PHP's Git Server Hacked, Threat Modeling, SSRF Attacks, Deprecating TLS


Manage episode 291171880 series 2892732
By Security Journey. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

1. PHP's Git server hacked to add backdoors to PHP source code​
Supply chain attacks are bigger than vulns in open source; when the attack is deliberate, the stakes are higher.
2. Redefining Threat Modeling: Security team goes on vacation
We can all agree that threat modeling is non-negotiable; use Segment’s model as a reference for how to do threat modeling using a self-service approach.​
3. Software Security at Rocketship Pace
SAST is table stakes, but your SAST solution must eliminate the frustrations that many developers feel with loud tools that provide limited value.
4. SSRF Attack Examples and Mitigations​
Let’s get ahead of the OWASP Top Ten 2021 edition and start dealing with SSRF now!​
5. Deprecating TLS 1.0 and TLS 1.1
Goodbye, old friends! We don’t and won’t miss you at all, TLS 1.0 and 1.1.​

15 episodes