SilverLining IL

The podcast for Security Architecture Hosted by Moshe Ferber and Ariel Munafo. The world of sof ... more

Hosted by

Latest Episodes

3

June 24, 2019 00:51:19
Episode Cover

Episode 3: Cloud Configuration Pitfalls

Attendees Guest: Evgeny Zislis Guest title:  CTO Company:  ProdOPS Abstract Over 90% of IaaS/PaaS security incidents happens on consumer fault. Cloud platforms are complicated, with steep learning curve and it is easy to make mistakes. In this podcast, we talk with Evgeny Zislis, CTO for ProdOPS about the common IaaS/PaaS security mistakes and misconfigurations, categorize them and talk about measures to reduce those mistakes and identify them on time.  Timing: 0:00 – 2:10 - intro and introducing our guest 2:10 -   31:05 - What are the common cloud misconfiguration and mistakes  Improper security group configuration Object storage negligence - open buckets on s3 Insecure storing of API/Access Keys - config file in open Github repo is not the best place to store access keys Vulnerable servers exposed (exposing your 5 years old, not updated linux server is not recommended) Fail to segregate different services into different accounts / vpc / subnets Everyday use of root account and relying on one account only 31:05 -  34:20  Avoiding cloud misconfigurations:  the process angle 34:20 -  38:33 Avoiding cloud misconfigurations:  the people angle 38:33 -  49:00 Avoiding cloud misconfigurations:  the technology angle    49.00 – 52:00 Summary and conclusions ...

Listen

2

April 22, 2019 00:33:27
Episode 2: Security Challenges Of Moving From Monolith To Micro-Services

Episode 2: Security Challenges Of Moving From Monolith To Micro-Services

Attendees Guest: Yuval Reut,  Guest title:  CIO & CISO  Company:  Riskified  Micro-services can bring enormous benefits into the organizations – giving flexibility and driving innovation. But Micro-services are also challenging from a security point of view. In this podcast, Yuval Reut, CIO & CISO for Riskified, will share his experience of moving an entire monolith application to a group of integrated micro services. Timing: 0:00 – 3:39 - intro and learning about Riskified 3:39 - 9:55 - CISO & CIO positions at SaaS startups 9:55 - 12:20 - moving from Monolith to Microservices – reasons for the move. 12:20 - 19:30 - technology challenges when moving to Micro services 19:30 - 25:00 - People challenges when moving to Micro services 25:00 – 29:35 - Process challenges when moving to Micro services        29.40 – 33:00 - Summary and conclusions ...

Listen

1

November 04, 2018 00:37:41
Episode 1: Security Challenges With The Growing World Of Serverless Functions

Episode 1: Security Challenges With The Growing World Of Serverless Functions

Attendees Guest: Ory Segal, Puresec Guest title:  CTO & Co-Founder at PureSec Company:  Puresec is the global leader in serverless architectures security.   Serverless functions are one the most interesting things that is happening in architecture of application development. With Serverless, application developers can stop worry about the underlying infrastructure and scalability of the application, but they must address other risks at application level. In this podcast we are interviewing Puresec CTO, Ory Segal , co-author of the top 12 risks to serverless applications   Timing 0:00 – 2:35 – intro 2:35 – 8:05 - what are Serverless functions 8:05- 12:20 - how Serverless is different (security wise) 12:20 -  19:40 - Serverless risks & threats 19:40 -  24:00 - common mistakes and misconfiguration with Serverless 24:00 – 29:30 - Serverless effect on people, process and technology 29:30 – 37:00 – Summary and conclusions ...

Listen