Security and Compliance Weekly Subscribe

Application security, Compliance Management

How Backdoors Lead To Breaches & GRC Compliance Issues – David Mundhenk, Ivan Tsarynny – SCW #48

October 20, 2020

The client-side or the front end of web applications, aka ‘digital user experience’, actively ingests customer/user information via forms. As the web app's front-end code runs on unmonitored devices, many application security flaws are being leveraged by malware and malicious actors to capture credentials, financial transactions, payment card data, and permit legitimate third-party vendor tools to facilitate unauthorized access or theft of sensitive data causing damages from tens of thousands to hundreds of millions of dollars.

Full episode and show notes

Announcements

Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it's too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Guests

David Mundhenk

Principal Security Consultant at Herjavec Group

David Mundhenk is an information security, governance, risk and compliance consultant with extensive multi-organizational experience providing a myriad of professional security services to business & government entities worldwide. David has worked as a computer and network systems security professional for 28 years. David’s experience covers a broad spectrum of security disciplines including security compliance assessments, security product quality assurance, vulnerability scanning, penetration testing, application security assessments, network and host intrusion detection/prevention, disaster and recovery planning, protocol analysis, formal security training instruction, and social engineering. David has successfully completed 200+ PCI DSS assessments, and scores of PA-DSS assessments.

Ivan Tsarynny

Co-Founder and CEO at Feroot Security

http://feroot.com/

Ivan Tsarynny is CEO and Co-Founder of Feroot Security, Member GDPR Advisory Committee at Standard Council of Canada, and is based in Toronto, Canada.

Hosts

Sr. InfoSec Consultant at Online Business Sytems

https://www.obsglobal.com/

CEO at AGNES Intelligence

http://agnesintel.com/

Founder at Guardedrisk

CEO at Red Lion

https://redlion.io

Related

Application security

XZ & Open Source, PuTTY’s Private Keys, LeakyCLI, LLMs Writing Exploits – ASW #282

April 22, 2024

CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more!

Application security

Sustainable Funding of Open Source Tools – Simon Bennetts, Mark Curphey – ASW #282

April 22, 2024

How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec commu...

Crazy money and crazy outcomes – cybersecurity acquisitions in all shapes and sizes – ESW #358

April 18, 2024

This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021 just got bought for $200 million??? Some healthy funding for Cyera and Cohesity ($300m and $150m, respectively) Onum, Alethea, Sprinto, Andesite AI, StrikeReady, YL-Backed Miggo, Nymiz, Salvador Te...