Vai offline con l'app Player FM !
#8 - Application Security
Manage episode 351363566 series 3419697
In this episode we discussed all-things application security; from scanning, to designing with security in mind, through OWASP and sources of information we feel engineers in the world of dev / ops should be aware of and familiar with!
We talked about:
- OWASP Top 10 - https://owasp.org/www-project-top-ten
- Git leaks - https://github.com/zricethezav/gitleaks
- 12 Factor - https://12factor.net
- Scanners: [Python Bandit: https://bandit.readthedocs.io/en/latest, Go: https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck]
- Clair static analysis for containers: https://github.com/quay/clair
- Bug Bounty platforms: HackerOne, Bugcrowd, Intigrity
- BGP repo cleaner - remove secrets from git history: https://rtyley.github.io/bfg-repo-cleaner
- Harden EKS - https://github.com/aws-samples/hardeneks
Meir's blog: https://meirg.co.il
Omer's blog: https://omerxx.com
Telegram channel: https://t.me/espressops
Capitoli
1. Intro to the episode (00:00:00)
2. OWASP Top 10 (00:00:44)
3. Bug bounty programs (00:01:29)
4. Javascript files, leaks, BGP history leaks cleaner (00:04:10)
5. Thirdparty libraries scanning (00:09:56)
6. Security design and considerations, 12 Factor apps (00:11:16)
7. Application secrets (00:14:07)
8. Vulnerability Static Analysis for Containers (00:15:40)
9. Configuration & Secrets - should be dynamic or static? (00:17:57)
10. This week's random finding: HardenEKS (00:22:00)
47 episodi
Manage episode 351363566 series 3419697
In this episode we discussed all-things application security; from scanning, to designing with security in mind, through OWASP and sources of information we feel engineers in the world of dev / ops should be aware of and familiar with!
We talked about:
- OWASP Top 10 - https://owasp.org/www-project-top-ten
- Git leaks - https://github.com/zricethezav/gitleaks
- 12 Factor - https://12factor.net
- Scanners: [Python Bandit: https://bandit.readthedocs.io/en/latest, Go: https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck]
- Clair static analysis for containers: https://github.com/quay/clair
- Bug Bounty platforms: HackerOne, Bugcrowd, Intigrity
- BGP repo cleaner - remove secrets from git history: https://rtyley.github.io/bfg-repo-cleaner
- Harden EKS - https://github.com/aws-samples/hardeneks
Meir's blog: https://meirg.co.il
Omer's blog: https://omerxx.com
Telegram channel: https://t.me/espressops
Capitoli
1. Intro to the episode (00:00:00)
2. OWASP Top 10 (00:00:44)
3. Bug bounty programs (00:01:29)
4. Javascript files, leaks, BGP history leaks cleaner (00:04:10)
5. Thirdparty libraries scanning (00:09:56)
6. Security design and considerations, 12 Factor apps (00:11:16)
7. Application secrets (00:14:07)
8. Vulnerability Static Analysis for Containers (00:15:40)
9. Configuration & Secrets - should be dynamic or static? (00:17:57)
10. This week's random finding: HardenEKS (00:22:00)
47 episodi
Все серии
×Benvenuto su Player FM!
Player FM ricerca sul web podcast di alta qualità che tu possa goderti adesso. È la migliore app di podcast e funziona su Android, iPhone e web. Registrati per sincronizzare le iscrizioni su tutti i tuoi dispositivi.