Remote access, Container security, Mobile, Application Isolation

ASW #156

June 28, 2021



In this segment with Clint Gibler, learn:

  • Why secure defaults are higher ROI than finding vulnerabilities
  • How modern AppSec teams are working with their engineering counterparts
  • Targeting vulnerability classes, avoiding bug whack-a-mole
  • The latest innovations in lightweight static analysis

Segment Resources:
https://semgrep.dev/ https://github.com/returntocorp/semgrep https://github.com/returntocorp/semgrep-rules 2020 GlobalAppSec SF https://docs.google.com/presentation/d/14PjOViz2dE6iToOyoFk_BQ_RUfkEHGX-celIiybDQZA/edit https://tldrsec.com/ Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Scaling Your Application Security Program

Guests

Clint Gibler

Clint Gibler – Head of Security Research at r2c

@clintgibler

Clint Gibler is the Head of Security Research for r2c, a startup working on giving security tools directly to developers. Previously, Clint was a Research Director at NCC Group, a global security consulting firm, where he helped companies implement security automation and DevSecOps best practices as well as performed penetration tests for companies ranging from large enterprises to new startups. Clint has previously spoken at conferences including BlackHat USA, AppSec USA/EU/Cali, BSidesSF, and many DevSecCons. Clint holds a Ph.D. in Computer Science from the University of California, Davis. Want to keep up with security research? Check out *tl;dr sec*, Clint’s newsletter that contains summaries of artisanally curated, top talks and useful security links and resources from around the web. https://tldrsec.com/

Hosts

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance

@sawaba

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

John Kinsella

John Kinsella – Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • In our July 14th democast at 11 AM ET, learn how to reveal and protect your entire attack surface. Then join us July 15 at 11 AM ET to learn how a thoughtful approach to SASE can improve security and enable scalability. Finally, in our July 22nd technical training at 11 AM ET, learn how Guided-SaaS NDR Enables Rapid Response. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand



This week in the AppSec News: Visual Studio Code’s Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & “Ransomware: maybe it’s you, not them?”, and more! Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Semgrep, Microsoft Signs With Rootkits, ATT&CK/D3FEND, & Injured Android

Hosts

Adrian Sanabria

Adrian Sanabria – Senior Research Engineer at CyberRisk Alliance

@sawaba

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

John Kinsella

John Kinsella – Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

prestitial ad