SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of sof ... more

Hosted by

Latest Episodes

20

August 03, 2020 00:52:42
Episode 20:  The Dark Side Of Privacy

Episode 20: The Dark Side Of Privacy

Attendees Guest: Menny Barzilay Guest title: Partner @ Herzog Strategic, CTO, ICRC, Tel Aviv University Abstract For our 20’ish episode we spoke with a very special guest, the one and only - Menny Barzilay.  Menny is one of the most interesting speakers in the cyber landscape, he is an expert in simplifying complex concepts, integrating interesting stories and great examples into stimulating review of technology challenges we are facing as a community. In this episode we talk with Menny about Privacy - why it is so hard to define what exactly is privacy in the modern age, what people miss about the concepts of privacy and how this affects our everyday lives. This talk will make you laugh, will make you sad and definitely will make you think. We hope you will enjoy listening to it as much as we enjoyed recording it.  Comment: since this is more of a lecture and not a regular podcast, we didn't add our regular podcast timing. Enjoy! Timing: 0:00 introducing our guest 5:25 Privacy  ...

Listen

19

August 02, 2020 00:40:22
Episode 19: Understanding Cloud Attack Vectors

Episode 19: Understanding Cloud Attack Vectors

Attendees Guest: Or Kamara Guest Title:  Senior team lead  Company:  Synk Abstract Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack. Timing: 0:35 Introducing our guest 4:10 introducing the story the capital one hack  5:45 The phases of the Capital One hack 7:50 The first misconfiguration - servers exposed to the internet unintentionally 11:05 the SSRF vulnerability and understanding meta-data service 19:38 Using API keys for browsing S3 and how to mitigate it 26:00 things that Capital One did right and additional insights 28:00 how should developers and IT  30:50 shifting from traditional security to new cloud security mindset 36:00 summary and final words ...

Listen

18

August 02, 2020 00:38:08
Episode 18: Testing Cloud Application

Episode 18: Testing Cloud Application

Attendees Guest: Bar Hofesh Guest Title:  Co-Founder Company:  Neurolegion Abstract Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly. Timing: 0:50 - introducing our guest 2:58 - the need to automate security testing - the challenge of developing faster 7:15 - so what is testing automation - describing the process - the code  integration stage 13:50  - security testing the packing and delivery stage 18:50 - testing live application stage 20:20 - appsec finding strategy - what do when found an alert 22:20 - Static analysis vs. dynamic analysis 24:58 - emerging technologies - RASP, IAST 30:50 - Is there still room for manual penetration testing? 34:05 - summary and last words ...

Listen

17

August 02, 2020 00:37:03
Episode 17: How to do penetration testing in cloud application

Episode 17: How to do penetration testing in cloud application

Attendees Guest: Oz Avenstein Guest Title:  Founder Company:  Avensec Abstract Penetration tests are one of the strongest controls that we use. It is testing the overall resilience of our application and allows us to be more confident in our workloads. But in the cloud era, cloud applications pen testing needs to be coordinated with the providers. In this episode we talk with Oz Avenstein, an application security expert, about the challenges of cloud penetration testing and how to do it correctly. Timing: 0.50 introducing our guest 3.40 How is cloud penetration tests different from regular pen tests? 5.01 elaborating about IaaS/PaaS particular pen test policies  8.45 pen testing SaaS applications  11.05 relaying on 3rd party pen testing 12.02 cloud pen test considerations and phases 17.35 the actual pen testing  21.20 the reporting phase 23.40 incorporating pen test into applications development cycle  34:00 Summary and last words   ...

Listen

16

February 12, 2020 00:56:21
Episode 16: Merging Cloud Based Startup Into Financial Giants

Episode 16: Merging Cloud Based Startup Into Financial Giants

Attendees Guest: Ori Troyna Guest title: Global head of product security at Payu Company: Payu Abstract Payu, a global fintech gaint acquired Zooz , a small payment startup.  In this episode we talk with Ori Troyna, Global head of product security at Payu about the challenges that such a merger between two very different companies with different engineering methodologies and how they cope with those challenges. Timing: 1.14 Ori introduce himself 11.40 challenges of merging small companies into financial giants. Integrating different technologies stacks into one.   18.33 how to build the organizational structure the consolidate the different companies and technology stacks  21.30 understanding the acquisition considerations of PayU and its effect on security considerations   27.0 solving the consolidation challenges - the people angel. Moving to tribes and clans and providing security goals  34.30 the difference between product security and IT security   36.0 solving the consolidation challenges - the process angel. How to integrate different tribes and clans to create one joint development backlog and mature devops   46.40 solving the consolidation challenges - the technology angel. Building global infrastructure that support multiple projects  53.22 summary and last words ...

Listen

15

January 28, 2020 00:38:46
Episode 15: Challenges Of Selecting SaaS Providers

Episode 15: Challenges Of Selecting SaaS Providers

Attendees Guest: Tal Arad Guest title: Former CISO Company: CEVA logistics Abstract Consuming SaaS from various vendors can be a challenging task, the first challenge is to distinguish who are the mature providers that you can trust your data with, and the second challenge is auditing them and their services. In this episode we talk with Tal Arad, former CISO of CEVA logistics about the challenges of selecting SaaS providers and how to auditing them wisely. Timing: 0:35 introducing our guest 02:30 Introducing Ceva Logistics and the CISO challenges 5:55 How to get started in as a new CISO  9:20 Challenges with SaaS providers - distinguishing between mature and immature Providers 16:15 tips for selecting SaaS providers 22:30 what happens when something happens and choosing providers carefully 24:50 Tips for managing ongoing relationships with SaaS providers 34:27 Summary and final words ...

Listen