Application Security Weekly Episode #170 – October 18, 2021
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Dev(Sec)Ops Scanning Challenges & Tips – 12:30 PM-01:00 PM
Sponsored By

Visit https://securityweekly.com/probely for more information!
Announcements
-
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
-
Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Description
Visit https://securityweekly.com/probely for more information!
Announcements
-
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
-
Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Description
There’s a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier.
This segment is sponsored by Probely.
Visit https://securityweekly.com/probely to learn more about them!
Guest(s)
|
Nuno Loureiro – CEO at Probely @nunoloureiro Nuno is a Co-Founder and the CEO of Probely. In the past, he led an Application Security team at a Telco Provider, where he provided training on secure coding, security guidance during the development lifecycle of projects, performed penetration testing, and implemented PCI-DSS across the organization. He holds an MSc in Information Security from Carnegie Mellon University. |
|
Tiago Mendo – CTO at Probely CTO and Co-founder of Probely, a cybersecurity startup that does web application security scanning as a service. He has 17+ years of experience in information security, builder of a web app security team, programmer, pentester, and father. Master in Information Technology/Information Security by the Carnegie Mellon University. Travel addicted. |
Hosts
John Kinsella @johnlkinsella Co-founder & CTO at Cysense |
Mike Shema @Codexatron Product Security Lead at Square |
2. View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps – 01:00 PM-01:30 PM
Announcements
-
Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!
Keynotes from Alyssa Miller, John Strand, Lesley Carhart, & Dave Kennedy!
Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!
-
Join us in our next live webcast, on October 21, to learn why zero-knowledge encryption matters! Then join us November 4th to learn about Pragmatic Steps to Reduce Your Software Supply Chain Risk. Finally, join us November 11th to learn the key insights and takeaways from the the 2021 OWASP top ten. Visit https://securityweekly.com/webcasts to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand
Description
This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance!
Hosts
John Kinsella @johnlkinsella
Co-founder & CTO at Cysense |
Mike Shema @Codexatron
Product Security Lead at Square |
|