Offline dengan aplikasi Player FM !
155: Bridging the Security Gap with Scott Arciszewski
Manage episode 217638898 series 2410493
In this weeks episode we are lucky to be joined by Scott Arciszewski to discuss all things Security. We start off by chatting about a recent talk he gave at DEF CON 25 and the importance of secure API design. From here we highlight Google Tink, misunderstandings of how PHP has changed over the years and what CVE’s are. This leads us on to delve into the tools and processes used within the reconnaissance phase of a security engagement. Finally, we briefly mention Quantum Computing and its impact on cryptography - followed by best practises for securely managing secrets within web applications.
Show Links
- Paragon Initiative Enterprises
- Scott Arciszewski on Twitter
- NaCl - Networking and Cryptography library
- google/tink
- PHP Implementation? - google/tink - GitHub
- PHP RFC - Flexible Heredoc and Nowdoc Syntaxes
- Common Vulnerabilities and Exposures (CVE)
- Common Weakness Enumeration
- Shodan
- Nmap - the Network Mapper
- Burp Suite Scanner
- Puppy Linux
- klange/ponyos - My Little Unix, Kernels are Magic!
- Fiddler - Web Debugging Proxy
- Charles Web Debugging Proxy
- OWASP Zed Attack Proxy Project - OWASP
- How and Why Developers Use Asymmetric (Public Key) Cryptography in Real-World Applications
- Secrets, Secrets, Are No Fun - PHP Roundtable
- Keeping Credentials Secure in PHP
- Securing Credentials for PHP with Docker
- Vault by HashiCorp
- AWS Secrets Manager
164 episode
Manage episode 217638898 series 2410493
In this weeks episode we are lucky to be joined by Scott Arciszewski to discuss all things Security. We start off by chatting about a recent talk he gave at DEF CON 25 and the importance of secure API design. From here we highlight Google Tink, misunderstandings of how PHP has changed over the years and what CVE’s are. This leads us on to delve into the tools and processes used within the reconnaissance phase of a security engagement. Finally, we briefly mention Quantum Computing and its impact on cryptography - followed by best practises for securely managing secrets within web applications.
Show Links
- Paragon Initiative Enterprises
- Scott Arciszewski on Twitter
- NaCl - Networking and Cryptography library
- google/tink
- PHP Implementation? - google/tink - GitHub
- PHP RFC - Flexible Heredoc and Nowdoc Syntaxes
- Common Vulnerabilities and Exposures (CVE)
- Common Weakness Enumeration
- Shodan
- Nmap - the Network Mapper
- Burp Suite Scanner
- Puppy Linux
- klange/ponyos - My Little Unix, Kernels are Magic!
- Fiddler - Web Debugging Proxy
- Charles Web Debugging Proxy
- OWASP Zed Attack Proxy Project - OWASP
- How and Why Developers Use Asymmetric (Public Key) Cryptography in Real-World Applications
- Secrets, Secrets, Are No Fun - PHP Roundtable
- Keeping Credentials Secure in PHP
- Securing Credentials for PHP with Docker
- Vault by HashiCorp
- AWS Secrets Manager
164 episode
Semua episode
×Selamat datang di Player FM!
Player FM memindai web untuk mencari podcast berkualitas tinggi untuk Anda nikmati saat ini. Ini adalah aplikasi podcast terbaik dan bekerja untuk Android, iPhone, dan web. Daftar untuk menyinkronkan langganan di seluruh perangkat.