SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of sof ... more

Hosted by

Latest Episodes

22

August 03, 2020 00:32:39
Episode 22: How To Do Add Open Source Code To Your Applications, Securely

Episode 22: How To Do Add Open Source Code To Your Applications, Securely

Attendees Guest: Liran Tal Guest title: Developer Advocate Company:  Synk Abstract Open source software takes a big part in our daily lives, and also in our development environments. Many applications developers rely on open source libraries &  tools and integrating it into their code. This is a great improvement for developers allowing them to innovate quickly and efficiently. But all this good comes with a big responsibility - open source software should be carefully examined in order to make sure its reliability. In this episode we talk with Liran Tal from Synk about the growing importance of adding security evaluation of open source software in the development cycle. Timing:  0:00 introducing our guest 5:50 what is the challenge of open-source security 10:05 - open source security - the people angel 16:00 - open source security - the process angel 24:55 - open source security - the technology angel 29:42 summary and last words ...

Listen

21

August 03, 2020 00:26:59
Episode 21: Building The Next Generation Of Cloud Services

Episode 21: Building The Next Generation Of Cloud Services

Attendees Guest: Eran Feigenbaum Guest title:  CSO, Oracle Cloud Abstract The first generation of cloud services began about 15 years ago and stretched until now, but it came with many built-in challenges due to lack of maturity and the fact that security was added on top and not present from the start. In this episode we talk with Eran Feigenbaum, CISO of Oracle cloud about the next generation of cloud services - how can we build cloud that is more secure,, immuned to miss-configuration and other pitfalls that are relevant to today's cloud services. Timing: 0:00 introducing our guest 5:40 Generation one of cloud infrastructure 8:40 so what is second generation of cloud infrastructure 10:30 how Oracle is planning to change the cloud market 11:40 how second generation cloud services can help with common mistakes such as misconfiguration 13:35 what cloud provider should do in order to increase security 16:05 how cloud providers can  be proactive with their customers 19:00 handling miss-configuration such as open buckets and lost API’s keys 23:40 summary and last words ...

Listen

20

August 03, 2020 00:52:42
Episode 20:  The Dark Side Of Privacy

Episode 20: The Dark Side Of Privacy

Attendees Guest: Menny Barzilay Guest title: Partner @ Herzog Strategic, CTO, ICRC, Tel Aviv University Abstract For our 20’ish episode we spoke with a very special guest, the one and only - Menny Barzilay.  Menny is one of the most interesting speakers in the cyber landscape, he is an expert in simplifying complex concepts, integrating interesting stories and great examples into stimulating review of technology challenges we are facing as a community. In this episode we talk with Menny about Privacy - why it is so hard to define what exactly is privacy in the modern age, what people miss about the concepts of privacy and how this affects our everyday lives. This talk will make you laugh, will make you sad and definitely will make you think. We hope you will enjoy listening to it as much as we enjoyed recording it.  Comment: since this is more of a lecture and not a regular podcast, we didn't add our regular podcast timing. Enjoy! Timing: 0:00 introducing our guest 5:25 Privacy  ...

Listen

19

August 02, 2020 00:40:22
Episode 19: Understanding Cloud Attack Vectors

Episode 19: Understanding Cloud Attack Vectors

Attendees Guest: Or Kamara Guest Title:  Senior team lead  Company:  Synk Abstract Cloud computing can bring interesting and new attack vectors. In this episode, we talk with Or Kamara, Senior team lead at Synk, about the Capital-one hacking and what can be learned from the event in order to better protect our networks. We will analyze the attack step by step and add mitigating controls that can help in preventing the next attack. Timing: 0:35 Introducing our guest 4:10 introducing the story the capital one hack  5:45 The phases of the Capital One hack 7:50 The first misconfiguration - servers exposed to the internet unintentionally 11:05 the SSRF vulnerability and understanding meta-data service 19:38 Using API keys for browsing S3 and how to mitigate it 26:00 things that Capital One did right and additional insights 28:00 how should developers and IT  30:50 shifting from traditional security to new cloud security mindset 36:00 summary and final words ...

Listen

18

August 02, 2020 00:38:08
Episode 18: Testing Cloud Application

Episode 18: Testing Cloud Application

Attendees Guest: Bar Hofesh Guest Title:  Co-Founder Company:  Neurolegion Abstract Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly. Timing: 0:50 - introducing our guest 2:58 - the need to automate security testing - the challenge of developing faster 7:15 - so what is testing automation - describing the process - the code  integration stage 13:50  - security testing the packing and delivery stage 18:50 - testing live application stage 20:20 - appsec finding strategy - what do when found an alert 22:20 - Static analysis vs. dynamic analysis 24:58 - emerging technologies - RASP, IAST 30:50 - Is there still room for manual penetration testing? 34:05 - summary and last words ...

Listen

17

August 02, 2020 00:37:03
Episode 17: How to do penetration testing in cloud application

Episode 17: How to do penetration testing in cloud application

Attendees Guest: Oz Avenstein Guest Title:  Founder Company:  Avensec Abstract Penetration tests are one of the strongest controls that we use. It is testing the overall resilience of our application and allows us to be more confident in our workloads. But in the cloud era, cloud applications pen testing needs to be coordinated with the providers. In this episode we talk with Oz Avenstein, an application security expert, about the challenges of cloud penetration testing and how to do it correctly. Timing: 0.50 introducing our guest 3.40 How is cloud penetration tests different from regular pen tests? 5.01 elaborating about IaaS/PaaS particular pen test policies  8.45 pen testing SaaS applications  11.05 relaying on 3rd party pen testing 12.02 cloud pen test considerations and phases 17.35 the actual pen testing  21.20 the reporting phase 23.40 incorporating pen test into applications development cycle  34:00 Summary and last words   ...

Listen