show episodes
 
Dallas Software Development Companies provide offshore solutions to their customers. Services provided by them include software solutions from start to finish, as in the system's planning stage to its practical implementation in the organization. This process is called as System Development Life Cycle or SDLC. Such companies provide technology expertise and automation technology information solutions to their customers. Address: 4330 N Central Expy #250, Dallas, TX 75206, United States Phone ...
 
Learn how the top brands wow customers through production-first engineering. On this podcast you will find the tactics, methodologies, and metrics used to drive customer value by the engineering leaders actually doing it. Join Rookout CTO, Liran Haimovitch as he explores how customer-centric brands approach engineering to create a competitive advantage; with interviews covering topics such as automation, issue resolution, team structure, DevOps, and more.
 
Loading …
show series
 
With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examples for increased efficiency, but also inherent security risks that organizations should consider. In this talk, Invicti’s CTO & Head of Security Research Frank Catucci discusses potential use cases a…
 
Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitespace and other trivia), linters (which detect likely best practice and style issues), and type checkers (which detect likely bugs). Each of these can aid in improving application security by detecting …
 
In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in …
 
In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a consortium of leading cybersecurity leaders. OSC&R the first and only open framework for understanding and evaluating existing threats to entire software supply ch…
 
Join us for this segment with Lina Lau to learn lessons from real incident response engagements covering types of attacks leveraged against the cloud, war stories from supply chain breaches seen in the last 1-2 years, and how defenders and enterprises can better protect and proactively defend against these attacks. Segment Resources: Attacking and …
 
It's another holiday week, so enjoy this episode from our archives! What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of bugs? If we can shift from vulnerability mitigation to vulnerability elimination, then appsec would be able to demonstrate some signi…
 
Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application/service is externally facing or for internal use only, it is mandatory to identify and understand the scope of potential cyber risks and threats it poses to the organization. But where and how do you…
 
Most of the myths and lies in InfoSec take hold because they seem correct or sound logical. Similar cognitive biases make it possible for even the most preposterous conspiracy theories to become commonly accepted in some groups. This is a talk about the importance of critical thinking and checking sources in InfoSec. Our industry is relatively new …
 
A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git security audit, SQL Slammer 20 years later, the SQLMap tool We talk with Dr. David Movshovitz about There Is No Average Behavior! Segment Resources: White paper: https://www.reveal.security/lp/white-paper/…
 
Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML for web scanning, Top 10 web hacking techniques of 2022 Developers write code. Ideally, secure code. But what do we mean by secure code? What should secure code training look like? Visit https://www.se…
 
We're aren't recording this holiday week, so enjoy this ASW throwback episode! Main host Mike Shema selected this episode to share as it's still relevant to the AppSec community today. This week, we welcome Nuno Loureiro, CEO at Probely, and Tiago Mendo, CTO at Probely, to talk about Dev(Sec)Ops Scanning Challenges & Tips! There's a plenitude of wa…
 
Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust This segment will discuss options for protecting your APIs. First, why protect them? Second, what are the options and the tradeoffs. …
 
How do you mature a team responsible for securing software? What are effective ways to prioritize investments? We'll discuss a set of posts on building talent, building capabilities, and what mature teams look like. Segment resources: - https://securing.dev/categories/essentials/ Metrics for building a security product, hands-on image classificatio…
 
FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against machine learning systems and AIs like ChatGPT Threat modeling is an important part of a security program, but as companies grow you will choose which features you want to threat model or become a bottlene…
 
Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs, technical and social considerations when getting into bug bounties, a brief note on memory safety in Android Finding the balance between productivity and security is most successful when it leads to…
 
Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building a research team MongoDB recently announced the industry’s first encrypted search scheme using breakthrough cryptography engineering called Queryable Encryption. This technology gives developers the ab…
 
You may already be using automation in Jira Service Management to help your teams focus on the work that really matters. But did you also know that you can also set up automation rules, based on the status of the services critical to your business? In this episode, we’ll be covering how you can build powerful automation and alerts for critical serv…
 
In this episode, we look at how the industry is fundamentally changing its approach to IT Operations and how Jira Service Management can help support this digital transformation. What you’ll learn In this episode, we look at how the industry is fundamentally changing its approach to IT Operations and how Jira Service Management can help support thi…
 
Do you need to improve the speed of service, but don’t have the time – or resources – to build a custom solution? Let’s show you how your company can use the flexible pre-built templates available in Jira Service Management, and apply them to your workflows. In this webinar, you’ll learn how to deliver service at speed, without compromising on qual…
 
CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memory safe languages, implementing phishing-resistant MFA, egress filtering, and how to approach code reviews Cider Security’s recently published research of the Top 10 CI/CD Security Risks acts to ident…
 
While APIs enable innovation, they’re increasingly targeted as a pathway to data. API abuses are often carried out through automated attacks, in which a botnet floods the API with unwanted traffic—seeking vulnerable applications and unprotected data. In this discussion, Karl Triebes shares what you need to know about the automated bot threats targe…
 
A critical OpenSSL vuln is coming this Tuesday, a SQLite vuln, Apple blogs about memory safety and bug bounties, determining a random shuffle The Web3 ecosystem is chock full of applications and projects that have lost money (and their customers’ money) due to breaches, code flaws, or outright fraud. How can security teams do a better job of protec…
 
Learn what keeps DevOps and SecOps up at night when securing Kubernetes, container, and cloud native applications, what tactics are best for developers and application architects to consider when securing your latest cloud application and hardening your CI/CD pipeline and processes. This segment is sponsored by Qualys. Visit https://securityweekly.…
 
Exploiting FortiOS with HTTP client headers, mishandling memory in Linux kernel Wi-Fi stack, a field guide to security communities, secure coding resources from the OpenSSF, Linux kernel exploitation Cybersecurity is a data problem. Accelerated AI enables 100 percent data visibility and faster threat detection and remediation. Find out how NVIDIA u…
 
We talk with Akira Brand about appsec educational resources and crafting better resources for developers to learn about secure coding. Segment Resources: - www.akirabrand.com - www.wehackpurple.com - www.owasp.org - www.brightsec.com/blog Rust arrives in the Linux Kernel, verdict in the Uber security case, overview(s) of JavaScript prototype pollut…
 
The core focus of this podcast is to provide the listeners with food for thoughts for what is required for releasing secured cloud native applications - Continuous, Multi-layer, and Multi-service analysis and focusing not only on the code, but also on the runtime and the infrastructure. - Focus on the vulnerabilities that matter. The critical, expl…
 
Applications are the most frequent external attack vector for companies. However, application security can improve only if developers either code securely or remediate existing security flaws — unfortunately, many don’t receive training with proper security know-how. In this session, we will talk about the state of application security education an…
 
Loading …

Quick Reference Guide

Copyright 2023 | Sitemap | Privacy Policy | Terms of Service