Mike, John, and Matt review the presentation given by Clint Gilber at AppSec Cali, An Opinionated Guide to Scaling Your Company’s Security.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Scaling an AppSec Program

AppSec Cali presentation from Clint Gilber, An Opinionated Guide to Scaling Your Company’s Security

• TL;DR Sec has more of Clint’s collection of security references

Hosts

John Kinsella – Vice President of Container Security

Matt Alderman – CEO

Mike Shema – Product Security Lead

Guests

Announcements

• Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
• Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
• Attend RSA Conference 2020, February 24-28 in San Francisco, CA! Visit securityweekly.com/rsac2020 to sponsor an interview with us on-site at the conference or register using our code to save $150!

This week in the Application Security News, Mike, John, and Matt cover the following news stories: Xbox Bounty Program, Magento 2.3.4 Patches Critical Code Execution Vulnerabilities, Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure, RCE in OpenSMTPD library impacts BSD and Linux distros, Fintechs divided on screen scraping ban, and Zero trust architecture design principles.

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Xbox Bounty Program, Magento Patch, RCE in OpenSMTPD

Flaws, Breaches, & Threats

• Xbox Bounty Program unlocks achievements for security researchers.
• Magento 2.3.4 Patches Critical Code Execution Vulnerabilities that include deserialization and path traversal.
• Remote Cloud Execution – Critical Vulnerabilities in Azure Cloud Infrastructure covers SSRF and part two covers RCE in the Azure Stack.
• RCE in OpenSMTPD library impacts BSD and Linux distros that sneaks shell commands into an invalid local part of an address.

Food for Thought

• Fintechs divided on screen scraping ban
• Zero trust architecture design principles from the UK National Cyber Security Center.

Hosts

John Kinsella – Vice President of Container Security

Matt Alderman – CEO

Mike Shema – Product Security Lead

Guests

Announcements

• Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
• Join us at InfoSecWorld 2020 – March 30 – April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
• Attend RSA Conference 2020, February 24-28 in San Francisco, CA! Visit securityweekly.com/rsac2020 to sponsor an interview with us on-site at the conference or register using our code to save $150!