Application security, Emerging technology

What’s the Best Way to Threat Model? – Nick Selby – ASW #229

February 13, 2023

Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application/service is externally facing or for internal use only, it is mandatory to identify and understand the scope of potential cyber risks and threats it poses to the organization. But where and how do you start with an accurate threat model? Nick can discuss how to approach this and create a model that's useful to security and developers alike.

Segment Resources

https://github.com/trailofbits/publications/blob/master/reviews/2022-12-curl-threatmodel.pdf

Full episode and show notes

Announcements

Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Guest

Nick Selby

VP, Software Assurance Practice at Trail of Bits

An accomplished information and physical security professional, Nick leads the Software Assurance division of Trail Of Bits, giving customers in some of the world’s most targeted industries a comprehensive understanding of their security landscape, technology, and infrastructure.

Hosts

Mike Shema

Security Partner at Square

Akira Brand

Developer Relations at Bright Security

www.akirabrand.com

John Kinsella

Co-founder & CTO at Cysense

DevOps

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

March 20, 2023

Outlook can leak NTLM hashes, potential RCE in a chipset for Wi-Fi calling in phones (and autos!?), the design of OpenSSH's sandboxes, more on the direction of OWASP, celebrating 25 years of Curl.

DevOps

Automating Security With Static Analysis – Josh Goldberg – ASW #233

March 20, 2023

Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting ...

DevOps

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309

March 16, 2023

The CI/CD pipeline is the backbone of the software development process, so it's critical to ensure you are meeting and exceeding the most critical security measures. Throughout this podcast, Tal Morgenstern, Co-founder and CSO of Vulcan Cyber, will break down the process of how organizations can properly secure a CI/CD pipeline into a checklist of ...

What’s the Best Way to Threat Model? – Nick Selby – ASW #229

Announcements

Guest

Hosts

Related

PassTheHash from Outlook, RCE in Modem Chipset, OpenSSH Sandboxes, Curl’s Anniversary – ASW #233

Automating Security With Static Analysis – Josh Goldberg – ASW #233

How to Secure Your CI/CD Pipeline by Prioritizing Cyber-Risk Management – Tal Morgenstern – ESW #309