In this session we will walk through the steps required to securely communicate with your device using the Device Shadow service. This will include an overview of user authentication and authorization, connecting to AWS IoT, and using MQTT to communicate with the device’s “Device Shadow” to read and update its state. All this, using the … Read More
Our guest speaker at the event this week was Steven Pressman of Alpine Cyber Solutions. Here is his abstract, covering how to secure AWS-based applications. “Storing your data in AWS can be the best decision you ever make, or the worst nightmare you can fathom. It all depends on the decisions you make at the … Read More
Storing your data in AWS can be the best decision you ever make, or the worst nightmare you can fathom. It all depends on the decisions you make at the design and implementation phases of your project and the diligence you apply throughout your development and operations cycles. This presentation will take you through the biggest areas where you need to focus your efforts in order to keep your data safe at AWS, and will show some real-life examples of what could go wrong if you make compromises or allow bad practices
By Steve Pressman, President & Chief Solutions Architect at Alpine Cyber Solutions
Abstract Many believe that better security comes from robust independent gating, but DevOps has proven that you can safely deploy orders of magnitude faster without human gating. Comcast uses a DevSecOps approach which focuses on automation, speed and team ownership of end-to-end product security lifecycle. It’s agile and developer-focused. It’s about building security in rather … Read More
Justin Reagor attended “The Eleventh HOPE” – a conference from the Hacker Quarterly. This is his show review.
This talk has two parts. First, I will present technical ideas from research, including my own, that help secure software by construction. Even though these are reasonable ideas, however, the gap between academia and industry often prevents these ideas from becoming realized in practice. Second, I will discuss what prevents longer-term security solutions from being commercialized, how we started the Cybersecurity Factory accelerator bridge the research/industry gap, and how we can work together to address the issues that remain.
Social engineers use a dangerous combination of technology and old-fashioned con artistry to infiltrate organizations every day. In this talk we’ll walk through the social engineering process including research, target selection, attack selection, and attack execution.
Podcast: Play in new window | Download (Duration: 26:38 — 30.5MB) | Embed
Ken and Joel wrap up the year with a bit of conversation about smart watches, whether you’re a user of tools or conversationalist with your code, and a number of other little ditties.
Podcast: Play in new window | Download (Duration: 29:18 — 33.5MB) | Embed
YEAH! Integrating yeoman-style projects into a larger maven build – Addy Osmani comes up with the goods. Making Maven Grunt We buried the lead – NSA can get to everything Joel brings up the counter-point, an article by ARS. Vertx 2.0 Q&A on InfoQ w/Tim Fox – As per last week’s episode, Vert.X is an … Read More
Podcast: Play in new window | Download (Duration: 27:40 — 31.7MB) | Embed
It’s our 50th episode! More to come, now weekly. Send us feedback on @techcast. Topics ARS – You can crack iPhone auto-generated hotspot passwords in seconds – http://arstechnica.com/security/2013/06/new-attack-cracks-iphone-autogenerated-hotspot-passwords-in-seconds/ Android phone #s breeched by Facebook app – http://www.darkreading.com/mobile/android-phone-numbers-leaked-by-facebook/240157723 – ARS – The more complex the rules, the more annoying, and is it really more effective than just a longer … Read More
