Threat Modeling, Secure-Coding-Handbook, Security Headers, and more

Update: 2021-08-12

Description

1. Jeevan Singh -- Threat modeling based in democracy

Jeevan joins us to speak about self-serve threat modeling at Segment or threat modeling based in democracy.

2. joswha/Secure-Coding-Handbook

Client side, Server Side, Auxiliary.

3. Security headers quick reference

Security headers recommended for all websites, websites that handle sensitive user data, and websites with advanced capabilities.

4. Cyber insurance isn't helping with cybersecurity, and it might be making the ransomware crisis worse, say researchers

The paper suggests that insurance should require 'minimum ransomware controls' as part of any ransomware coverage.

5. Microsoft Refining Third-Party Driver Vetting Processes After Signing Malicious Rootkit

If you sign something malicious, you allow it to bypass all your other security controls.

Comments

In Channel

Long Live SBOMs, Application Risk Profiling, Software Supply Chain, and more

2022-06-2302:25

Implementation of DevSevOps, Product Security Leads, GO Mitigations, and more

2022-06-0902:35

Hi/5: Automated Threat Modeling; In depth research; GitHub 99 designs/aws-vault; Nginx

2022-05-2602:49

Internal Secrets; SHA-256; 28,000 Vulnerabilities disclosed in 2021; Threat Modeling.

2022-05-1202:49

Terraform, CI/CD, Bug Bounties and more

2022-04-2802:39

Python Repos, Advanced SQL, NPM corruption, and more

2022-04-1202:32

XSS, Cybersecurity Management, OWASP Top Ten review, Web3 and more

2022-04-0503:03

ZAPping, AWS, and DevSecOps! Oh My!

2022-03-1703:31

Container Security, Securing our Software Future, Threat Modeling Medical Devices and more

2022-03-0203:06

Exact Dependencies, Insecure Design, How To Learn Stuff Quickly and more

2022-02-1703:06

Trojan Source Attacks, AppSec Things to Watch, AWS WAF's Dangerous Defaults and more

2022-01-2703:06

Holiday Hi/5: OWASP Top 10 Analysis, OWASP A08:2021, All Things SSRF, and more

2021-12-1702:41

Hi/5: Minimum Viable Secure Product, Bandit, Sigstore and more

2021-12-0202:41

Hi/5: WrongSecrets, IT Assets, OWASP Top 10, CORS and Password Wisdom

2021-11-1702:23

How Yahoo Built a Culture of Cybersecurity, minimaxir/big-list-of-naughty-strings, Issue #4409, OWASP A08:2021, Apache Servers

2021-10-2103:06

Threat Modeling, Highest Quality of Software Code, Cloud Company, and more

2021-10-0702:41

New and Growing Threats, HTTP/2, DefCon29, and More

2021-09-0204:34

Empty Npm Package, Privacy, Security Automation, and More

2021-08-2605:12

SQL Injection Vulnerabilities, Security Nihilism, Passwords, and More

2021-08-1904:42

Threat Modeling, Secure-Coding-Handbook, Security Headers, and more

2021-08-1204:52

00:00

Threat Modeling, Secure-Coding-Handbook, Security Headers, and more

#box-pro-ellipsis-176147377229370{-webkit-line-clamp:2;}Threat Modeling, Secure-Coding-Handbook, Security Headers, and more

Threat Modeling, Secure-Coding-Handbook, Security Headers, and more

Security Journey

Threat Modeling, Secure-Coding-Handbook, Security Headers, and more