Aug 30, 2022
We will review the primary needs for cloud security: - Guardrails against misconfiguration - Continuously Identify and Remediate Vulnerabilities in Cloud APIs, Apps, and Services - Observability, Protection, and Reporting against Compliance and Risk Policies - We will also review CNAPP -- Cloud Native Application...
Aug 23, 2022
The unique nature of cloud native apps, Kubernetes, and microservices based architectures introduces new risks and opportunities that require AppSec practitioners to adapt their approach to security tooling, integration with the CI/CD pipeline, and how they engage developers to fix vulnerabilities. In this episode,...
Aug 17, 2022
Let's talk about adding security tools to a CI/CD, the difference between "perfect" and "good" appsec, and my upcoming book. Segment Resources: https://community.wehackpurple.com #CyberMentoringMonday on Twitter Microsoft fixes an old bounty from 2019, rewards almost $14M on bounties in the past year, and releases a...
Aug 9, 2022
In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their...
Aug 4, 2022
In our first segment, we are joined by Manish Gupt, the CEO and Co-Founder of ShiftLeft for A discussion of how the changes and advancements in static application security testing (SAST) and intelligent software composition analysis (SCA) have helped development and DevSecOps teams work better together to fix security...