Threat Modeling Archives - Security Weekly

Lessons Learned from Building an ISAC – Grant Sewell – CSP #59

Sponsored By Visit https://www.cybereason.com/cisostories for more information! Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a…

New Year, Same Security Problems – Kris Lahiri – ESW #256

It’s a new year and a time when we make resolutions…which often drop off by the start of February. To keep your security resolutions for…

Categories: Cybercrime Enterprise Security Weekly Interview Security Operations Threat Modeling

Log4j for FTC, More JNDI, Cache Poisoning, Improving Default Configs, ThinkstScapes – ASW #179

The FTC issues a warning about taking log4j seriously, JNDI is elsewhere, cache poisoning shows challenges in normalizing strings, semgrep for refactoring configs with security…

Categories: Application Security Application Security Weekly Bug Bounties Cloud Security DevOps News Threat Modeling

Broadening What We Call AppSec – Christien Rioux – ASW #179

There’s an understandable focus on “shift left” in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into…

Categories: Application Security Application Security Weekly DevOps Interview Security Training Threat Modeling

Bringing Autonomy to AppSec – Dr. David Brumley – ESW #255

Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren’t going to go away with current approaches like SAST and SCA….

Categories: Application Security Enterprise Security Weekly Interview Penetration Testing Threat Modeling

Latest Log4j, Outages & Availability, FPGA Security Concepts, & Bug Bounty Awards – ASW #178

Log4j has more updates and more vulns (but probably not more heartburn…), revisiting outages and whether availability has made it into your threat models, deep…

Categories: 3rd Party Risk Application Security Application Security Weekly Bug Bounties DevOps News Threat Modeling

The Future Is Now: Model-Driven Security Using Data Science – Jim Routh – CSP #48

Sponsored By Visit https://www.cybereason.com/cisostories for more information! Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks…

Categories: 3rd Party Risk Application Security Data Security Email Security Endpoint Security Exploit Prevention Incident Response Interview Intrusion Detection Leadership Podcast The CISO Stories Podcast Threat Modeling

Are We Ever Going to Get Information Sharing Right? – Edna Conway – ESW #252

In this interview, we discuss defenders sharing information, how Edna deals with Azure’s supply chain challenges, ransomware trends, and some future predictions. Edna has been…

Categories: Blue Team Cloud Security Enterprise Security Weekly Incident Response Interview Leadership Threat Modeling

Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach – ASW #176

This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach,…

Categories: Application Security Application Security Weekly Bug Bounties DevOps News Security Research Threat Modeling

PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling – ASW #174

In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML…

Categories: Application Security Application Security Weekly Cloud Security DevOps IoT News Threat Modeling

Filter By: