Shake My Head – ASW #108
Full Audio
View Show IndexSegments
1. Using Rate Limiting to Protect Web Apps and APIs – Jack Zarris – ASW #108
Rate limiting can be used to protect against a number of modern web application and API attacks. We’ll discuss some of those attacks, including Object ID enumeration, in detail, will demo an attack and will show how using rate limiting in our solution can protect against these attacks.
To learn more about Signal Sciences, visit: https://securityweekly.com/signalsciences
Sponsored By
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
Guest
Jack Zarris is a Senior Sales Engineer with Signal Sciences. He has over 20 years of experience in the security industry, with focuses on web application and database security for on-prem and cloud hosted apps, product management, load balancing, and mobile device management and security.
Hosts
2. Highlights From the New Open Source Security and Risk Analysis Report – Tim Mackey – ASW #108
The 2020 OSSRA report shows that 91% of commercial applications contain outdated or abandoned open source components. The report, produced by the Synopsys Cybersecurity Research Center (CyRC), examines the results of more than 1,250 audits of commercial codebases, performed by the Black Duck Audit Services team. The most concerning trend in this year’s analysis is the mounting security risk posed by unmanaged open source, with 75% of audited codebases containing open source components with known security vulnerabilities, up from 60% the previous year. Similarly, nearly half (49%) of the codebases contained high-risk vulnerabilities, compared to 40% just 12 months prior.
To learn more about Synopsys, visit: https://securityweekly.com/synopsys
Sponsored By
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Layer 8 is Going Virtual! The conference will still be held on Saturday June 6th. Security Weekly listeners save $20 on their ticket by visiting layer8conference.com and using the promo code "SecurityWeekly" before selecting your ticket type! Please consider supporting Layer8 or one of their partner organizations when purchasing your ticket! Some of the Security Weekly team will be in our own channel on the Layer8 Discord server answering questions and possibly doing some contests!
Guest
Tim Mackey is a principal security strategist for the Synopsys Cybersecurity Research Center. As a security strategist, he applies his skills in distributed systems engineering, mission critical engineering, performance monitoring, large-scale data center operations, and global data privacy regulations to customer problems. An O’Reilly Media published author, Tim has also been covered in publications around the globe including Fortune, NBC News, Dark Reading, InfoSecurity Magazine, and The Straits Times.
Hosts
