Application Security Weekly Subscribe

Vulnerability Management, Cloud Security, Application security, DevSecOps

Talking Cookies – ASW #132

December 1, 2020

This week, we welcome back Tim Mackey, Principal Security Strategist at Synopsys, to talk about Security Decisions During Application Development! In the Application Security News, Xbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list!

Visit https://securityweekly.com/synopsys to learn more about them!

Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Security Decisions During Application Development – Tim Mackey – ASW #132

The security of any application is a function of the decisions made during development. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app.

This segment is sponsored by Synopsys.

Visit https://securityweekly.com/synopsys to learn more about them!

Sponsored By

Synopsys

Announcements

Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Guest

Tim Mackey

Tim Mackey

Principal Security Strategist at Synopsys

Tim Mackey is a principal security strategist for the Synopsys Cybersecurity Research Center. As a security strategist, he applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, large-scale data center operations, and global data privacy regulations to customer problems. An O’Reilly Media published author, Tim has also been covered in publications around the globe including Fortune, NBC News, Dark Reading, InfoSecurity Magazine, and The Straits Times.

Hosts

Mike Shema

Mike Shema

Tech Lead at Block

John Kinsella

John Kinsella

Co-founder & CTO at Cysense

Matt Alderman

Matt Alderman

VP, Product at Living Security

2. Top CyberSec Skills for 2021, Xbox Gamertag Bug, & MobileIron RCE Flaw – ASW #132

Xbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list!

Announcements

Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Mike Shema

Mike Shema

Tech Lead at Block

1. Critical MobileIron RCE Flaw Under Active Attack
for a bug disclosed and patched in June.
2. Xbox bug could have allowed hackers to link gamer tags with players’ emails
making identity in Fortnite less fortified than expected.
3. Prevention Is Better Than the Cure When Securing Cloud-Native Deployments
reiterates a tenet of DevOps -- the feedback loop.
4. Amazon: We’re hiring software engineers who know programming language Rust
gives us a chance to consider the influence of toolchains on security.
5. KubeCon Coverage: Incentivizing the DevSecOps Culture
gives us a chance to think about motivating teams to focus on prevention, toolchains, and feedback loops.
6. The DevOps Reading List: Choosing your next DevOps book
gives us some ways to learn more about DevOps.

John Kinsella

John Kinsella

Co-founder & CTO at Cysense

Matt Alderman

Matt Alderman

VP, Product at Living Security

Related

Incident Response

Making tabletop exercises better! – Ryan Fried – ESW #332

September 21, 2023

If you've ever played Dungeons & Dragons, you probably know that the quality of the experience depends on how prepared, experienced, and talented the Dungeon Master is. Today, we'll talk to InfoSec DM and practitioner extraordinaire Ryan Fried about some of the key elements that separate a good cybersecurity tabletop exercise from a bad one! T...

Vulnerability Management

Ncurses & Bad Things, LVFS is NOT a Backdoor, Physical Proximity, & Oh, Fortinet! – PSW #799

September 20, 2023

In the Security News: LVFS is not a backdoor, attackers are in physical proximity, when you need to re-cast risk, oh Fortinet, pre-installed backdoors again, deep down the rabbit hole, the buffer overflow is in your BIOS!, what is 345gs5662d34?, a cone is all you need, we are compliant because we said so but we lied, 10 years of updates, Microsoft ...

Vulnerability Management

Managing CyberRisk in a Mid-Cap Company – Walter Lefmann – CSP #140

September 19, 2023

MidCap enterprise security is challenge – SMB’s have all the needs of a large enterprise, but not the same large budget or army of defenders. We are also a "sweet spot" target for cybercriminals -- you have enough money to be worth some real effort, but again not a large army of defenders. MidCap is at the front lines of "doing more with less"! ...