Thunderdome Technique – ASW #131
Full Audio
View Show IndexSegments
1. Threat Modeling Deep Dive – ASW #131
We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models?
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Hosts
2. Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper – ASW #131
In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!
Hosts
- 1. Threat Modeling Manifesto
- 2. Drupal sites vulnerable to double-extension attacks
- 3. Botnets have been silently mass-scanning the internet for unsecured ENV files
- 4. DevSecOps Implementation: Source Composition Analysis – DevOps.com
- 5. Meet the Microsoft Pluton processor – The security chip designed for the future of Windows PCs – Microsoft Security
- 6. Announcing the Cloud Native Security White Paper
- 7. PhD Thesis: Greybox Automatic Exploit Generation for Heap Overflows in Language Interpreters
