asw132

Application Security Weekly Episode #132 – November 30, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Security Decisions During Application Development – 12:30 PM-01:00 PM

Sponsored By

sponsor
Visit https://securityweekly.com/synopsys for more information!

Announcements

  • Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. This 1 day virtual event wraps up with the 15th anniversary edition of Paul’s Security Weekly live on Youtube! Visit https://securityweekly.com/unlocked to view the agenda and register for free!

Description

The security of any application is a function of the decisions made during development. Measuring the risk of those decisions isn’t something contained within a single tool, but instead requires a set of perspectives on how a “bad decision” can manifest itself in the security of the app.

This segment is sponsored by Synopsys.

Visit https://securityweekly.com/synopsys to learn more about them!

Guest(s)

Tim Mackey
Tim Mackey – Principal Security Strategist

Hosts

JohnKinsella
JohnKinsella – Chief Architect
MattAlderman
MattAlderman – CEO
MikeShema
MikeShema – Product Security Lead

2. Top CyberSec Skills for 2021, Xbox Gamertag Bug, & MobileIron RCE Flaw – 01:00 PM-01:30 PM

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • In our upcoming webcasts & technical trainings, you will learn how to build a risk-based vulnerability management program, how to prevent phishing scams, and how to move beyond vulnerability scan to vulnerability fix! Visit https://securityweekly.com/webcasts to see what we have coming up, or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

Xbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list!

Hosts

JohnKinsella
JohnKinsella – Chief Architect
MattAlderman
MattAlderman – CEO
  1. What Are The Fastest Growing Cybersecurity Skills In 2021?
  2. New – Attribute-Based Access Control with AWS Single Sign-On
MikeShema
MikeShema – Product Security Lead
  1. Critical MobileIron RCE Flaw Under Active Attack – for a bug disclosed and patched in June.
  2. Xbox bug could have allowed hackers to link gamer tags with players’ emails – making identity in Fortnite less fortified than expected.
  3. Prevention Is Better Than the Cure When Securing Cloud-Native Deployments – reiterates a tenet of DevOps — the feedback loop.
  4. Amazon: We’re hiring software engineers who know programming language Rust – gives us a chance to consider the influence of toolchains on security.
  5. KubeCon Coverage: Incentivizing the DevSecOps Culture – gives us a chance to think about motivating teams to focus on prevention, toolchains, and feedback loops.
  6. The DevOps Reading List: Choosing your next DevOps book – gives us some ways to learn more about DevOps.