Tuesday, March 19, 2019
OWASP Podcast

What is Chaos Engineering, an Interview with Casey Rosenthal

"Chaos engineering is an empirical practice of setting up experiments to figure out where your system is vulnerable so that you can know that ahead of time and proactively fix some of these vulnerabilities in your system." -- Casey...
OWASP Podcast

Ladies of London Hacking Society w/ Eliza-May Austin

The Ladies of London Hacking Society was created by Eliza-May Austin in an act of frustration.Having nowhere to turn to meet other women within the security industry in the UK,Eliza-May fired off an online post lamenting the lack of...
OWASP Podcast

Anticipating Failure through Threat Modeling w/ Adam Shostack

What am I working on? What can go wrong? What am I going to do about it? Did I do a good job? These are the four questions at the heart of thread modeling In this episode, I speak with Adam Shostack, author...
OWASP Podcast

We Are All Special Snowflakes with Chris Roberts

This is the sixth episode in an eight part series, talking with the authors of "Epic Failures in DevSecOps". In this segment, I speak with Chris Roberts about his chapter, "We are all special snowflakes", diving into topics as...
OWASP Podcast

A Concise Introduction to DevSecOps

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise...
OWASP Podcast

What’s In Store for the AppSec Cali Conference w/ Richard Greenberg

As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak...
OWASP Podcast

Epic Failures in DevSecOps w/ Aubrey Stearn

Aubrey Stearn is the Technical Lead for the Enterprise Cloud Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding...
OWASP Podcast

Strategic Asymetry – Leveling the Playing Field w/ Chetan Conikee

"In the past when we were writing software, it was our engineers and our organizations that had total cost of ownership of that software. But now, that has fundamentally changed. Engineers are using open source software and deploying the...
OWASP Podcast

Threat Modeling – A Disaster Story with Edwin Kwan

We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about...
OWASP Podcast

The DevSecOps Unicorn Rodeo w/ Stefan Streichsbier

Stefan Streichsbier talks about his chapter, "Unicorn Rodeos", in the just released book, "Epic Failures in DevSecOps". We start with where did the chapter name come from and what does it mean, then lead into his three main points...
OWASP Podcast

The DevSecOps Experiment

DJ Schleen talks about his upcoming 15 part video series, "The DevSecOps Experiment", where he will walk through the set setup of a software supply chain, including building in security during every step of the process. This is a...
OWASP Podcast

Open Source Vulnerabilities – Who is Ultimately Responsible

In this broadcast, I speak with Chris Roberts and Derek Weeks about lines of responsibility and npm package highjacking in light of the event-stream vulnerability announcement last week. The announcement of the event-stream npm package vulnerability has once again raised...
OWASP Podcast

event-stream: Analysis of a Compromised npm Package

Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software...
OWASP Podcast

Spy vs Spy: Harvesting Adversaries

"The guy who wrote wifi software with SSID never imagined that someone could use that SSID to transmit data by writing two smaller applications to leverage it. We are constantly going to be in this battle. Ultimately we've...
OWASP Podcast

Moving from Projects to Products w/ Mik Kersten

"If you look inside a large enterprise IT organization, they have this very bizarre and broken layer that's completely separating the way that business thinks in terms of products, budgets and costs, and the way IT people know the...
SC Magazine

Norwegian aluminum producer Norsk Hydro hit by an unspecified cyberattack

Norwegian aluminum producer Norsk Hydro was hit by a cyber attack which began Monday evening and escalated into the night. The Norwegian National Security Authority (NSM) declined to comment on what type of attack it was but said the extent...
SC Magazine

Glitch exposes Sprint customer data to other users

A bug has allowed some Sprint customers to see the personal data of other customers from their online accounts. The information visible includes names, cell phone numbers as well as calls made by other users and, and a Tech Crunch report cited...

6 Ways Mature DevOps Teams Are Killing It in Security

New survey shows where "elite" DevOps organizations are better able to incorporate security into application security.
The Register

Ransomware drops the Lillehammer on Norsk Hydro: Aluminium giant forced into manual mode after systems scrambled

Norway the power and metals wrangler could have seen this one coming Norwegian power and metals giant Norsk Hydro is battling an extensive ransomware infection on its computers.…

Old Tech Spills Digital Dirt on Past Owners

Researcher buys old computers, flash drives, phones and hard drives and finds only two properly wiped devices out of 85 examined.