Topics
Industry
Events
Podcasts
Research
Recognition
Leadership
Application Security WeeklySubscribe
DevOps, IOT, Endpoint Security, Endpoint Security

ASW #149

May 3, 2021
Section 0



Rey will be digging into the developer security training conundrum based on his own experiences with secure coding and security training. He’ll cover:

• The types of security training that work
• The role of security champions
• How the security and development teams can work together to ensure code is create securely from the start Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Why Developers Need to Think Differently About Software Security

Guests

Rey Bango

Rey Bango – Developer and Security Advocate at Veracode

@reybango

Rey is a security practitioner and tinker. After spending nearly 30 years in software development, he got the crazy idea to switch to security. Now he focuses on helping developers build more secure software at Veracode.

Hosts

John Kinsella

John Kinsella – Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Product Security Lead at Square

@Codexatron

Mike Shema is the Product Security Lead of Square

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Our next technical training will be on May 6th at 11am ET exploring common misconfigurations of NGINX, the damage they could do, and how to avoid them! Next up, see how attackers gain access to endpoints and learn defensive strategies to protect against those attacks in our May 13th technical training also at 11am ET! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Section 1



This week in the AppSec News: Microsoft discloses “BadAlloc” bugs, macOS Gatekeeper logic falters, authentication issues in KDCs and ADs, Spectre gains another vector, followup on the UMN Linux kernel vulns study! Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

BadAlloc Vulns, Gatekeeper Bypass, & More Spectre in Micro-Op Caches

Hosts

John Kinsella

John Kinsella – Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Product Security Lead at Square

@Codexatron

Mike Shema is the Product Security Lead of Square

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2021 All Access Pass! RSA Conference will be a fully virtual experience from May 17th-20th, 2021. Security Weekly will be live streaming Monday-Thursday in the virtual broadcast alley, interviewing some of the top sponsors and speakers for the event. To register using our discount code, please visit https://securityweekly.com/rsac2021 [securityweekly.com] and use the code 5U1CYBER! We hope to “see” you there!

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

Related

Zero trust
Few IT pros say they have ‘mastered’ security in cloud-native environments

Steve ZurierMay 20, 2022

Security researchers say managing hybrid- and multi-cloud environments has become more complex than ever – and that’s why so few are confident of security in the cloud.

DevOps
CEO David Stewart talks about how Approov’s cloud-native technology protects API keys

Steve ZurierMay 19, 2022

Approov plans to expand its staff fivefold in the next few years as it focuses on using the cloud to protect API secrets for customers.

DevOps
Open Source Burnout: An opening to more security gaps?

Mike McGuire May 17, 2022

Companies need to take care of their developers – or face even more security issues down the road.

prestitial ad

About Us
SC MediaCyberRisk AllianceContact UsCareersPrivacy
Get Involved
SubscribeContribute/SpeakAttend an eventJoin a peer groupPartner With Us
Explore
Product reviewsResearchWhite papersWebcastsPodcasts

Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.