OWASP for everyone (S02E21) – Application Security PodCast
Play episode

This is the conclusion of Season 02 for the AppSec PodCast. In this episode, we focus in on all the OWASP goodness we’ve experienced this year. You’ll hear our favorite clips and explanations from a season full of OWASP. With the publication of this episode, season 02 is a wrap, and on to season 03 [...]

The post OWASP for everyone (S02E21) – Application Security PodCast appeared first on Security Journey Podcasts.

Cyber Work
Cyber Work
Getting started and moving up in IT and security
George McPherson, host of the “Blak Cyber” podcast, has an impressive background in IT and information security. On today’s episode, he discusses his cybersecurity journey, talks about his mentors and inspiration, and shares advice for learning cybersecurity and moving up the career ladder. – Get your free security awareness toolkit: https://infosecinstitute.com/ncsam2020  – Enter code “cyberwork” to get 30 days of free training with Infosec Skills: https://www.infosecinstitute.com/skills/ – View transcripts and additional episodes: https://www.infosecinstitute.com/podcast When George McPherson was pulled through the ranks and pinned as a 21-year-old Sergeant in the U.S. Army over 20 years ago, he learned two things about himself. He could accomplish anything he put his mind to, and he would always pull others up if he was in a position to do so. George prides himself on integrity, an insane work ethic, attention to detail and (his greatest super power) outside-the-box creativity. With 25 years in the technology industry, the first 18 in telecom and the last seven in cybersecurity, George has had the opportunity to work in industries such as the military, telecom, local government, healthcare and electric utility. About Infosec At Infosec, we believe knowledge is power when fighting cybercrime. We help IT and security professionals advance their careers with certifications and skills training. We also empower all employees with security awareness training to stay cybersafe at work and home. Driven by smart people wanting to do good, Infosec educates entire organizations to defend themselves from cybercrime. It’s what we do every day — equipping everyone with the latest security skills and confidence to be safe online. Learn more at infosecinstitute.com.
32 min
Defense in Depth
Defense in Depth
Allan Alford and David Spark
Leaked Secrets in Code Repositories
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-leaked-secrets-in-code-repositories/) Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What's their danger? And how can they be found and removed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Jérémy Thomas, CEO, GitGuardian. Thanks to this week's podcast sponsor GitGuardian. GitGuardian empowers organizations to secure their secrets - such as API keys and other credentials - from being exposed in compromised places or leaked publicly. GitGuardian offers a threat intelligence solution focused on detecting secrets leaked on public GitHub and an automated secrets detection solution which tightly integrates with your DevOps pipeline. On this episode of Defense in Depth, you’ll learn: * Putting passwords and other credential information inside of code simply happens. It is done by developers for purposes of efficiency, laziness, or simply forgot to take it out. * Given that exposing secrets is done by developers, these secrets appear in code everywhere, most notably in public code repositories like GitHub. * Exposed credentials can appear in SIEMS as it's being exported from the developers' code. * There is a shared responsibility model and cloud providers do have some ability to scan code, but ultimately code you put in your programs is your responsibility. * Scanning public code repositories should be your first step. You don't want to be adding code that has known issues. * Next step is to scan your own code and get alerts if your developers are adding secrets (wittingly or unwittingly) in their code. If you alert in real-time, it fits naturally within the DevOps pipeline and they will improve their secure coding skills. * Another option to deal with exposed secrets is to sidestep the problem completely and put in additional layers of security, most notably multi-factor authentication (MFA). A great idea, and yes, you should definitely include this very secure step, but it doesn't eliminate the problem. There are far too many authentication layers (many automated) for you to put MFA on everything. There will always be many moments of exposure.
29 min
Hacker Public Radio
Hacker Public Radio
Hacker Public Radio
HPR3192: A light bulb moment, part 3
_LED History_ The history of the LED revolution is both long and complex but I'll do my best to cover it. Please forgive me if I mispronounce some of the materials and processes I'm not a lighting expert as I stated right back at the beginning of this series. The following excerpts are from Wikipedia; the link will be in the show notes, https://en.wikipedia.org/wiki/Light-emitting_diode The LED or Light Emitting Diode first appeared as a practical electronic component in 1962, the earliest LEDs emitted low-intensity infrared light.[7] Infrared LEDs are used in remote-control circuits, such as those used with a wide variety of consumer electronics. The first visible-light LEDs were of low intensity and limited to red. Modern LEDs are available across the visible, ultraviolet, and infrared wavelengths, with high light output. A great deal of development and refinement was required to get to this point. The first commercial visible-wavelength LEDs were commonly used as replacements for incandescent and neon indicator lamps, and in seven-segment displays,[31] first in expensive equipment such as laboratory and electronics test equipment, then later in such appliances as calculators, TVs, radios, telephones, as well as watches (see list of signal uses). Until 1968, visible and infrared LEDs were extremely costly, in the order of US$200 per unit, and so had little practical use.[32] In 1968 Monsanto was the first organization to mass-produce visible LEDs, these were red LEDs suitable for indicators.[32] In February 1969, Hewlett-Packard introduced the HP Model 5082-7000 Numeric Indicator, the first LED device to use integrated circuit (integrated LED circuit) technology.[33] It was the first intelligent LED display, and was a revolution in digital display technology, replacing the Nixie tube and becoming the basis for later LED displays.[36] The early red LEDs were bright enough only for use as indicators, as the light output was not enough to illuminate an area. Readouts in calculators were so small that plastic lenses were built over each digit to make them legible. Later, other colors became widely available and appeared in appliances and equipment. The first blue-violet LED using magnesium-doped gallium nitride was made at Stanford University in 1972 by Herb Maruska and Wally Rhines In 1973 Pankove and Ed Miller demonstrated the first blue electroluminescence from zinc-doped gallium nitride, though the subsequent device Pankove and Miller built, the first actual gallium nitride light-emitting diode, emitted green light.[49][50] Today, magnesium-doping of gallium nitride remains the basis for all commercial blue LEDs and laser diodes. In the early 1970s, these devices were too dim for practical use, and research into gallium nitride devices slowed. In 1993, high-brightness blue LEDs were demonstrated by Shuji Nakamura of Nichia Corporation using a gallium nitride growth process.[56][57][58] In parallel, Isamu Akasaki and Hiroshi Amano in Nagoya were working on developing the important GaN deposition on sapphire substrates and the demonstration of p-type doping of GaN. This new development revolutionized LED lighting, making high-power blue light sources practical, leading to the development of technologies like Blu-ray[citation needed]. In 1995, Alberto Barbieri at the Cardiff University Laboratory (GB) investigated the efficiency and reliability of high-brightness LEDs and demonstrated a "transparent contact" LED using indium tin oxide (ITO) on (AlGaInP/GaAs). In 2001[62] and 2002,[63] processes for growing gallium nitride (GaN) LEDs on silicon were successfully demonstrated. In January 2012, Osram demonstrated high-power InGaN LEDs grown on silicon substrates commercially,[64] and GaN-on-silicon LEDs are in production at Plessey Semiconductors. _White LEDs and the illumination breakthrough_ Even though white light can be created using individual red, green and blue LEDs, this results in poor color rendering, since only three narrow bands of wavelengths of light are being emitted. The attainment of high efficiency blue LEDs was quickly followed by the development of the first white LED. In this device a cerium doped phosphor coating produces yellow light through fluorescence. The combination of that yellow with remaining blue light appears white to the eye. Using different phosphors produces green and red light through fluorescence. The resulting mixture of red, green and blue is perceived as white light, with improved color rendering compared to wavelengths from the blue LED/YAG phosphor combination. The first white LEDs were expensive and inefficient. However, the light output of LEDs has increased exponentially. The latest research and development has been propagated by Japanese manufacturers such as Panasonic, and Nichia, and by Korean and Chinese manufacturers such as Samsung, Kingsun, and others. This trend in increased output has been called Haitz's law after Dr. Roland Haitz.[79] Figure 1 Illustration of Haitz's law, showing improvement in light output per LED over time, with a logarithmic scale on the vertical axis Light output and efficiency of blue and near-ultraviolet LEDs rose and the cost of reliable devices fell. This led to relatively high-power white-light LEDs for illumination, which are replacing incandescent and fluorescent lighting.[80][81] Experimental white LEDs have been demonstrated to produce 303 lumens per watt of electricity (lm/w); some can last up to 100,000 hours.[82][83] However, commercially available LEDs have an efficiency of up to 223 lm/w.[84][85][86] Below are some comparisons for incandescent bulbs _Some figures I found online from Wikipedia_ https://en.wikipedia.org/wiki/Incandescent_light_bulb (Example figure for Standard Incandescent bulb only 12.6 lm / W) (Example figures for Halogen bulb being 24 lm / W) With LEDs continuing to get cheaper and even though for now they cost more than traditional bulbs, having this huge increase in electrical efficiency means the overall cost is significantly cheaper than that of incandescent bulbs.[87] While indicator LEDs are known for their extremely long life, up to 100,000 hours, lighting LEDs are operated much less conservatively, and consequently have shorter lives. LED technology is useful for lighting designers, because of its low power consumption, low heat generation, instantaneous on/off control, and in the case of single color LEDs, continuity of color throughout the life of the diode and relatively low cost of manufacture. LED lifetime depends strongly on the temperature of the diode. Operating an LED lamp in conditions that increase the internal temperature can greatly shorten the lamp's life. I now use LED lighting in my own home particularly in the areas where lighting is on for extended periods such as in the living room. As you can see we have come an extremely long way in a relatively short space of time with advancements continuing to accelerate. It's hard to appreciate the massive impact electric lighting has had on the world. It's even harder to imagine living in a time not that long ago where an expensive candle producing a puny amount illumination was the only source of light, with the added not inconsiderable fire risk of having a naked flame sharing a room with combustible materials. With all these deterrents it's little wonder that people just went to bed when the sun went down.
Logical Elegance
349: Open Down to the Transistor
Drew Fustini (@pdp7) spoke with us about building Linux, RISC-V cores, and many other things. Links, so many links! Drew is a board member of the BeagleBoard.org Foundation and of the Open Source Hardware Association (OSHWA.org). He is an open source hardware designer at OSHPark (he recommends their blog!). He writes a monthly column for Hackspace Magazine, for example The Rise of the FPGA in Issue 26 and  Intro to RISC-V.  Yocto is a tool to help build a Linux distribution specific to your board and application! Bootlin offers free training material for Yocto and OpenEmbedded (as well as many other things such as Embedded Linux and Linux kernel development). Or there is a video: Buildroot vs Yocto: Differences for Your Daily Job - Luca Ceresoli at Embedded Linux Conference. Or look at Embedded Apprentice Linux Engineer (e-ale.org). Or maybe another video: “Yocto Project Dev Day Virtual 2020 #3: Yocto Project Kernel Lab, Hands-On, Part 1” by Trevor Woerner. RISC-V is an open source processor core. Well, cores. But you can try them out in hardware even if you don’t want to play with an FPGA. The SiSpeed Longan Nano has a GigaDevices microcontroller dev board (with an OLED on board!, more info). Did you know you can run Linux on RISC-V? The cheapest method is emulation and Renode is brilliant for that. Here is Drew using it on the train (twitter). Sipeed boards with Kendryte K210 start at only $13 and can even run Linux (tutorial). There are also affordable open hardware FPGA with free software toolchain support like the ICE40 based Icebreaker and Fomu. For a bit more money, the bigger ECP5 can run Linux. Or look at Greg Davill’s wonderful Orange Crab. For a lot more money but on silicon, the Icicle with Microchip PolarFire SoC is aimed at corporate use. Or you can produce your own physical chips. For free (for a limited time). See the talk from Tim Ansell - Skywater PDK: Fully open source manufacturable PDK for a 130nm process Drew attends a lot of conferences, here are highlights from the past: * OHS 2020 wrist badge  * OHS 2018 epaper badge  * ELC-2018 EALE Buildroot - Thomas Petazzoni  * ELC-2018 EALE Bitbake YP - Behan Webster * Linux on RISC-V with open hardware and open FPGA tools * Sldies for Embedded Linux Conference * Video from FOSS North * Linaro Connect BoF: gpio and pinctrl in Linux kernel (Slides) * RISC-V: How an open ISA benefits hardware security (Slides) * (Hardwear.io video)   Here are some future conferences he’s planning to attend: * Embedded Linux Conference Europe ($50) October 26-29, 2020 (Virtual) * Yocto Project Virtual Summit ($40) October 29-30, 2020 (Virtual) * Open Hardware Summit March 13, 2020
1 hr 14 min
The 6 Figure Developer Podcast
The 6 Figure Developer Podcast
The 6 Figure Developer
Episode 167 – Manage Cloud Cost with Omry Hay
Omry is Co-Founder and CTO at env0, the first self-service cloud management platform for infrastructure as code (IaC) architecture.   Links https://twitter.com/omryhay https://twitter.com/envzero https://www.linkedin.com/in/omryhay/ https://github.com/omryhay1   Resources Cost estimation open source by Anton Babenko - https://github.com/antonbabenko/terraform-cost-estimation Terratag, open source to CLI tool that enables users of Terraform to automatically create and maintain tags across their entire set of AWS, Azure, and GCP resources - https://github.com/env0/terratag Cloud nuke - an open source project by gruntwork.io to delete all resources in you AWS account - https://github.com/gruntwork-io/cloud-nuke The FinOps foundation, Collaborative, Real-Time Cloud Financial Management - https://www.finops.org/ An Article about cloud waste - https://devops.com/the-cloud-is-booming-but-so-is-cloud-waste/ Blog post about how IaC is forcing a revolution in cloud cost - https://www.env0.com/blog/infrastructure-as-codes-cost-management-revolution   Sponsor This episode is brought to you by Talk Python Training. The 6 Figure Developer podcast is all about leveling up your career in the tech space. Learning a little bit of Python will allow you to take your expertise and 10x it with automation, APIs, and even AI. The best place on the internet to learn Python is over at Talk Python Training. Visit talkpython.fm/6figure to find your next level.   "Tempting Time" by Animals As Leaders used with permissions - All Rights Reserved × Subscribe now! Never miss a post, subscribe to The 6 Figure Developer Podcast! Are you interested in being a guest on The 6 Figure Developer Podcast? Click here to check availability!
42 min
More episodes
Clear search
Close search
Google apps
Main menu