<center>
        <video poster="https://securityweekly.com/wp-content/uploads/2021/03/wordpress_ASW_142_-_news-0.png" controls="controls" controlslist="nodownload" width="640" height="360">
            <source src="https://wpmedia-converted.s3.us-east-2.amazonaws.com/ASW_142_-_News-0.mp4" type="video/mp4">
        </video>
    </center>


	<p>Making security engineering successful, Go’s supply chain, mitigating <span class="caps">JSON</span> interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange. Visit <a href="https://www.securityweekly.com/asw" rel="nofollow">https://www.securityweekly.com/asw</a> for all the latest episodes!</p>
<a href="https://securityweekly.com/asw142">Full Episode Show Notes</a>
<h1>Security Engineering, Evil Packages, Exchange SSRF, & Observability </h1>






    <h1>Hosts</h1>
        <table>
            <tr>
                
                    <td style="padding-right: 10px; width: 200px;">
                        <img class="wp-image-210" src="https://securityweekly.com/john_kinsella-1/" alt="John Kinsella" width="120px;" height="96" href="https://twitter.com/@johnlkinsella">
                        <p style="margin-bottom: 0; width: 120px;" href="https://twitter.com/@johnlkinsella">John Kinsella -</p>
                        <p style="width:120px;">Chief Architect at Accurics</p>
                    </td>                
                
                    <td style="padding-right: 10px; width: 200px;">
                        <img class="wp-image-210" src="https://securityweekly.com/mike-shema-0/" alt="Mike Shema" width="120px;" height="96" href="https://twitter.com/@Codexatron">
                        <p style="margin-bottom: 0; width: 120px;" href="https://twitter.com/@Codexatron">Mike Shema -</p>
                        <p style="width:120px;">Product Security Lead at Square</p>
                    </td>                
                
            </tr>
        </table>



<h1>Announcements</h1>
    <ul style="margin-left: 50px;">
        
        <li>	<p>Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting <a href="https://securityweekly.com/guests" rel="nofollow">https://securityweekly.com/guests</a> and completing the form! We review suggestions monthly and will reach out to you once reviewed!</p></li>
        
        <li>	<p>Our next live webcast will be on March 18th at 11am ET where you will learn how to Prepare Linux Hosts for Unexpected Threats! Visit <a href="https://securityweekly.com/webcasts" rel="nofollow">https://securityweekly.com/webcasts</a> to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at <a href="https://securityweekly.com/ondemand" rel="nofollow">https://securityweekly.com/ondemand</a></p></li>
        

    </ul>

    <h1>Audio</h1>
    [audio src="http://traffic.libsyn.com/sw-all/ASW_142_-_News-0_converted.mp3"]

<p><center><br />
        <video poster="https://securityweekly.com/wp-content/uploads/2021/03/wordpress_ASW_142_-_news-0.png" controls="controls" controlslist="nodownload" width="640" height="360"><source src="https://wpmedia-converted.s3.us-east-2.amazonaws.com/ASW_142_-_News-0.mp4" type="video/mp4"></video><br />
    </center></p>
<p>Making security engineering successful, Go’s supply chain, mitigating <span class="caps">JSON</span> interoperability flaws, automating the hunt for deserialization flaws, the importance of observability, and what to do about Exchange. Visit <a href="https://www.securityweekly.com/asw" rel="nofollow">https://www.securityweekly.com/asw</a> for all the latest episodes!</p>
<p><a href="https://securityweekly.com/asw142">Full Episode Show Notes</a></p>
<h1>Security Engineering, Evil Packages, Exchange SSRF, &#038; Observability </h1>
<h1>Hosts</h1>
<table>
<tr>
<td style="padding-right: 10px; width: 200px;">
                        <img class="wp-image-210" src="https://securityweekly.com/john_kinsella-1/" alt="John Kinsella" width="120px;" height="96" href="https://twitter.com/@johnlkinsella"></p>
<p style="margin-bottom: 0; width: 120px;" href="https://twitter.com/@johnlkinsella">John Kinsella &#8211;</p>
<p style="width:120px;">Chief Architect at Accurics</p>
</td>
<td style="padding-right: 10px; width: 200px;">
                        <img class="wp-image-210" src="https://securityweekly.com/mike-shema-0/" alt="Mike Shema" width="120px;" height="96" href="https://twitter.com/@Codexatron"></p>
<p style="margin-bottom: 0; width: 120px;" href="https://twitter.com/@Codexatron">Mike Shema &#8211;</p>
<p style="width:120px;">Product Security Lead at Square</p>
</td>
</tr>
</table>
<h1>Announcements</h1>
<ul style="margin-left: 50px;">
<li>
<p>Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting <a href="https://securityweekly.com/guests" rel="nofollow">https://securityweekly.com/guests</a> and completing the form! We review suggestions monthly and will reach out to you once reviewed!</p>
</li>
<li>
<p>Our next live webcast will be on March 18th at 11am ET where you will learn how to Prepare Linux Hosts for Unexpected Threats! Visit <a href="https://securityweekly.com/webcasts" rel="nofollow">https://securityweekly.com/webcasts</a> to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at <a href="https://securityweekly.com/ondemand" rel="nofollow">https://securityweekly.com/ondemand</a></p>
</li>
</ul>
<h1>Audio</h1>

<audio class="wp-audio-shortcode" id="audio-172114-1" preload="none" style="width: 100%;" controls="controls"><source type="audio/mpeg" src="http://traffic.libsyn.com/sw-all/ASW_142_-_News-0_converted.mp3?_=1" /><a href="http://traffic.libsyn.com/sw-all/ASW_142_-_News-0_converted.mp3">http://traffic.libsyn.com/sw-all/ASW_142_-_News-0_converted.mp3</a></audio>

wordpress_ASW_142_-_news-0.png

Security Weekly

Security Engineering, Evil Packages, Exchange SSRF, & Observability – ASW #142

North America

Podcast

Related Events


<p>As more organizations adopt multi-cloud strategies, security managers must develop a strategy to consistently protect web applications across hybrid environments, while preserving quality of security and operational efficiency. The traditional approach to application security no longer works in the multi-cloud, and anew approach is needed. Join us for this webinar to discuss the new challenges of multi-cloud security and how to overcome them. In this webinar you will learn:</p>



<ul><li>The security challenges of the multi-cloud</li><li>Why traditional approaches and tools no longer work</li><li>The requirements for multi-cloud security solutions</li><li>How Radware helps organizations protect their web applications in the multi-cloud</li></ul>



<p><strong>Speakers:</strong></p>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2022/05/Eyal-Arazi.png" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Eyal Arazi</p><p class="speaker-job">Solution Expert</p><p class="speaker-company">Radware</p></div><div class="speaker-description"><p>Eyal is a Solution Expert in Radware&#8217;s security group, responsible for the company’s line of cloud security products, including Cloud WAF, Cloud DDoS, and Cloud Malware Protection. Eyal has extensive background in security, having served in the Israel Defense Force (IDF) at an elite technological unit.</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/09/Bill-Brenner.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Bill Brenner</p><p class="speaker-job">VP, Content</p><p class="speaker-company">CyberRisk Alliance</p></div><div class="speaker-description"><p>Bill Brenner is VP of Content Strategy at CyberRisk Alliance &#8212; an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology&#8217;s Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.</p></div></div></div></div>



<p><strong>Sponsored By:</strong></p>



<figure class="wp-block-image size-full"><img width="513" height="86" src="https://files.scmagazine.com/wp-content/uploads/2022/05/Radware-Logo.jpg" alt="" class="wp-image-260913" srcset="https://files.scmagazine.com/wp-content/uploads/2022/05/Radware-Logo.jpg 513w, https://files.scmagazine.com/wp-content/uploads/2022/05/Radware-Logo-300x50.jpg 300w" sizes="(max-width: 513px) 100vw, 513px" /></figure>


Application security

Cloud security

Cybercast

How to Protect Your Applications in the Multi-Cloud


<p>Security practitioners have many different initiatives demanding their time: evaluating and mitigating 3rd party risk, enabling strategic business efforts, implementing zero-trust practices, and supporting compliance activities, to name just a few. Often overlooked in these initiatives is a security gap that is critical to close if any of these initiatives are to be complete.&nbsp;</p>



<p>In this presentation, Solution Architect Matthew McGuirk will present the essential facts about client-side risk and security to arm security leaders with the information they need to address this crucial problem in all of their domains of practice.</p>



<p>It is important to understand that:&nbsp;</p>



<ul><li>Client-side risk is 3rd party supply chain risk&nbsp;</li><li>Client-side security is critical to any zero-trust initiatives</li><li>Securing the client-side is absolutely fundamental to compliance with PCI DSS, GDPR and other data privacy mandates&nbsp;</li><li>Addressing the client-side actually enables the business to do more, without fear of security or compliance violations&nbsp;</li></ul>



<p>By providing an understandable, plain-language overview of the security gap that exists on essentially every website &#8212; the threat of client-side attacks &#8212; this presentation will show how this problem can be solved effectively and definitively while also bolstering key security initiatives to ensure business value and strategic alignment.</p>



<p><strong>Speaker:</strong></p>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2022/05/matt.jpeg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Matthew McGuirk</p><p class="speaker-job">Solution Architect, Office of the CTO</p><p class="speaker-company">Source Defense</p></div><div class="speaker-description"><p>Matt McGuirk is an expert in JavaScript, web technologies, and both client-side risk and client-side attacks. He has over 15 years of experience in web application development, website administration, and cybersecurity. Additionally, he has provided consultation and analysis to Fortune 50 companies on how best to secure their customer-facing web properties and business critical web applications. Matt lives in the American Northeast with his wife and two dogs.</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2022/05/John_Kinsella-6.15.jpeg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">John Kinsella</p><p class="speaker-job">Co-founder &amp; CTO</p><p class="speaker-company">Cysense</p></div><div class="speaker-description"></div></div></div></div>



<p><strong>Sponsored By:</strong></p>



<figure class="wp-block-image size-full is-resized"><img src="https://files.scmagazine.com/wp-content/uploads/2022/05/SD_logo_color_transparent.png" alt="" class="wp-image-256304" width="277" height="277" srcset="https://files.scmagazine.com/wp-content/uploads/2022/05/SD_logo_color_transparent.png 300w, https://files.scmagazine.com/wp-content/uploads/2022/05/SD_logo_color_transparent-150x150.png 150w" sizes="(max-width: 277px) 100vw, 277px" /></figure>


Zero trust

Third-party risk

Compliance

Client-Side Security: A Critical Component of 3rd Party Risk, Zero-Trust Initiatives, Compliance and More


<p>Timely threat detection is essential. Every second that a malicious actor lingers inside your network, the odds increase that your organization could be the victim of a major malware attack. Nation-state APT actors are especially adept at staying hidden – but if you know what TTPs and IOCs to look for and you have comprehensive visibility into the processes and packets flowing through your network, then you can take steps to root them out. This live democast will demonstrate how VMware&#8217;s network detection and response solution (NDR) can uncover the various clues that threat actors drop as they infiltrate your network and execute their attack chains.</p>



<p><strong>Speakers:</strong></p>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/10/ChadSkipperPic.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Chad Skipper</p><p class="speaker-job">Global Security Technologist</p><p class="speaker-company">VMWare</p></div><div class="speaker-description"><p>Chad Skipper serves as Global Security Technologist in the Network and Security Business Unit at VMware. With more than 25 years in Information Security, Chad has served in many executive security technologist and strategist roles of endpoint, network, cloud, and hosted security services at Lastline, acquired by VMware, Cylance, acquired by Blackberry, Dell, Cisco, Symantec and is a USAF veteran.</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/10/Ant_Ducker.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Ant Ducker</p><p class="speaker-job">Lead Cyber Security Solution Engineer</p><p class="speaker-company">VMWare</p></div><div class="speaker-description"><p>Ant Ducker, Lead Cyber Security Solution Engineer at VMware, has twenty+ years’ experience in engineering, deployment, operation and maintenance of network security platforms in the Provider, Financial &amp; Enterprise verticals.</p><p></p><p>Specializing in: proactive and reactive malware defence, manual and automated threat hunting workflows, breach detection and NDR solutions, security systems integration with direct or orchestrated API, workflow integration for enterprise network security, SOC and threat hunting platforms.</p></div></div></div></div>



<div class="wp-block-cra-webcast-speaker"><div class="speaker-wrap overflow -grid"><figure class="speaker-image"><img src="https://files.scmagazine.com/wp-content/uploads/2021/09/Bill-Brenner.jpg" alt="Speaker"/></figure><div class="speaker-info"><div class="speaker-about"><p class="speaker-name">Bill Brenner</p><p class="speaker-job">VP Content</p><p class="speaker-company">CyberRisk Alliance</p></div><div class="speaker-description"><p>Bill Brenner is VP of Content Strategy at CyberRisk Alliance &#8212; an InfoSec content strategist, researcher, director, tech writer, blogger and community builder. He was formerly director of research at IANS, senior writer/content strategist at Sophos, senior tech writer for Akamai Technology&#8217;s Security Intelligence Research Team (Akamai SIRT), managing editor for CSOonline.com and senior writer for SearchSecurity.com.</p></div></div></div></div>



<p><strong>Sponsored By:</strong></p>



<figure class="wp-block-image size-full"><img width="995" height="153" src="https://files.scmagazine.com/wp-content/uploads/2020/11/VMware-Logo-200x200-01-1024x1024-1.png" alt="" class="wp-image-109472" srcset="https://files.scmagazine.com/wp-content/uploads/2020/11/VMware-Logo-200x200-01-1024x1024-1.png 995w, https://files.scmagazine.com/wp-content/uploads/2020/11/VMware-Logo-200x200-01-1024x1024-1-300x46.png 300w, https://files.scmagazine.com/wp-content/uploads/2020/11/VMware-Logo-200x200-01-1024x1024-1-768x118.png 768w, https://files.scmagazine.com/wp-content/uploads/2020/11/VMware-Logo-200x200-01-1024x1024-1-860x132.png 860w, https://files.scmagazine.com/wp-content/uploads/2020/11/VMware-Logo-200x200-01-1024x1024-1-156x24.png 156w, https://files.scmagazine.com/wp-content/uploads/2020/11/VMware-Logo-200x200-01-1024x1024-1-312x48.png 312w, https://files.scmagazine.com/wp-content/uploads/2020/11/VMware-Logo-200x200-01-1024x1024-1-640x98.png 640w" sizes="(max-width: 995px) 100vw, 995px" /></figure>
