1d:I[2890,["266","static/chunks/870fdd6f-4fcc92c129a57d11.js","970","static/chunks/970-91a3a37cc668faba.js","857","static/chunks/857-3b2a1421afa266d2.js","965","static/chunks/app/podcasts/episode/%5BpodcastEpisodeGuid%5D/page-e939c6b91b4a25d4.js"],"default"] 1e:I[1318,["266","static/chunks/870fdd6f-4fcc92c129a57d11.js","970","static/chunks/970-91a3a37cc668faba.js","857","static/chunks/857-3b2a1421afa266d2.js","965","static/chunks/app/podcasts/episode/%5BpodcastEpisodeGuid%5D/page-e939c6b91b4a25d4.js"],"default"] 1f:T4dd,

In this episode we discussed all-things application security; from scanning, to designing with security in mind, through OWASP and sources of information we feel engineers in the world of dev / ops should be aware of and familiar with!

We talked about:

OWASP Top 10 - https://owasp.org/www-project-top-ten
Git leaks - https://github.com/zricethezav/gitleaks
12 Factor - https://12factor.net
Scanners: [Python Bandit: https://bandit.readthedocs.io/en/latest, Go: https://pkg.go.dev/golang.org/x/vuln/cmd/govulncheck]
Clair static analysis for containers: https://github.com/quay/clair
Bug Bounty platforms: HackerOne, Bugcrowd, Intigrity
BGP repo cleaner - remove secrets from git history: https://rtyley.github.io/bfg-repo-cleaner
Harden EKS - https://github.com/aws-samples/hardeneks

Meir's blog: https://meirg.co.il
Omer's blog: https://omerxx.com
Telegram channel: https://t.me/espressops

20:T822,

‌

Episode description

#8 - Application Security

Episode description