Episode 18: Testing Cloud Application

Episode 18 August 02, 2020 00:38:08
Episode 18: Testing Cloud Application
SilverLining IL
Episode 18: Testing Cloud Application
/

Hosted By

Moshe Ferber Ariel Munafo

Show Notes

Attendees

Guest: Bar Hofesh

Guest Title:  Co-Founder

Company:  Neurolegion

Abstract

Application security is among the hardest things to get right. In this episode we are talking with Bar Hofesh from Neurolegion about the world of automated security testing - what are the challenges, what are the different stages of integration and delivery and how to perform each stage correctly.

Timing:

0:50 - introducing our guest

2:58 - the need to automate security testing - the challenge of developing faster

7:15 - so what is testing automation - describing the process - the code  integration stage

13:50  - security testing the packing and delivery stage

18:50 - testing live application stage

20:20 - appsec finding strategy - what do when found an alert

22:20 - Static analysis vs. dynamic analysis

24:58 - emerging technologies - RASP, IAST

30:50 - Is there still room for manual penetration testing?

34:05 - summary and last words

Other Episodes

Episode 41

August 25, 2021 00:40:02
Episode Cover

SilverLining Episode 41: Securing ci/cd pipeline using policy as code

Guest: Eran Leib (vp product), Maor Goldberg (CEO) Guest Title:  Founders at Apolicy (a sysdig company) Abstract: Infrastructure and policy as code is one of the hottest topics in security today. In this episode we spoke with Eran & Maor, founders at aPolicy (acquired by Sysdig shortly after the recording) ,  about cloud native security and how organizations should use automated policy templates for security CI/CD pipelines.   ...

Listen

Episode 28

November 11, 2020 00:29:02
Episode Cover

Episode 28: Analyzing Cloud Attack Vectors - SaaS Marketplaces and Office 365 BEC

Attendees Guest: Ofer Maor Guest title: Co-Founder & CTO  Company: Mitiga Abstract The recent increase of cloud based attacks gives us an opportunity to examine new attack vectors and how attackers exploit new services. In this episode we talked with Ofer Maor, Co-Founder at Mitiga, about new attack vectors in cloud computing and how attackers exploit new services such as marketplaces, community repos and other examples. Timing: 0:00 Introducing our guest and Mitiga 3:32 Preparing for cloud incident response  7:15 Cloud attack vector - malicious AMI 11:00 More attack vectors on marketplaces 13:18 Github attack vectors 18:15 attack vector - Business email compromise on 365 25:44 how to mitigate cloud incidents 27:58 Summary and last words ...

Listen

Episode 20

August 03, 2020 00:52:42
Episode Cover

Episode 20: The Dark Side Of Privacy

Attendees Guest: Menny Barzilay Guest title: Partner @ Herzog Strategic, CTO, ICRC, Tel Aviv University Abstract For our 20’ish episode we spoke with a very special guest, the one and only - Menny Barzilay.  Menny is one of the most interesting speakers in the cyber landscape, he is an expert in simplifying complex concepts, integrating interesting stories and great examples into stimulating review of technology challenges we are facing as a community. In this episode we talk with Menny about Privacy - why it is so hard to define what exactly is privacy in the modern age, what people miss about the concepts of privacy and how this affects our everyday lives. This talk will make you laugh, will make you sad and definitely will make you think. We hope you will enjoy listening to it as much as we enjoyed recording it.  Comment: since this is more of a lecture and not a regular podcast, we didn't add our regular podcast timing. Enjoy! Timing: 0:00 introducing our guest 5:25 Privacy  ...

Listen