ESW #276 – Matt McGuirk & Ian Glazer
Full Audio
View Show IndexSegments
1. Understanding Web Application Client-Side Risk – Matt McGuirk – ESW #276
Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat.
Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M
A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY
Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper
This segment is sponsored by Source Defense.
Visit https://securityweekly.com/sourcedefense to learn more about them!
Announcements
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Guest
Matt McGuirk is an expert in JavaScript, web technologies, and both client-side risk and client-side attacks. He has over 15 years of experience in web application development, website administration, and cybersecurity. Additionally, he has provided consultation and analysis to Fortune 50 companies on how best to secure their customer-facing web properties and business critical web applications. Matt lives in the American Northeast with his wife and two dogs.
Hosts
2. Salesforce’s Journey Towards Complete Customer MFA – Ian Glazer – ESW #276
In the Autumn of 2019, Salesforce started on an ambitious journey - to require all of their customers to use multi-factor authentication (MFA) as of February 2022. The journey required the collaboration of every product line and every business function within Salesforce. And the journey potentially required every single one of Salesforce’s customer to deploy new technology and to change all of their user’s behavior. Clearly this would be no simple journey, but it was one with massive rewards for everyone involved.
Join Ian Glazer as he discusses the impetus for Salesforce’s MFA push, the challenges of such a large scale endeavor, some of the setbacks and victories along the way, and, most importantly, what you can take from Salesforce’s journey towards complete customer MFA adoption and apply it in your own organization.
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Ian Glazer is the Senior Vice President for Identity Product Management, at Salesforce. His responsibilities include leading the product management team, product strategy and identity standards work. Prior to that, he was a research vice president and agenda manager on the Identity and Privacy Strategies team at Gartner, where he oversaw the entire team’s research. He is the co-founder IDPro, the professional organization for digital identity management, and works to deliver more services and value to the IDPro membership, raise funds for the organization, and help identity management professionals learn from one another. During his career in the identity industry, he has co-authored a patent on federated user provisioning, co-authored and contributed to user provisioning specifications, is a noted blogger, speaker, and photographer of his socks.
3. ReliaQuest, Mimecast Delisted, 57th Unicorn, Expired Certs, & CyberSec Skill Crisis – ESW #276
Finally, in the Enterprise Security News, Funding is back, in preparation for RSA! Devo raises $100M and becomes our 56th unicorn,
JupiterOne raises $70M and becomes our 57th unicorn! Open source projects get some security funding, 10 more funding announcements, Mimecast has been taken private and is now delisted from the NASDAQ, ReliaQuest acquires Digital Shadows, We talk about public and private market performance, The cybersecurity skills crisis gets worse, Expired certs + IoT devices = PAIN! All that and more, on this episode of Enterprise Security Weekly.
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.