Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
محتوای ارائه شده توسط MySecurity Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط MySecurity Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه Cyber Security Weekly Podcast
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The economy and the markets are "under surveillance" as we cover the latest in finance, economics and investment. Listen to Jonathan Ferro, Lisa Abramowicz and Annmarie Hordern for the top interviews from Bloomberg Surveillance Television. And join Tom Keene and Paul Sweeney for the best conversations from Bloomberg Surveillance Radio. Watch Surveillance TV LIVE each mornings: http://bit.ly/3P7nstQ. Watch Surveillance Radio LIVE weekday mornings: http://bit.ly/3vTiACF.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman and Rob Litterst from The Hustle.
…
continue reading
Technical interviews about software topics.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
Welcome to Crimetown, a series produced by Marc Smerling and Zac Stuart-Pontier in partnership with Gimlet Media. Each season, we investigate the culture of crime in a different city. In Season 2, Crimetown heads to the heart of the Rust Belt: Detroit, Michigan. From its heyday as Motor City to its rebirth as the Brooklyn of the Midwest, Detroit’s history reflects a series of issues that strike at the heart of American identity: race, poverty, policing, loss of industry, the war on drugs, an ...
…
continue reading
Diane Rehm’s weekly podcast features newsmakers, writers, artists and thinkers on the issues she cares about most: what’s going on in Washington, ideas that inform, and the latest on living well as we live longer.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Episode 364 - Software supply chain risks
Manage episode 364654667 series 1854687
محتوای ارائه شده توسط MySecurity Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط MySecurity Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Jane Lo, Singapore Correspondent speaks with Yakir Kadkoda, Security Researcher and Ilay Goldman, Security Researcher with Aqua Security
Yakir Kadkoda combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer.
Ilay Goldman specializes in discovering and analyzing novel security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Additionally, Ilay conducts research on open-source security and vulnerabilities. Prior to joining Aqua, he worked as a red teamer.
In this interview at Black Hat Asia, Yakir and Ilay explain the complexity of a modern software supply chain, and the dependency of a typical software development cycle on open-source code, and the wide array of tools and platforms.
They note that in this supply chain ecosystem, there are many vulnerable tools and platforms trusted by majority of developers.
To highlight some examples of these vulnerabilities, Yakir and Ilay divide the development flow of many organizations into different phases – Integrated Development Environments (IDEs), Source Code Managers (SCMs), Continuous Integration/ Development (CI/CD), Package management and more.
They point out, for instance, the potential of malicious IDE extensions that may be inadvertently trusted by developers, or how threat attackers could compromise accesses to package manager platforms to impersonate malicious packages.
They also share how they found tens of thousands of tokens of open source projects that have been leaked by CI/CD platforms, which could be exploited for lateral movement.
Wrapping up, they advise that software developers practice security-by-design – that whilst “security takes time”, fixing the problem later may incur even more costs and time.
Recorded 11th May 2023, 11am, Black Hat Asia 2023, Singapore Marina Bay Sands
#BHasia #mysecuritytv #supplychain #cybersecurity
155 قسمت
اشتراک گذاری
Manage episode 364654667 series 1854687
محتوای ارائه شده توسط MySecurity Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط MySecurity Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Jane Lo, Singapore Correspondent speaks with Yakir Kadkoda, Security Researcher and Ilay Goldman, Security Researcher with Aqua Security
Yakir Kadkoda combines his expertise in vulnerability research with a focus on discovering and analyzing new security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Prior to joining Aqua, Yakir worked as a red teamer.
Ilay Goldman specializes in discovering and analyzing novel security threats and attack vectors in cloud native environments, supply chain security, and CI/CD processes. Additionally, Ilay conducts research on open-source security and vulnerabilities. Prior to joining Aqua, he worked as a red teamer.
In this interview at Black Hat Asia, Yakir and Ilay explain the complexity of a modern software supply chain, and the dependency of a typical software development cycle on open-source code, and the wide array of tools and platforms.
They note that in this supply chain ecosystem, there are many vulnerable tools and platforms trusted by majority of developers.
To highlight some examples of these vulnerabilities, Yakir and Ilay divide the development flow of many organizations into different phases – Integrated Development Environments (IDEs), Source Code Managers (SCMs), Continuous Integration/ Development (CI/CD), Package management and more.
They point out, for instance, the potential of malicious IDE extensions that may be inadvertently trusted by developers, or how threat attackers could compromise accesses to package manager platforms to impersonate malicious packages.
They also share how they found tens of thousands of tokens of open source projects that have been leaked by CI/CD platforms, which could be exploited for lateral movement.
Wrapping up, they advise that software developers practice security-by-design – that whilst “security takes time”, fixing the problem later may incur even more costs and time.
Recorded 11th May 2023, 11am, Black Hat Asia 2023, Singapore Marina Bay Sands
#BHasia #mysecuritytv #supplychain #cybersecurity
155 قسمت
همه قسمت ها
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه Cyber Security Weekly Podcast
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
The economy and the markets are "under surveillance" as we cover the latest in finance, economics and investment. Listen to Jonathan Ferro, Lisa Abramowicz and Annmarie Hordern for the top interviews from Bloomberg Surveillance Television. And join Tom Keene and Paul Sweeney for the best conversations from Bloomberg Surveillance Radio. Watch Surveillance TV LIVE each mornings: http://bit.ly/3P7nstQ. Watch Surveillance Radio LIVE weekday mornings: http://bit.ly/3vTiACF.
…
continue reading
A daily dose of irreverent, offbeat, and informative takes on business & tech news. Hosted by Jon Weigell, Juliet Bennett Rylah, Mark Dent, Ben Berkley, Sara Friedman and Rob Litterst from The Hustle.
…
continue reading
Technical interviews about software topics.
…
continue reading
This feed includes all episodes of Paul's Security Weekly, Enterprise Security Weekly, Business Security Weekly, Application Security Weekly, and Security Weekly News! Your one-stop shop for all things Security Weekly!
…
continue reading
Daily update on current cyber security threats
…
continue reading
Welcome to Crimetown, a series produced by Marc Smerling and Zac Stuart-Pontier in partnership with Gimlet Media. Each season, we investigate the culture of crime in a different city. In Season 2, Crimetown heads to the heart of the Rust Belt: Detroit, Michigan. From its heyday as Motor City to its rebirth as the Brooklyn of the Midwest, Detroit’s history reflects a series of issues that strike at the heart of American identity: race, poverty, policing, loss of industry, the war on drugs, an ...
…
continue reading
Diane Rehm’s weekly podcast features newsmakers, writers, artists and thinkers on the issues she cares about most: what’s going on in Washington, ideas that inform, and the latest on living well as we live longer.
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
