Difference between revisions of "Episode557"
(added my stories)
|Line 60:||Line 60:|
== Larry's Stories ==
== Larry's Stories ==
Revision as of 20:03, 26 April 2018
Paul's Security Weekly #557
Recorded April 26, 2018 at G-Unit Studios in Rhode Island!
- Go to itpro.tv/securityweekly and use the code Secweekly30 to try it FREE for 7 days, and receive 30% off your monthly membership for the lifetime of your active subscription.
- Check out our On-Demand material! Some of our previously recorded webcasts are now available On-Demand at: securityweekly.com/ondemand.
- Check out SOURCE Boston 2018 from May 9th - 10th! Go to sourceconference.com and register using the code SW75WMKW to get a $75 discount!
Interview: Ferruh Mavituna, Netsparker - 6:00PM-6:45PM
Ferruh Mavituna is the Founder and Product Manager of Netsparker. He developed the first and only proof-based web security scanner with state-of-the-art, accurate vulnerability detection and exploitation features, used by thousands companies around the world today. From 2002-2006, he worked for Turkish Army and Police. Ferruh is a frequent speaker at several conferences about Web Application Security and has released several research papers and tools. Netsparker Hawk: https://www.netsparker.com/blog/docs-and-faqs/netsparker-hawk-detects-ssrf-out-of-band-vulnerabilities/
- Why does dynamic web application security testing in the SDLC matter?
- Finding bugs early in the process is less expensive
- The code is still fresh in the developer's mind
- In DevOps, it is important to have a continuous feedback loop to support continuous release cycles
- Developers are constantly learning how to write more secure code
- What are the common problems associated with implementing DAST / SAST / IAST and similar solutions in SDLC?
- Why don't we see DAST in SDLC in many organizations?
- Perception of false positives
- Potential impacts on performance
- The Lopsided nature of application security teams vs. the size of apps / websites / enterprises security needs
- Integrating DAST into the SDLC is the solution because:
- The SDLC is the right place to tackle the problem
- Automation is a requirement to keep pace with the speed and volume of development
Tech Seg: Jeff Man, Recap of RSA - 6:45-7:45PM
Some other people's opinions on RSA:
- Is it time to kill the pen test? | Salted Hash Ep 22
- HackerOne CEO Talks Bug Bounty Programs at RSA Conference
- Is Cyber-Security Getting Better or Getting Worse?
- DevOps Connect: DevSecOps Day at RSA demonstrates how the thinking around secure software has evolved
Security News - 7:45PM-8:30PM
- Website down! DDoS-for-hire site Webstresser shut by crime agencies
- Western Digital My Cloud EX2 NAS Device Leaks Files
- Equifax has spent $242.7 million on its data breach so far | ZDNet
- Startup Offers $3 Million to Anyone Who Can Hack the iPhone
- Beyond CI/CD: How Continuous Hacking of Docker Containers and Pipeline Driven Security Keeps Ygrene Secure - The New Stack
- John McAfee-Backed Cryptocurrencys Thousands of Investors Exposed in Data Breach
- New Tool Detects Evil Maid Attacks on Mac Laptops | SecurityWeek.Com
- A Step-by-Step Guide to Making Your Penetration Test a Success
- New Skill Let Amazon Alexa Spy on Users
- It's Time to Take GitHub Threats Seriously
- Hijack of Amazons internet domain service used to reroute web traffic for two hours unnoticed
- Hackers find devious way to break into hotel rooms
- OMG The Stupid It Burns
- Advanced Hackers Infect X-Ray Machines In Healthcare Espionage
OT Story Of The Week
- Fight to Get SMBs PCI Compliant a Losing Battle
- Cost of cyber breaches to middle market businesses quadruples
- Ransomware, healthcare and incident response: Lessons from the Allscripts attack (Part 1)
- Customers describe the impact of the Allscripts ransomware attack (Part 2)
- SamSam explained: Everything you need to know about this opportunistic group of threat actors (Part 3)
- Yahoo’s Successor to Pay $35 Million in Settlement Over Cyberbreach