Everand Logo

Welcome to Everand!

  • Discover this podcast and so much more

    Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

    Binary Planting, GitLab, and DevOps Pipelines - ASW #89

    Binary Planting, GitLab, and DevOps Pipelines - ASW #89

    FromApplication Security Weekly (Video)

    Start listeningView podcast show

    Binary Planting, GitLab, and DevOps Pipelines - ASW #89

    FromApplication Security Weekly (Video)

    ratings:
    Length:
    40 minutes
    Released:
    Dec 18, 2019
    Format:
    Podcast episode

    Description

    Binary Planting with the npm CLI is another way to describe one of our favorite attacks, GitLab Doles Out Half a Million Bucks to White Hats, Speculation & leakage: Timing side channels & multi-tenant computing from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model, How can we integrate security into the DevOps pipelines? By picking from many of the great resources in this article, Go passwordless to strengthen security and reduce costs -- and design your app to support these types of workflows, including account recovery. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode89
    Released:
    Dec 18, 2019
    Format:
    Podcast episode

    Titles in the series (100)

    Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.