Security Weekly Podcast Network (Video)

Enterprises today has an ever expanding attack surface. Jimmy Sanders, Head of Security for DVD.com, joins to discuss how Organizations are constantly trying to stay ahead of the latest known and unknown risks! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw725

In the leadership and communications section, Mastering Art and Science Is Imperative for CISOs to Be Successful, Seven Ways to Ensure Successful Cross-Team Security Initiatives, 2 Key Cybersecurity Lawmakers Will Not Seek Reelection, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw247

Enabling the business requires a nuanced view of verticalization and what it means to an enterprise. Why is this important as CISO's think about how to apply cyber to enterprise resiliency? Mark Fernandes, Global Chief Technology Officer, Security, Risk, and Governance Solutions from MicroFocus, joins us to provide an overview of their Galaxy platform that aligns threats to prioritized risk activities. If you want learn more or sign-up and try Galaxy for free, please visit https://securityweekly.com/galaxy. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/bsw247

In the AppSec News, Safari fixes a privacy leak in IndexedDB, integer arithmetic flaw leads to Linux kernel bug, a look back on Zoom security, SSRF from an URL allow list bypass, a security engineering course and lectures, 25 years of HTTP/1.1 Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw181

It is hard, if not impossible, to secure something you don't know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against flaws in code that receives little review. For example, a "dated trend" by effective yet lazy hackers is to search for APIs unknown by security teams, coined "Shadow APIs", then connect to these APIs and extract data. SQL Injection used to be the hack of choice, as a few simple SQL commands would either mean pay dirt or "move on to the next target". Now the same can be said for Shadow API: Find, Connect, Extract. Himanshu will discuss one of many methods that are used in the wild to target Shadow APIs and export large volumes of data with a few clicks of a button or a few lines of code in Python. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw181

In the Enterprise Security News: 1Password plans to do some shopping with their massive Series C, Devo announces a $250M round, Permiso Security and Tromzo emerge backed by both traditional VCs and industry execs, STG spins out McAfee's MVISION XDR product as Trellix - the first of many spinouts, they say, Microsoft reminds us that, in addition to being the industry's largest security vendor, they can also drop $70B on video games if they feel like it, More reminders that open source is essential, but orgs with massive budgets will still treat it as worthless and disposable, Real-world stories of CI/CD pipeline compromises, Is Uber's former CSO going to jail?, and Tom Brady NFTs! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257

An open discussion of challenges facing software and system architects in small and medium sized businesses. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257

In the Security News: Malware targets Ukraine, I wonder where that's coming from?, evil Google Docs comments, Russia grabs REvil, funding a dictatorship, Zoom zero clicks, When 9-year old's launch DDoS attacks, 5G interference, and when your Mom steals your brownies! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw724

wpscan is a free tool for scanning WordPress, and let's face it, there are many vulnerabilities to be found in Wordpress! This segment will walk you through installing, configuring and using wpscan. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw724

Modern tech stacks are becoming increasingly complex puzzles of components built in-house and sourced from third-party vendors. With DNS at the center of the infrastructure, and staging and production being sometimes just minutes apart, scanning for CVEs is not enough to stay on top of web threats. There are lots of critical things traditional app scanners won't catch, like dangling DNS records, subdomain takeover and open S3 buckets. To keep their growing attack surface secure, companies need to combine crowdsourced vulnerability detection with solutions that detect outliers and anomalies in their software - before these become an attack vector. In this episode we'll discuss: - Why hunting for vulnerabilities is no longer enough to stay on top of threats - Vulnerability Management vs Attack Surface Management - How security teams can adapt their vulnerability management process to modern dev cycles. Segment Resources: More insights on how to secure your external attack surface: https://detectify.com/resources Free trial of Detectify's attack surface management solutions: https://detectify.com/product/surface-monitoring https://detectify.com/product/application-scanning This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257