Hosted By
Guest: Tzachi Zornstain
Guest Title: Co-Founder & CEO, Dustico
Topic: Software Package Dependencies Attacks
Supply chain and software dependencies attacks are becoming more popular, and organizations are having a hard time coping with those types of vectors. In this episode, we spoke with Tzach Zornstain, Co-Founder at Dustico, about the difference between malicious software and vulnerable software, and how organizations should use 3rd party software for the development of their own applications securely.
Attendees Guest: Dalit Ben Israel Guest title: Partner, head of IT & Data protection practice Company: Naschitz Brandes Amir In the cloud era, the information security officer's new best friends are the lawyers in the legal department. Legal matters such as cross border data transfers, contractual controls and privacy laws becoming critical in cloud migrations. In this episode we talk with Dalit Ben Israel, Partner at NBlaw, about the legal challenges of cloud computing: cross border transfers, the rise of privacy laws and proper contract management and monitoring. Timing: 0:00 - Opening 2:03 - Introduction of our guest 4:95 - Considerations of data center location and the effect of the Schrems2 judgement invalidating the Privacy shield 12:50 - The roles and responsibilities of cloud providers and customers 15:27 - Choosing cloud providers - why do we need lawyers in the process and the obligation to enter into DPAs 20:00 - Specific challenges with SaaS and agreements with subprocessors 22:12 – Negotiating cloud contracts - what are the challenges? minimizing risks. 30:32 - Dispute resolution and venue of jurisdiction 33:24 - Ongoing contract monitoring 36:10 - Summary Connect with Dalit here: Email: [email protected] Website: www.nblaw.com ...
Attendees Guest: Oz Avenstein Guest Title: Founder Company: Avensec Abstract Penetration tests are one of the strongest controls that we use. It is testing the overall resilience of our application and allows us to be more confident in our workloads. But in the cloud era, cloud applications pen testing needs to be coordinated with the providers. In this episode we talk with Oz Avenstein, an application security expert, about the challenges of cloud penetration testing and how to do it correctly. Timing: 0.50 introducing our guest 3.40 How is cloud penetration tests different from regular pen tests? 5.01 elaborating about IaaS/PaaS particular pen test policies 8.45 pen testing SaaS applications 11.05 relaying on 3rd party pen testing 12.02 cloud pen test considerations and phases 17.35 the actual pen testing 21.20 the reporting phase 23.40 incorporating pen test into applications development cycle 34:00 Summary and last words ...
Attendees Guest: Asaf Hecht Guest Title: Security research team leader Company: CyberArk Abstract With the growth of cloud services, more knowledge is gathered on vulnerabilities and misconfigurations in cloud infrastructure. A great deal of this knowledge is coming from cloud security researchers. In this episode, we host Asaf Hecht, Security research team leader At Cyberark, for a conversation about cloud security research and the vulnerabilities they disclose are various cloud vendors. ...
