Episoder
-
In this episode we dive deep into the world of authorization with Emre Baran, CEO and co-founder of Cerbos. As a seasoned entrepreneur and software expert, Emre brings over 20 years of experience to the table, discussing the subtle yet significant distinctions between authorization and authentication, and why these concepts are pivotal in today's cloud-based and development environments.In this discussion, Emre explains why many organizations still grapple with these issues in 2024, highlighting common pitfalls in security practices and offering insights into the sophisticated challenges of implementing fine-grained access control. He also shares his views on the evolving landscape of regulatory standards and introduces us to "Cerbos," his solution designed to streamline and secure authorization processes efficiently.Show Notes Learn about Corbos: https://www.cerbos.dev/Cerbos GitHub: https://github.com/cerbos/cerbosFollow Emre Baran X / Twitter - https://twitter.com/emreLinkedin: https://www.linkedin.com/in/emrebaran/ Time Stamps Intro: 0:00Why are we still struggling with authz: 1:12Difference Authentication &Authorization: 6:16 What is Cerbos?: 9:35 The auth trap: 11:58 Is it scalable: 13:20: Scaling Auth Who owns auth: 16:31Regulation and compliance: 20:32 GitGuardian: 22:12 What is ZSP (Zero standing Privileges): 23:00Best and Worst: 28:00 Links and followup: 32:00
-
In this engaging episode of "The Security Repo," host Dwayne McDaniel and esteemed guest Rachel Stephens, delve into the rapidly evolving world of security tooling, with a special focus on the buzz around Application Security Posture Management (ASPM). They tackle the complexities and confusions surrounding the burgeoning category of security solutions, offering listeners a clear-eyed view of what ASPM means for developers, security professionals, and the tech industry at large. Through a candid and enlightening conversation, they explore the history and potential future of security practices, the push towards simplification and consolidation of tools, and the real challenges of effectively managing security risks in today's dynamic digital environments. Join us for a thought-provoking discussion that demystifies ASPM and provides valuable insights into the direction of security tooling and practices.Show Notes: Learn more about ASPM - https://blog.gitguardian.com/good-application-security-posture-requires-good-data/Learn more about RedMonk https://redmonk.com/ Listen on Spotify: https://open.spotify.com/show/2emgX3m3dJSzlmAG3axBGa Listen on Apple Podcasts: https://podcasts.apple.com/us/podcast/the-security-repo/id1634401017
-
Mangler du episoder?
-
In this episode of The Security Repo podcast, we dive deep into the evolving landscape of security within software development with our guest, Rachel Stephens, a senior analyst at RedMonk. Rachel sheds light on the broader implications of the "shift left" movement, emphasizing the integration of security practices throughout the entire software development lifecycle rather than viewing it as an isolated final step. This conversation explores how developers and security professionals can work together more effectively, the role of tools in aiding or hindering this collaboration, and the importance of understanding security from a holistic viewpoint. With insights into the latest trends, challenges, and solutions in securing our software development processes, this episode is a must-listen for anyone interested in the intersection of development, security, and industry analysis.Show Noteshttps://redmonk.com/ Introduction: 0:00Analyst Role / RedMonk: 2:18Shift Lift: 4:27 Dev and Sec in Conflict: 6:20 Shift Left Where?: 9:35 What about micro applications?: 11:08What is Shift Right?: 15:15GitGuardian:20:22How do you Shift Left?: 21:20 Measure what matters: 25:20Best and Worst Advice: 27:30RedMonk: 29:39
-
This week, join us as we sit down with Huxley Barbee, the lead organizer of B-Sides New York City and a security evangelist at RunZero. With over two decades of experience as a software engineer and security consultant, Huxley shares his profound insights and journey through the evolving landscape of cybersecurity.From his early days attending DefCon in 1999 to spearheading B-Sides conferences that champion technical excellence, community engagement, and accessibility, Huxley's story is one of passion, dedication, and innovation. He offers a fresh perspective on the recent shift of DefCon to the Las Vegas Convention Center and recounts memorable anecdotes that highlight the unique culture of hacker communities.Moreover, Huxley sheds light on the critical topic of exposure management, moving beyond traditional vulnerability scanning to encompass advanced techniques and strategies for securing modern networks. His advice on asset inventory and the importance of understanding your network's vulnerabilities is indispensable for both seasoned professionals and newcomers to the field.So, whether you're a cybersecurity veteran, an aspiring hacker, or simply curious about the digital world's inner workings, this episode is packed with valuable insights, fascinating stories, and practical advice. Don't miss out on this deep dive into the challenges and triumphs of securing our digital future with Huxley Barbee.
-
This episode of The Security Repo Podcast features an insightful discussion with Gregory Zagraba on the challenges and strategies of integrating security practices within the DevOps landscape. Covering the evolution of DevOps, the emergence of DevSecOps, and the importance of a culture shift in large organizations, the conversation delves into practical advice on automation, the significance of backups, and fostering a security-conscious mindset. Through real-world examples and expert insights, the episode sheds light on creating robust, secure systems in the fast-paced world of software development and data protection.
Show Notes:
Git Protect https://gitprotect.io/
Git Protect Blog https://gitprotect.io/blog/
-
In this episode of the Security Repo podcast, listeners will dive into the intriguing world of hacking the hackers with Vangelis Stykas. Stykas, a notable figure in cybersecurity, shares his experiences and methodologies for compromising C2 servers—central nodes used by hackers to control malware-infected computers. He reveals how simple web application vulnerabilities can lead to significant breaches in the security of these servers. The discussion also covers the ethical and legal nuances of Stykas' work, including the challenges and risks involved in targeting these digital underworld operatives. Additionally, Stykas touches on his professional journey, including his role as the CTO of Atropos, a company specializing in web application and API security. This episode promises to uncover key discoveries about the shadowy aspects of cybersecurity and the ongoing battle between hackers and those who hack them.Show Notes:Atropos - https://atropos.ai/Stalking the Stakers Blog Post - https://atropos.ai/stalking-the-stalkers/ DefCon Talk - https://www.youtube.com/watch?v=fMxSRFYXMV0Social Media X.com - https://twitter.com/evstykas Linkedin - https://www.linkedin.com/in/vangelis-stykas/
-
In this episode, we delve into the mind of Erik Cabetas, a renowned figure in offensive security and Defcon CTF winner. Erik shares his unique journey from hacking to offensive security, detailing the critical turning points that shaped his career. Together with Mackenzie and Dwayne, Eric discusses the evolution of security practices, the importance of ethical hacking in today's digital world, and offers some advice for aspiring hackers. Join us to explore the fascinating intersection of technology, ethics, and security through Erik's expert lens.
-
In this episode of The Security Repo, Jayson E. Street delves into his unconventional journey into cybersecurity, emphasizing the essence of hacking as a manifestation of curiosity rather than mere technical skill. He shares anecdotes from his extensive experience in ethical hacking, including bank heists and corporate security breaches, to underscore the importance of creative problem-solving in security. Street also critiques the narrow perceptions of hacking, advocates for diversity in the security field, and offers unconventional advice for enhancing corporate security awareness. His stories, ranging from audacious exploits to thoughtful reflections on personal and professional growth, provide a compelling narrative on the importance of thinking outside the box in cybersecurity.
More links on Jayson
Hacker Answers Penetration Test Questions From Twitter https://www.youtube.com/watch?v=6i-84wqc_qU
Penetration tester Jayson E. Street helps banks by hacking them https://www.youtube.com/watch?v=02Vf3NjTPsI
Social Links
X - https://twitter.com/jaysonstreet
Linkedin - https://www.linkedin.com/in/jstreet/
-
In this episode of "The Security Repo," hosts Dwayne McDaniel and Mackenzie Jackson delve into the intricate world of cybersecurity with Buck Bundhund, an expert from Centripetal Networks. The conversation kicks off with an exploration of the pervasive issue of data noise – the influx of non-intended data into organizational networks, posing significant challenges for security operations.Buck sheds light on the complexities of distinguishing between legitimate and illegitimate traffic and the detrimental effects of alert fatigue within security teams. Through real-world examples and insights, the discussion unfolds to reveal the limitations of traditional security tools in handling the massive volume and dynamic nature of data noise.Listeners gain valuable insights into innovative strategies employed by Centripetal Networks, leveraging comprehensive threat intelligence and AI to filter out illegitimate traffic effectively. Buck underscores the importance of not only technological advancements but also human intuition and analysis in identifying and mitigating security threats.Join "The Security Repo" team as they navigate the ever-evolving landscape of cybersecurity, offering practical perspectives and solutions to combat data noise and enhance security posture in today's digital age.Links: Buck on Linkedin https://www.linkedin.com/in/buck-bundhund-8496862/Centripetal Networks https://www.centripetal.ai/
-
In security you have likely heard the expression turtles all the way down, the concept the world is held up on the back of a turtle who is standing on the back other another turtle, and so on.. This can be used to describe the current state of security, where everything can dramatically fall over if the bottom turtle fails. In this episode, we discuss solving the bottom turtle, solving authentication.
Our guest Ethan Heilman has a PhD in Computer Science and the current CTO of BastionZero where he is currently working on Open PubKey, a protocol for leveraging OpenID Providers (OPs) to bind identities to public keys.
Links:
OpenPubkey - https://github.com/openpubkey/openpubkey
BastionZero - https://www.bastionzero.com/
Social Connections for Ethan
Masterdon - [email protected]
X - @Ethan_Heilman
-
In this episode, James Berthoty shares insights into his project, Latio Tech, which provides a comprehensive list of cloud security tools and resources. James highlights the challenges of vendor assessments and the importance of bridging knowledge gaps in cloud security. He also shares trends in the security tooling industry and offers advice for smaller teams or organizations with limited budgets seeking effective security solutions. This episode is perfect for anyone looking into purchasing new security tools or wanting to understand the purchasing process.Show Links:Latio Tech - https://www.latio.tech/James Linkedin - https://www.linkedin.com/in/james-berthoty/
-
In this episode, Mackenzie and Dwayne dive into a discussion on API security with special guest Isabelle Mauny, co-founder and CTO of 42Crunch. We walk through the differences API security has compared with traditional application security, and its growing importance in today's technology landscape. We also have a discussion about the challenges and risks associated with API security, the need for developers to be actively involved in securing APIs, and the tools and practices that can help integrate security into the development workflow. Show Links 42Crunch website - https://42crunch.com/42 Crunch Blog - https://42crunch.com/blog/Isabelle Mauny Linkedin - https://www.linkedin.com/in/isamauny/ Quote's from the episode "It's shift left not shove left" - Isabelle Mauny"The minute you put something on the Internet, it is public." - Isabelle Mauny"Shift left is not about saying to the developers, 'You're responsible for one more thing, which is security.' It's about giving them the tools that fit into their workflow." - Isabelle Mauny
-
In this episode of The Security Repo, Mackenzie Jackson sits down with Nipun Gupta, the Chief Operating Officer of Bearer, a leading security company at the forefront of innovation in the cybersecurity landscape. Join us as we delve deep into the world of Static Application Security Testing (SAST) and explore why traditional SAST tools are struggling to keep pace with the demands of modern development environments.In today's fast-paced software development ecosystem, developers are continuously seeking ways to improve code quality, enhance security, and accelerate their workflows. However, traditional SAST tools often fall short, failing to meet the specific needs of developers. Nipun Gupta sheds light on these challenges and discusses how Bearer is breaking new ground by redefining SAST for the modern era.Discover the fascinating insights and solutions that Bearer brings to the table, making SAST more accessible and effective for developers. Learn how their innovative approach is not only improving code security but also enabling AI-generated code to be more secure and trustworthy. Uncover the synergy between SAST and AI in this thought-provoking episode and gain valuable insights that can help your organization stay ahead in the ever-evolving cybersecurity landscape.Tune in to "Revolutionizing SAST: Bridging the Gap for Modern Developers with Nipun Gupta" to stay informed and inspired in the realm of cybersecurity and software development.Follow Nipun on Linkedin - https://www.linkedin.com/in/guptanipun/Learn more about Bearer today at - https://www.bearer.com/
-
In this episode of "The Security Repo," your hosts Mackenzie Jackson and Dwayne McDaniel are joined by a distinguished guest, Dan Barahona, as they embark on an eye-opening exploration of API security. As the digital landscape evolves at breakneck speed, APIs (Application Programming Interfaces) have become the backbone of modern applications, making them an attractive target for cyber threats.Join the conversation as Mackenzie, Dwayne, and Dan delve into the fundamentals of API security and why it has emerged as an integral aspect of both application security and the broader realm of cybersecurity. Discover the ins and outs of protecting these crucial gateways, learn about the common vulnerabilities that threat actors exploit, and gain insights into best practices and cutting-edge strategies for fortifying your digital fortress.Whether you're a developer, a security professional, or simply curious about the ever-evolving world of cybersecurity, this episode promises to provide you with invaluable knowledge on API security and equip you with the tools to safeguard your digital assets. Tune in to "The Security Repo" for an illuminating discussion that could mean the difference between vulnerability and resilience in our interconnected digital world.AppSec University: https://www.apisecuniversity.com/Dan Barahona Linkedin: https://www.linkedin.com/in/rdbarahona/
-
In this episode of The Security Repo, your hosts Mackenzie Jackson and Dwyane McDaniel are joined by the brilliant Reanna Schultz, a seasoned expert in the field of cybersecurity. Together, they delve deep into the world of social engineering, exploring what it is, how to detect it, and crucially, how to arm your staff against its deceptive tactics.Social engineering is a crafty, manipulative art used by cybercriminals to exploit human psychology. Our trio dissects the various techniques employed by malicious actors, shedding light on the ever-evolving landscape of digital deception. Learn how to recognize the red flags and protect your organization from falling victim to these cunning ploys.But that's not all; in this episode, we also peer into the fascinating intersection of artificial intelligence and cybersecurity. Discover how AI is shaping the cyber landscape and making it harder to detect social engineering activities. Join us for an enlightening conversation that's essential for anyone navigating the complex world of cybersecurity. Tune in to "Unmasking the Shadows: Social Engineering, AI, and Cybersecurity" and fortify your defenses against the lurking dangers of the digital realm.Show Links:Follow Renna on Linkedin - https://www.linkedin.com/in/reanna-schultz/ GitHub Phising Simulation - https://github.com/reannaschultz/PhishingSimulation/wiki
-
In this eye-opening episode of The Security Repo, we welcome James Wickett, the CEO and co-founder of DryRun Security, a visionary in the realm of cybersecurity. James unveils a groundbreaking concept known as "Contextual Security," a game-changer that empowers developers with unprecedented security insights while they write code.As our hosts and cybersecurity enthusiasts Mackenzie and Dwaybne guide the conversation, James delves into the heart of Contextual Security, offering listeners an inside look at how this innovative approach is transforming the way developers view and implement cybersecurity in their projects. Discover how Contextual Security is redefining the role of developers in the fight against cyber threats.James also takes us on a journey through the realm of artificial intelligence, sharing his insights on its pivotal role in the future of cybersecurity. As he paints a vivid picture of the evolving threat landscape, you'll gain valuable perspective on why traditional security measures are falling short, particularly for developers.Don't miss this engaging and thought-provoking episode as we explore the forefront of cybersecurity with James Wickett, a trailblazer whose mission is to equip developers with the tools and knowledge they need to fortify their code against today's evolving threats. Tune in to "The Security Repo" and be prepared to redefine your understanding of cybersecurity in the digital age.
Show Links:
https://www.dryrun.security/
James personal webiate https://wickett.me
Linkedin: https://www.linkedin.com/in/wickett/
-
In this captivating episode of The Secuerity Repo, we delve into the world of physical security with our esteemed guest, Brice Self. With over a decade of experience in the field, Brice brings a wealth of knowledge and real-world insights to the table.This episode takes a deep dive into the intricate aspects of physical security, particularly in high-stakes environments like banking institutions. Brice shares his experiences and the strategies that have led him to a remarkable 100% success rate in penetrating security measures at various banks - a testament to his expertise and the critical vulnerabilities in existing security systems. Prepare to be enthralled by Brice's recounting of his most challenging break-ins, the creative tactics he employed, and the lessons learned from each successful operation. The discussion also touches upon the evolution of security measures, the importance of continuously adapting strategies, and the future of physical security in an increasingly digital world.
-
In this episode, we sit down with Tom Forbes to discuss his 'side project gone wrong' and how he found live AWS credentials inside many Python packages hosted on PyPi. Tom didn't expect to find sensitive information inside public Python packages, but was surprised when he was contacted about removing data from his GitHub project. After some research, he discovered live AWS secrets in the source code and went on a journey to discover how many secrets there actually were inside PyPi packages. In this episode, Dwayne and Mackenzie dive into Toms's research to discover how the project started and what people can do to protect their secrets.
-
With the rapid development of AI we are often left wondering if AI is our friend or foe in security. In this episode, I sit down with Simon Maple from Snyk to discuss just that. We explore the different applications of AI in security and where the future is going. It's an interesting discussion so you don't want to miss it!Show Links: Snyk.io Blog: https://snyk.io/de/blog/ Featured article: https://snyk.io/blog/10-best-practices-for-securely-developing-with-ai/x.com (Formally twitter) https://twitter.com/sjmapleSimon BIo: Simon has a long and impressive record working in technology from working in startups to working for massive companies like IBM and now Snyk. Simon today is the Principle developer advocate at Snyk having previously held many leadership roles as the field CTO (again at Synky) and the Director of developer relations. He is a world-renowned speaker having spoken at many conferences including JavaOne, Devoxx Fr, Devoxx UK, JavaZone, JavaLand, JAX, and many many more. Today he is using his decades of tech experience to uncover many of the mysteries surrounding AI and that is what we have the privilege of discussing with him today. He uses his experience in both AI and security to answer the most difficult and interesting questions I could possibly come up with. Without further delay. Here is Simon Maple for our discussion on the new frontier in security, artificial intelligence.
-
Application security can be a difficult task at all levels of a company. But as a start-up grows into an enterprise, or existing companies evolve. How do you effectively scale your security program? We have an amazing guest, Jeevan Sinhg who is the director of product security at Twilio and he is here to talk about how to scale an application security program. BIO Jeevan SinhgJeevan's lifelong fascination with defensive security began at a young age when I played the center-back position on my youth soccer team. I loved the thrill of preventing opponents from scoring and was intrigued by the strategy behind defensive maneuvers. The fascination grew throughout my adolescence and into university when a close friend showed me how malicious users could penetrate systems and taught me how to prevent attacks. For as long as I can remember, I’ve continually examined scenarios from every imaginable angle so I can find weaknesses and penetrate defenses in order to protect myself. As an Information Security Architect, I am still driven by this fascination and apply these same principles as I protect the company and guard customer data.His philosophy is to build security from the ground up and make it as transparent as possible. He does this by collaborating with software architects and senior developers to identify practical options for building secure systems, empowering developers, and working with sysadmins and network engineers to determine effective approaches for operating securely. He also works toward creating a positive security culture, instilling employees with security knowledge, and building defenses against security threats.
- Se mer
