Mitigating at Design Time – Shaun Lamb – ASW #95
In this interview segment, Mike and John interview Shaun Lamb about strategies for how best to design applications so they are "secure by default" and have fewer incidents and vulnerabilities, How DevOps or DevSecOps positively changes the relationship between security and development/operations including: the application design process, security testing, and security education programs, and the security impact of applications moving to a microservices-based architecture running on Docker/Kubernetes and the role of an API Gateway.
Shaun Lamb works as a Principle Application Security Architect at SAS Institute where he focuses on application, API, and container security. With a background in web application development, he strives to design solutions that make it easy for developers and administrators to apply security controls.
WhatsApp Flaw, Dropbox Bug Bounty Program, Investigating Web Shell Attacks – ASW #95
This week in the Application Security News, Mike and John cover the following news stories: Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access, Dropbox bug bounty program has paid out over $1,000,000, Report Pins Cloud Security Woes on Flawed DevOps Processes, Ghost in the shell: Investigating web shell attacks, An Incident Impacting your Account Identity, and Some Google Photos videos in ‘Takeout’ backups were sent to strangers last November.
