This week, on the Application Security News, Mike Shema and Matt Alderman discuss Featured Flaws and Big Breaches (Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager), Cloud, Code and Controls (Python is dead. Long live Python!), Learning and Tools (Breaking Down the OWASP API Security Top 10), and Food for Thought (Facebook will stop mining contacts with your 2FA number, 6 Security Team Goals for DevSecOps in 2020, 7 security incidents that cost CISOs their jobs).

Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

Application News

Featured Flaws & Big Breaches

• Cisco kicks off 2020 with 12 CVEs in Cisco Data Center Network Manager, including three critical authentication bypass vulnerabilities. -- Not likely common software among the DevOps crowd, but the variety of vulns reads like a review of the OWASP Top 10 list. Looks like 2020 will keep plenty of app flaws alive and well.

Cloud, Code & Controls

• Python is dead. Long live Python! -- Version 3 from here on out. (Unless you really have to delay until April.)
• Why Cloud, Collaboration Breed Insider Threats -- Automation still needs access controls.

Learning & Tools

• Breaking Down the OWASP API Security Top 10, Part 1 and Part 2 -- Two older articles that serve as good reminders about the OWASP API Security Top 10. It's a more relevant and meaningful list than its OWASP Top 10 predecessor.

Food for Thought

• Facebook will stop mining contacts with your 2FA number
• 6 Security Team Goals for DevSecOps in 2020
• 7 security incidents that cost CISOs their jobs -- Application security has consequences, but the message here isn't about job security.

Hosts

[caption id="attachment_210" align="alignleft" width="120"] Matt Alderman - CEO[/caption]

[caption id="attachment_210" align="alignleft" width="120"] Mike Shema - Product Security Lead[/caption]

Guests

Announcements

• Our next webcast is January 15th with Cecilia Marinier, RSAC Program Director, Innovation & Scholars where we will discuss RSAC Sandbox, RSAC Innovation Sandbox, RSAC Launch Pad, RSAC Security Scholar and their "How to” Seminar for Innovators and Entrepreneurs! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
• Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
• Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and using our code to register!

[audio src="http://traffic.libsyn.com/sw-all/ASW_90_-_Application_News-0_converted.mp3"]