Third-party risk, Pen testing, Bug bounties, Threat modeling

ASW #144

March 22, 2021



Sponsored By


sponsor
Visit https://securityweekly.com/detectify for more information!

Security is struggling to keep up with securing modern web applications and the fast pace of wild web hacks. Detectify is building automated app scanners that can think like a hacker and shorten vulnerability detection time down to minutes and hours, whilst helping ethical hackers do bug bounty/disclosures in a scalable way.

This segment is sponsored by Detectify.

Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Approaching AppSec Like a Hacker

Guests

Johanna  Ydergard

Johanna Ydergard – VP of Detectify Crowdsource at Detectify

@ydergard

Johanna Ydergard, VP of Detectify Crowdsource, heads up the strategic direction and development of Detectify Crowdsource, the company’s ethical hacker community and vulnerability research platform. There are only a few thousand skilled ethical hackers in the world today, and her mission is to spread their knowledge through automation, broaden their impact, and put it into the hands of those who need it most to make the Internet a safer place. Previous to this, she worked at Bain & Company as a management consultant.

Roberto Giachetta

Roberto Giachetta – Engineering Manager at Detectify

Roberto Giachetta is currently the Engineering Manager of Scanning Engines at Detectify. He is leading the team to build new and innovative scanning technology to keep customers and the web secure.

Hosts

John Kinsella

John Kinsella – Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Product Security Lead at Square

@Codexatron

Mike Shema is the Product Security Lead of Square

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

  • Our next live webcast will be on April 29th at 11am ET where you will learn how to prepare for modern ransomware attacks! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Audio



In the AppSec News: Supply chain security in Azure SDK and macOS Xcode, GitHub’s postmortem on a session handling flaw, six GCP vulns from 2020, & information resources for hacking the cloud! Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Supply Chains in Azure SDK/Xcode, GitHub Sessions, & GCP VRP

Hosts

John Kinsella

John Kinsella – Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Product Security Lead at Square

@Codexatron

Mike Shema is the Product Security Lead of Square

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Audio

prestitial ad