Enterprise Security Weekly Subscribe

Application security

Platform Security – PaaS & Hosting – Trey Ford – ESW #221

March 24, 2021

What security features does Heroku offer that the customer can control and how have these evolved over time?
How do you balance the security of the application, with the security of the deployment, with the security of the platform?
What are some tips and/or advice for deploying applications and keeping them secure during the lifecycle? (e.g. as a developer I may run applications in a secure environment, but then down the line someone runs my container with --privileged and exposes a security hole).

The goal being our audience learns what to consider when choosing a platform (or platforms) to run applications from a security perspective.

Full episode and show notes

Announcements

Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Executive Director, Deputy CISO at Vista Equity Partners

Transformational leader at the intersection of cybersecurity and strategy, with a passion for how compliance, legal, and privacy work together to deepen customer trust and stakeholder confidence. Deeply technical generalist, strategic advisor to ente

Hosts

Adrian Sanabria

Principal Researcher at The Defenders Initiative

https://adriansanabria.com

Paul Asadoorian

Principal Security Researcher at Eclypsium

https://securitypodcaster.com

VP Traceable.ai, Cyber Angel Investor and Advisor at 90 Degree Ventures

https://www.90degree.vc/

Related

Vulnerability Management

2024 End-of-Year News and Wrapup – ESW #388

December 19, 2024

As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!

Ancient Curl Bug, AWS re:Invent, Malware in NPM, Census III Report, MS OTP – ASW #311

December 16, 2024

Curl's oldest bug yet, RCPs (and more!) from AWS re:Invent, possible controls for NPM's malware proliferation, insights and next steps on protecting top 500 packages from the Census III report, the flawed design choice that made Microsoft's OTP (successfully) brute-forceable, and more! 00:00 - Intro & Cyber Resilience Insights 01:20 - The 25-Y...

Application security

Applying Usability and Transparency to Security – Hannah Sutor – ASW #311

December 16, 2024

Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and se...