Backup & Restore – ASW #89
Full Audio
View Show IndexSegments
1. API Security – Dave Ferguson – ASW #89
Dave Ferguson is the Director of Product Management, WAS at Qualys. Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers.
Full Show Notes: https://securityweekly.com/qualys
Guest
Dave Ferguson is Director of Product Management for Web Application Security at Qualys. After writing code and developing applications for over a decade, Dave transitioned to focus on application security. Prior to Qualys, he led the global application security program at Sabre Corporation and worked as a Principal Consultant at FishNet Security (now Optiv). Dave is the author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.
Hosts
2. Binary Planting, GitLab, and DevOps Pipelines – ASW #89
Binary Planting with the npm CLI is another way to describe one of our favorite attacks, GitLab Doles Out Half a Million Bucks to White Hats, Speculation & leakage: Timing side channels & multi-tenant computing from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model, How can we integrate security into the DevOps pipelines? By picking from many of the great resources in this article, Go passwordless to strengthen security and reduce costs -- and design your app to support these types of workflows, including account recovery.
Guest
Dave Ferguson is Director of Product Management for Web Application Security at Qualys. After writing code and developing applications for over a decade, Dave transitioned to focus on application security. Prior to Qualys, he led the global application security program at Sabre Corporation and worked as a Principal Consultant at FishNet Security (now Optiv). Dave is the author of the OWASP Forgot Password Cheat Sheet and holds CISSP and CSSLP certifications.