Container security, DevOps, Cloud Security, Bug bounties

ASW #137

January 25, 2021

 


 

Sponsored By

 


sponsor
Visit https://securityweekly.com/GitLab for more information!

 

It’s analyst season with the new Forrester Wave on SAST recently published as well as Gartner’s Application Security Testing Magic Quadrant publishing in April. We’ll talk about what are analyst reports, how should you use them, and how should you interpret placement on them as I like to call it, reading the analyst tea leaves.

This segment is sponsored by GitLab.

Visit https://securityweekly.com/GitLab to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Reading Industry Analyst Tea Leaves To Predict The Future

GitLab’s List of Security Analyst Reports – https://about.gitlab.com/direction/secure/static-analysis/sast/#analyst-landscape

2021 Forrester Wave – https://www.forrester.com/report/The+Forrester+Wave+Static+Application+Security+Testing+Q1+2021/-/E-RES162015
– 2020 Gartner AST Magic Quadrant – https://about.gitlab.com/resources/report-gartner-mq-ast/
– GigaOm 2020 DevSecOps Tool Radar Report – https://gigaom.com/report/gigaom-radar-for-evaluating-devsecops-tools/
– G2 Peer Reviews Quadrant – https://www.g2.com/categories/static-application-security-testing-sast#grid

Guests

Taylor McCaslin

 

Taylor McCaslin –

Sr. Product Manager – Secure at GitLab

Hosts

John Kinsella

 

John Kinsella –

Chief Architect at Accurics

Mike Shema

 

Mike Shema –

Product Security Lead at Square

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • Learn how to conquer cloud complexity in our first webcast of 2021, this Thurs, Jan 28th 11am ET! Next Thurs, Feb 4th 11am ET, in our first technical training of 2021, you’ll Learn How to Manage Insider Risks in the Work-from-Anywhere World! Register at https://securityweekly.com/webcasts. If you missed any of our 2020 webcasts or technical trainings, they are available at https://securityweekly.com/ondemand



An overflow and a flawed regex paint an RCE picture for Kindle, messaging apps miss the message on secure state machines, three pillars of a data security strategy for the cloud, where DoH might fit into appsec, and all the things that can go wrong when you give up root in your Kubernetes pod. Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

KindleDrip, State of Messaging State Machines, DoH, & Data Security Strategies

Hosts

John Kinsella

John Kinsella –

Chief Architect at Accurics

Mike Shema

Mike Shema –

Product Security Lead at Square

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

Audio

prestitial ad