You are using an outdated browser. Please upgrade your browser to improve your experience.

Security Icon

Security

InfoSec, DevSec, Penetration Testing, etc.
64 episodes
All Topics

Practical AI Practical AI #294

AI is changing the cybersecurity threat landscape

Play
2024-11-05T19:40:00Z #ai +3 🎧 24,055

This week, Chris is joined by Gregory Richardson, Vice President and Global Advisory CISO at BlackBerry, and Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry. They address how AI is changing the threat landscape, why human defenders remain a key part of our cyber defenses, and the explain the AI standoff between cyber threat actors and cyber defenders.

Practical AI Practical AI #283

Threat modeling LLM apps

Play
2024-08-22T13:30:00Z #ai +2 🎧 28,854

If you have questions at the intersection of Cybersecurity and AI, you need to know Donato at WithSecure! Donato has been threat modeling AI applications and seriously applying those models in his day-to-day work. He joins us in this episode to discuss his LLM application security canvas, prompt injections, alignment, and more.

Ship It! Ship It! #94

Scoring your project’s security

Play
2024-03-09T23:00:00Z #ops +1 🎧 7,152

Autumn and Justin are joined by Chris Swan to discuss tech industry trends like AI and sustainability, gamifying the software development process and motivating devs to write more secure code, OpenSSF Scorecards and how they offer a way to measure and improve the security and compliance of GitHub repos, the scoring system, and the security posture of a repository.

Go Time Go Time #301

Go Capture the Flag! 🚩

Play
2024-01-31T16:30:00Z #go +2 🎧 13,457

Angelica is joined by Neil S Primmer & Benji Vesterby to share their experience organizing “Capture the Flag” at GopherCon 2023. CTF events involve teams vying for supremacy as they strive to gather digital flags (presented as strings) and successfully submit them to the competition organizers. In essence, it’s a thrilling “scavenger hunt for nerds.” Join us as we unravel the intricacies and excitement of this unique gaming experience!

Changelog Interviews Changelog Interviews #575

Shift left, seriously.

Play
2024-01-26T17:00:00Z #infosec +2 🎧 19,195

This week we’re going deep on security and what it takes to shift left, seriously. Adam is joined by Justin Garrison (co-host of Ship It), plus two members of the BoxyHQ team — Deepak Prabhakara, Co-founder & CEO and Schalk Neethling, Community Manager and DevRel as well as fellow Changelog Slack member.

We discuss how to shift left, the role of the developer and the burden of security, the importance of tooling, the difference between authentication and authorization, and a mindset change for when security takes place — it’s a matter of “when” not “who.”

JS Party JS Party #293

Web dev security school

Play
2023-09-21T20:30:00Z #javascript +1 🎧 16,035

This week, we’re joined by Ron Perris, a Security Engineer at Reddit and software security enthusiast. Together, we dive into best practices and common pitfalls, covering topics from dangerous URLs to JSON injection attacks. Tune in for an educational conversation, and don’t forget to bring your notebooks!

Changelog Interviews Changelog Interviews #557

Attack of the Canaries!

Play
2023-09-13T22:00:00Z #infosec +1 🎧 23,102

This week we’re joined by Haroon Meer from Thinkst — the makers of Canary and Canary Tokens. Haroon walks us through a network getting compromised, what it takes to deploy a Canary on your network, how they maintain low false-positive numbers, their thoughts and principles on building their business (major wisdom shared!), and how a Canary helps surface network attacks in real time.

JS Party JS Party #282

The massive bug at the heart of npm

Play
2023-07-07T16:30:00Z #javascript +3 🎧 16,943

Darcy Clarke, former GitHub Staff Engineering Manager and founder of vlt, joins us to discuss a major bug in the npm ecosystem that he recently disclosed. We cover the bug’s timeline, nuances, and impact, all while setting some important context on npm packages, clients, and registries. Tune in to learn how to protect your codebase and gain a deeper understanding of this crucial part of the JavaScript ecosystem.

JS Party JS Party #272

Making "safe npm"

Play
2023-04-21T17:15:00Z #javascript +2 🎧 16,669

Feross and his team at Socket recently shipped a wrapper library for the ubiquitous npm package manager’s command-line interface that brings enhanced security when you need it most: before executing any code

Bradly Farias lead this effort, so Jerod & Chris invited him on the show to learn all about it.

Player art
  0:00 / 0:00