Saturday, July 20, 2019
OWASP Podcast

The 2019 Software Supply Chain Report

The 2019 State of the Software Supply Chain Report was released on June 25th. The report is an analysis of the answers from over 5500 participants, allowing data researchers the ability to extrapolate what the most productive enterprises are...
OWASP Podcast

The Vanity of Diversity

Let's not talk around the subject here... women are under represented when it comes to speaking or participating in tech conferences. It's a male dominated culture. When I saw Lani Rosales had published, "The Ultimate list of Austin women who...
OWASP Podcast

Creating Internal Tech Conferences

I produced my first concert at the San Anselmo Playhouse in 1979. It was the first in a series of events that has lasted 40 years. I have produced more than 300 events and participated in many hundreds more...
OWASP Podcast

Securing the Software Supply Chain – Live Panel for International Conference on Cyber Engagement

In April 2019, I was invited to host a panel at the International Conference on Cyber Engagement in Washington DC, to discuss "Securing the Software Supply Chain". On the panel were four of the top voices in software supply...
OWASP Podcast

Tel Aviv and the 2019 Global AppSec Conference

When I think of Tel Aviv, I imagine a robust, young culture, living a good, fun life. Not only is the culture conducive to a young life style, its tech industry continues to gain traction. As Wired Magazine said...
OWASP Podcast

Persectives on the “Sec” in DevSecOps w/ Tanya Janca

If you've read the Phoenix Project, you'll remember Brent, the indispensable cog on the operations team. Brent was a good guy, he wanted to do the right things, all of the right things, but was pulled in all directions...
OWASP Podcast

2019 Open Security Summit Preview

Three years ago there was an idea floating around OWASP... a core community was looking for a way to have an isolated week, where security project working groups could get together, with no distractions, and work on projects they...
OWASP Podcast

What is an SBOM and Why Should You Care? w/ Allan Friedman

Open-source components and their use within the software supply chain has become ubiquitous within the past few years. Current estimates are that 80-90% of new software applications consist of open-source components and frameworks. Section A9 of the OWASP Top...
OWASP Podcast

What is Chaos Engineering, an Interview with Casey Rosenthal

"Chaos engineering is an empirical practice of setting up experiments to figure out where your system is vulnerable so that you can know that ahead of time and proactively fix some of these vulnerabilities in your system." -- Casey...
OWASP Podcast

Ladies of London Hacking Society w/ Eliza-May Austin

The Ladies of London Hacking Society was created by Eliza-May Austin in an act of frustration.Having nowhere to turn to meet other women within the security industry in the UK,Eliza-May fired off an online post lamenting the lack of...
OWASP Podcast

Anticipating Failure through Threat Modeling w/ Adam Shostack

What am I working on? What can go wrong? What am I going to do about it? Did I do a good job? These are the four questions at the heart of thread modeling In this episode, I speak with Adam Shostack, author...
OWASP Podcast

We Are All Special Snowflakes with Chris Roberts

This is the sixth episode in an eight part series, talking with the authors of "Epic Failures in DevSecOps". In this segment, I speak with Chris Roberts about his chapter, "We are all special snowflakes", diving into topics as...
OWASP Podcast

A Concise Introduction to DevSecOps

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise...
OWASP Podcast

What’s In Store for the AppSec Cali Conference w/ Richard Greenberg

As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak...
OWASP Podcast

Epic Failures in DevSecOps w/ Aubrey Stearn

Aubrey Stearn is the Technical Lead for the Enterprise Cloud Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.