DevOps, DDOS, Patch Management, Deception

ASW #108

May 19, 2020

Sponsored By

sponsor
Visit https://securityweekly.com/synopsys for more information!

The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.

To learn more about Synopsys, visit: https://securityweekly.com/synopsysVisit https://www.securityweekly.com/asw for all the latest episodes!
Full Episode Show Notes

Highlights From the New Open Source Security and Risk Analysis Report

https://www.synopsys.com/software-integrity/resources/analyst-reports/2020-open-source-security-risk-analysis.html?cmp=pr-sig

Hosts

John Kinsella

John Kinsella – Vice President of Container Security

Matt Alderman

Matt Alderman – CEO

Mike Shema

Mike Shema – Product Security Lead

Guests

Tim Mackey

Tim Mackey – Principal Security Strategist

Announcements

  • Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code “SecurityWeekly” before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!

Sponsored By

sponsor
Visit https://securityweekly.com/signalsciences for more information!

Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.

To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciencesVisit https://www.securityweekly.com/asw for all the latest episodes!
Full Episode Show Notes

Using Rate Limiting to Protect Web Apps and APIs

Hosts

John Kinsella

John Kinsella – Vice President of Container Security

Matt Alderman

Matt Alderman – CEO

Mike Shema

Mike Shema – Product Security Lead

Guests

Jack Zarris

Jack Zarris – Senior Sales Engineer

Announcements

  • Join us at InfoSecWorld 2020 – June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!
prestitial ad