amp; Andrea when we have upcoming webcasts &amp; technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could &#8220;hang&#8221; out with the Security Weekly crew &amp; community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe</p></li>
 
 
</gallery>
 
 
 
= 2. Application News - 01:00 PM-01:30 PM  =
 
<!-- 
 
************************* MAKE CHANGES IN THE TEMPLATES BELOW! ***************************
 
-->
 
  
 +
<li> <p>Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul&#8217;s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!</p></li>
  
 +
</ul>
  
 
=== Description ===
 
=== Description ===
  
In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis.
+
In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis!
  
  

Latest revision as of 20:10, 23 November 2020

Application Security Weekly Episode #131 - November 23, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Threat Modeling Deep Dive - 12:30 PM-01:00 PM


Announcements

  • In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models?


Articles - https://www.threatmodelingmanifesto.org - https://securityboulevard.com/2020/05/data-security-and-threat-models/ - https://speakerdeck.com/abhaybhargav/agile-threat-modeling-as-code


Hosts

Adrian Sanabria's Content:

Template:ASW131TopicAdrianSanabria

John Kinsella's Content:

Template:ASW131TopicJohnKinsella

Mike Shema's Content:

Template:ASW131TopicMikeShema


2. Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper - 01:00 PM-01:30 PM


Announcements

  • Would you like to have all of your favorite Security Weekly content at your fingertips? Do you want to hear from Sam & Andrea when we have upcoming webcasts & technical trainings? Have a question for one of our illustrious hosts, someone from the Security Weekly team, or wish you could “hang” out with the Security Weekly crew & community? Subscribe on your favorite podcast catcher, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

Description

In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis!


Hosts

Adrian Sanabria's Content:

Articles

John Kinsella's Content:

Articles

Mike Shema's Content:

Articles