Security Weekly Podcast Network (Audio) Folgen

Go releases their own curated vuln management resources, OSS-Fuzz finds command injection, Microsoft gets rid of Basic Auth in Exchange, NSA provides guidance on securing SDLC practices, reflections on pentesting, comments on e2e   Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this talk, Invicti’s Chief Product Officer Sonali Shah discusses the challenges and misunderstandings around shifting left, and provides tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle. This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw211

This week in the Security News: Vangogh vs. AI, Online Safety in California, Bad IoS Apps, Japan vs. Floppy Disks, Chile, Instagram, and show Wrap-Ups!   Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/swn237

In the Enterprise Security News This week: more layoff announcements than funding announcements! Krit acquired by GreyNoise, Incident Response in AWS is different, Awesome open source projects for SecOps folks, Tyler Shields can’t wait to talk about Product Led Growth, Forcing open source maintainers to use MFA, Twilio - the breach that keeps on pwning, The US Governments earmarks $15.6 BILLION for cybersecurity and we hear vendors salivating already, & more!   Security training isn't just about anti-phishing and security awareness for employees. When reading through breach details, a similar picture often emerges: the people were there, the tools were in place, but the people didn't know how to use the tools effectively. Every day, security tools catch attacks, but it doesn't matter if a human doesn't notice and tools are in 'monitor only' modes. This segment is sponsored by RangeForce. Visit https://securityweekly.com/rangeforce to learn more about them!   From its origins a decade ago, the grassroots movement to enshrine in law the right to repair our stuff (read: cell phones, laptops, home appliances, cars, machinery) has morphed into a potent, global movement. Today, much of the debate over right to repair laws has focused on issues like concentrations of market power by large corporations and anti-competitive behavior with regard to service and repair of "smart," connected products. However, there is a less-discussed but equally potent argument in favor of repair: cybersecurity and data privacy. In this conversation, Paul Roberts, the founder of SecuRepairs.org (pron: Secure Repairs), talks about the dire state of device security on the Internet of Things and how efforts by manufacturers to limit access to software updates, diagnostic tools and parts exacerbates IoT cyber risk, even as it burdens consumers and the environment. Segment Resources: Securepairs.org: https://securepairs.org Fight to Repair Newsletter: https://figh   Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/esw287