Understanding Web Application Client-Side Risk – Matt McGuirk – ESW #276



Sponsored By


sponsor
Visit https://securityweekly.com/sourcedefense for more information!

Web applications have a new and dangerous security gap which requires attention: client-side security. The code and content that a web application delivers into a web browser is a ripe attack surface and requires different consideration, tools, and knowledge than required by traditional web application security. This segment will explore what client-side security is, why client-side attacks are so dangerous, and what options are available to defend ourselves from this new threat.

Segment Resources:
“Magecart 101” – a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M

A quick five minute explainer on the problem and Source Defense’s solution: https://www.youtube.com/watch?v=f8MO45EQcKY

Source Defense’s brand new (as of 5/25/22) “State of the Industry” report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper

This segment is sponsored by Source Defense.

Visit https://securityweekly.com/sourcedefense to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!

Full Episode Show Notes

Understanding Web Application Client-Side Risk

Guests

Matt McGuirk

Matt McGuirk – Solution Architect at Source Defense

Matt McGuirk is an expert in JavaScript, web technologies, and both client-side risk and client-side attacks. He has over 15 years of experience in web application development, website administration, and cybersecurity. Additionally, he has provided consultation and analysis to Fortune 50 companies on how best to secure their customer-facing web properties and business critical web applications. Matt lives in the American Northeast with his wife and two dogs.

Hosts

Adrian Sanabria

Adrian Sanabria – Director of Product Management at Tenchi Security

@sawaba

Adrian is an outspoken researcher that doesn’t shy away from uncomfortable truths. He loves to write about the security industry, tell stories, and still sees the glass as half full.

Katie Teitler

Katie Teitler – Sr. Product Marketing Manager at Axonius

@Katherinert15

Katie Teitler is a cybersecurity content creator. In her current role with Axonius, she is part of the product marketing team, helping audiences understand the value proposition of cyber asset management as it pertains to risk reduction. In past roles, Katie was an industry analyst, research director, content marketer, and freelance author, and managed content and speakers for InfoSec World, now a flagship offering of the Cyber Risk Alliance.

Tyler Shields

Tyler Shields – CMO at JupiterOne

@txs

Tyler advises, guides, and operates high tech startups primarily in the B2B security space. He is a former market analyst, engineer, product manager, marketing leader, and partnership manager. In other words, Tyler builds and grows businesses – in all aspects. He’s a board advisor, angel investor, and board member at multiple firms and an investment advisor for a venture debt business. He loves to play guitar and poker in his free time.

Announcements

  • Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!