Topics
Industry
Events
Podcasts
Research
Recognition
Leadership
Application Security WeeklySubscribe

ASW #90

January 6, 2020
Section 0

 

 

This week on Application Security Weekly, Mike Shema and Matt Alderman discuss Privacy by Design – The 7 Foundational Principles. This discussion includes these topics: Proactive not Reactive; Preventative not Remedial, Privacy as the Default, Privacy Embedded into Design, Full Functionality – Positive-Sum, not Zero-Sum, End-to-End Security – Lifecycle Protection, Visibility and Transparency, Respect for User Privacy, and OWASP API Security Project.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Privacy by Design

Segment Resources:

  • Privacy by Design – The 7 Foundational Principles
    • Proactive not Reactive; Preventative not Remedial
    • Privacy as the Default
    • Privacy Embedded into Design
    • Full Functionality – Positive-Sum, not Zero-Sum
    • End-to-End Security – Lifecycle Protection
    • Visibility and Transparency
    • Respect for User Privacy
  • How to Read a Privacy Policy
  • OWASP API Security Project

Hosts

Matt Alderman

Matt Alderman – CEO
Mike Shema

Mike Shema – Product Security Lead

Guests

Announcements

  • Our next webcast is January 15th with Cecilia Marinier, RSAC Program Director, Innovation & Scholars where we will discuss RSAC Sandbox, RSAC Innovation Sandbox, RSAC Launch Pad, RSAC Security Scholar and their “How to” Seminar for Innovators and Entrepreneurs! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
  • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and using our code to register!
http://traffic.libsyn.com/sw-all/ASW_90_-_Privacy_by_Design-0_converted.mp3
Section 1

 

 

This week, on the Application Security News, Mike Shema and Matt Alderman discuss Featured Flaws and Big Breaches (Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager), Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs).

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Application News

Featured Flaws & Big Breaches
  • Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager, including three critical authentication bypass vulnerabilities. — Not likely common software among the DevOps crowd, but the variety of vulns reads like a review of the OWASP Top 10 list. Looks like 2020 will keep plenty of app flaws alive and well.
Cloud, Code & Controls
  • Python is dead. Long live Python! — Version 3 from here on out. (Unless you really have to delay until April.)
  • Why Cloud, Collaboration Breed Insider Threats — Automation still needs access controls.
Learning & Tools
  • Breaking Down the OWASP API Security Top 10, Part 1 and Part 2 — Two older articles that serve as good reminders about the OWASP API Security Top 10. It’s a more relevant and meaningful list than its OWASP Top 10 predecessor.
Food for Thought
  • Facebook will stop mining contacts with your 2FA number
  • 6 Security Team Goals for DevSecOps in 2020
  • 7 security incidents that cost CISOs their jobs — Application security has consequences, but the message here isn’t about job security.

Hosts

Matt Alderman

Matt Alderman – CEO
Mike Shema

Mike Shema – Product Security Lead

Guests

Announcements

  • Our next webcast is January 15th with Cecilia Marinier, RSAC Program Director, Innovation & Scholars where we will discuss RSAC Sandbox, RSAC Innovation Sandbox, RSAC Launch Pad, RSAC Security Scholar and their “How to” Seminar for Innovators and Entrepreneurs! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
  • Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
  • Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and using our code to register!
http://traffic.libsyn.com/sw-all/ASW_90_-_Application_News-0_converted.mp3

Related

prestitial ad
About Us
SC MediaCyberRisk AllianceContact UsCareersPrivacy
Get Involved
SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us
Explore
Product reviewsResearchWhite papersWebcastsPodcasts

Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.