Fabric of Confidence – ASW #98
Full Audio
View Show IndexSegments
1. InfoSec World Workshop: DevSecOps and Cultural Transformation – Dan Petit – ASW #98
Dan discusses his upcoming 2-day workshop at InfoSec World. The workshop is a "deep survey" into all things DevSecOps.
Guest
Dan Petit has been deep in the development world for most of his working life, serving as a developer, consultant, architect, and technical leader for a wide variety of companies in the aerospace, telecommunications, insurance, hospitality, logistics, and service industries. Throughout his career, Dan and his teams have been responsible for large-scale DevOps adoption and transformations, reducing cycle time of application changes from weeks to hours across dozens of agile development teams.
Hosts
2. Ghsotcat, Apache, NeTworks, Starliner – ASW #98
CVE-2020-1938: Ghostcat vulnerability in the Tomcat Apache JServ Protocol. IMP4GT: IMPersonation Attacks in 4G NeTworks demonstrates a proven insecurity on a layer above provably secure protocol, Boeing implementing more rigorous testing of Starliner after software problems shows how problems in cloud computing will be just the same in star systems, APIs are becoming a major target for credential stuffing attacks and don't have to target the login workflow, SSL/TLS certificate validity chopped down to one year by Apple’s Safari and how this can drive secure DevOps behaviors, and 5 key areas for tech leaders to watch in 2020.