ASW #209 - Kiran Kamity

The unique nature of cloud native apps, Kubernetes, and microservices based architectures introduces new risks and opportunities that require AppSec practitioners to adapt their approach to security tooling, integration with the CI/CD pipeline, and how they engage developers to fix vulnerabilities. In this episode, we'll discuss how AppSec teams can effectively manage the transition from securing traditional monolithic applications to modern cloud native applications and the types of security tooling needed to provide coverage across custom application code, dependencies, container images, and web/API interfaces. Finally, we'll conclude with tips and tricks that will help make your developers more efficient at fixing vulnerabilities earlier in the SDLC and your pen testers more effective. Segment Resources: https://www.deepfactor.io/kubernetes-security-essentials-securing-cloud-native-applications/ https://www.deepfactor.io/resource/observing-application-behavior-via-api-interception/ https://www.deepfactor.io/developer-security-demo-video/   Ideas on debugging with IDEs, Wiz.io shares technical details behind PostgreSQL attacks in cloud service providers, looking at the attack surface of source code management systems, a Xiaomi flaw that could enable forged payments, defensive appsec design from Signal, what targeted attacks mean for threat models when the targeting goes awry   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw209