A lot changed in the 4 years between the last two OWASP Top 10 lists. In this end user perspective*, security pro Dino Londis talks about those changes and argues that organizations need to address the most common web application attacks, even as they work to engineer a new generation of secure applications.
In this industry perspective, Thomas Hofmann of Flashpoint says that sensational coverage of advanced persistent threat (APT) actors does little to help small and mid sized firms defend their IT environments from more common threats like cyber criminals. The key to getting cyber defense right is understanding the risks to your firm and prioritizing investments to protect critical IT assets.
Podcast: Play in new window | Download (Duration: 35:55 — 41.1MB)Subscribe: Android | Email | Google Podcasts | RSSIn this episode of the Security Ledger Podcast we do a deep dive into the recent Black Report by NUIX – which flips the script by asking hackers and pen testers their opinions about how they hack firms and what defensive strategies and technologies work best at stopping them. Also: Rami Sass the CEO and co-founder of this week’s sponsor, WhiteSource Software, joins us in the Security Ledger studios to talk about how a white knuckle audit of his company’s open source dependencies eight years ago prompted him to start WhiteSource, which makes a tool for managing the open source software supply chains.
China poses a serious and immediate cybersecurity threat to the federal supply chain in part because of connections Chinese state-owned enterprises (SOEs) have to key tech companies working in the government sector, a report recently issued by the U.S. China Commission has found.
Podcast: Play in new window | Download (Duration: 33:08 — 37.9MB)Subscribe: Android | Email | Google Podcasts | RSSThis episode of The Security Ledger Podcast (#93) was sponsored by Keysight Technologies, a leading technology company that helps enterprises, service providers, and governments accelerate innovation to connect and secure the world. Check them out at Keysight.com. In this episode: with the May 25th go-live date of the EU General Data Privacy Regulation (GDPR) just around the corner, we talk with Cisco Chief Privacy Officer Michelle Dennedy about her expectations for the May 25th deadline and what lies beyond it. Also: with the 2018 RSA Conference now in the history books, we invited Steve McGregory, the Senior Director of Application and Threat Intelligence at Ixia in to talk about his big takeaways from the show. Steve also weighs in on one of the big trends this year: machine learning.