This episode features an interview with Sean Wright. Sean is Head of Application Security at Featurespace, the world leader in Enterprise Financial Crime prevention for fraud and Anti-Money Laundering. He is an experienced application security engineer, having started his career as a software developer. His expertise is in web based application security with a special interest in TLS related subjects. And on this episode, Sean and host Andy Schneider discuss navigating AppSec in the cloud age, finding and leveraging security champions, and Sean’s take on open source as it relates to supply chain risks with third party software libraries.
Key Quotes
*”The thing that really scares me, we've seen it already with Python packages, NPM packages, Ruby packages, is those who actually intentionally put malicious code in there. There's things to steal secrets, crypto miners, the whole shebang. And that to me is probably the biggest worry I have around open source. Because trying to catch that…it's just, how do you do it? And just the massive volume that's there.”
*”Break down barriers between the security teams and the engineering teams. I don't see why there needs to be this friction. At the end of the day, you're working for the same company. You're trying to achieve the same goal. Work together, support one another. See each others’. Issues or frustrations, problem points, and try to achieve the same goal. And at the end of the day, it'll work out for everyone.”
*”How can we expect people to write secure code if they don't even know what that is like? Universities need to have some elements of this in the bachelor of science, computer science degrees. Embed that in, make it part of the curriculum. It doesn't have to be sophisticated. It can cover the top level stuff, but at least make people aware of it. There's this fixation on some of the more glamorous stuff in the industry. So we kind of ignore some of the stuff that really needs to be tackled. Go look at SQL injection, go look at cross site scripting, those kinds of things. It's been around for decades, yet we still haven't solved those problems. And they're not difficult problems to solve.”
*”You got all these new technologies, these new languages coming out, and now you have to not only know how to use those technologies, but use them securely. And that's probably where we need to start looking at building secure by default into the technologies rather than as a bolt on or afterthought. It's kind of happened over the years as well.”
*”I'm not just focused on AppSec. I engage with other areas of a security team because the security department's pretty small. That means I get exposure to other things, or I can help provide outside influence or thoughts, opinions that could help. So don't just fixate in your bubble. Work with other people, share ideas. Get engaged, things like community, different groups, and learning.”
Time Stamps
[0:30] Introducing Sean Wright, Head of AppSec at Featurespace
[1:06] Sean Wright: From Developer to Application Security Expert
[1:39] The Evolution of Software Development: Pre-Cloud to Cloud Era
[4:06] The Transformation of Application Security in the Cloud Age
[6:07] Effective AppSec Measures: Frameworks, Training, and Collaboration
[12:09] Navigating the Risks of Open Source and Third-Party Libraries
[18:15] Strategies for Managing Open Source Security Risks
[20:18] Why Software Remains Vulnerable
[21:01] The Importance of Secure Coding Education
[21:32] Addressing Long-Standing Security Issues
[22:40] The Rapid Pace of Technological Advancement
[23:22] Language Choices in Security
[25:26] Industry's Struggle with Cybersecurity
[28:37] Advice for Aspiring Security Professionals
[31:26] The Potential of AI in Application Security
[34:24] Future T
المعلومات
- البرنامج
- معدل البثيتم التحديث كل أسبوعين
- تاريخ النشر١١ رمضان ١٤٤٥ هـ في ٩:٠٠ ص UTC
- مدة الحلقة٣٩ من الدقائق
- الحلقة٢٠
- التقييمملائم