Security Weekly
Application Security WeeklySubscribe
Cloud Security, Security Staff Acquisition & Development, DevSecOps

Fabric of Confidence – ASW #98

This week, we welcome Dan Petit, to discuss his upcoming 2-day workshop at InfoSec World 2020! The workshop is a "deep survey" into all things DevSecOps. In the Application Security News, CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020!

Visit https://www.securityweekly.com/asw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. InfoSec World Workshop: DevSecOps and Cultural Transformation – Dan Petit – ASW #98

Dan discusses his upcoming 2-day workshop at InfoSec World. The workshop is a "deep survey" into all things DevSecOps.

Guest

Dan Petit
Dan Petit
Principal DevOps Architect at Undisclosed

Dan Petit has been deep in the development world for most of his working life, serving as a developer, consultant, architect, and technical leader for a wide variety of companies in the aerospace, telecommunications, insurance, hospitality, logistics, and service industries. Throughout his career, Dan and his teams have been responsible for large-scale DevOps adoption and transformations, reducing cycle time of application changes from weeks to hours across dozens of agile development teams.

Hosts

Mike Shema
Mike Shema
Tech Lead at Block
John Kinsella
John Kinsella
Co-founder & CTO at Cysense
Matt Alderman
Matt Alderman
VP, Product at Living Security

2. Ghsotcat, Apache, NeTworks, Starliner – ASW #98

CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol.

IMP4GT: IMPersonation Attacks in 4G NeTworks demonstrates a proven insecurity on a layer above provably secure protocol, Boeing implementing more rigorous testing of Starliner after software problems shows how problems in cloud computing will be just the same in star systems, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple’s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020.

Hosts

Mike Shema
Mike Shema
Tech Lead at Block
John Kinsella
John Kinsella
Co-founder & CTO at Cysense
Matt Alderman
Matt Alderman
VP, Product at Living Security

Related