Top 5 Myths About API Security and What to Do Instead - Robert Dickinson - ESW #354
Security Weekly Podcast Network (Audio)
Release Date: 03/22/2024
Security Weekly Podcast Network (Audio)
TikTok, Flowmon, Arcane Door, Brokewell, RuggedCom, Deepfakes, Non-Competes, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826Security Weekly Podcast Network (Audio)
On February 27, 2024, PCAST (President’s Council of Advisors on Science and Technology) sent a report to the President with recommendations to bolster the resilience and adaptability of the nation’s cyber-physical infrastructure resources. Phil was part of the team that worked on the report and comes on the show to talk about what was recommended and how we implement the suggestions. This week the crew discusses: When TVs scan your network, bad things can happen, PuTTY is vulnerable, Crush FTP, vulnerabilities that will never be fixed, CVEs are for vulnerabilities silly, you can test for...
info_outline Autonomous - I don't think that word means what you think it means - Adam Shostack, Ely Kahn - ESW #359Security Weekly Podcast Network (Audio)
A clear pattern with startups getting funding this week are "autonomous" products and features. Automated detection engineering Autonomously map and predict malicious infrastructure ..."helps your workforce resolve their own security issues autonomously" automated remediation automated compliance management & reporting I'll believe it when I see it. Don't get me wrong, I think we're in desperate need of more automation when it comes to patching and security decision-making. I just don't think the majority of the market has the level of confidence necessary to trust security products to...
info_outline Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland... - SWN #380Security Weekly Podcast Network (Audio)
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282Security Weekly Podcast Network (Audio)
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy adds how his experience with OWASP and the appsec community motivated him to create Crash Override and help projects like ZAP gain the support they deserve. Segment resources: CISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining...
info_outline What does DoD’s CMMC Requirement Mean for American Businesses - Edward Tuorinsky, Mike Lyborg - BSW #347Security Weekly Podcast Network (Audio)
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover: The background of CMMC Standardization of CMMC CMMC v3 changes and implementation timelines Best practices to prepare Segment Resources: The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at...
info_outline Win 95, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland... - SWN #379Security Weekly Podcast Network (Audio)
Win 95, Cheat Lab, LastPass, Kubernetes, Sandworm, Bloomtech, Frontier, 911, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outline From Hackers to Streakers - How Counterintelligence Teams are Protecting the NFL - Joe McMann - ESW #358Security Weekly Podcast Network (Audio)
Protecting a normal enterprise environment is already difficult. What must it be like protecting a sports team? From the stadium to merch sales to protecting team strategies and even the players - securing an professional sports team and its brand is a cybersecurity challenge on a whole different level. In this interview, we'll talk to Joe McMann about how Binary Defense helps to protect the Cleveland Browns and other professional sports teams. This week, Adrian and Tyler discuss some crazy rumors - is it really possible that a cloud security startup valued at over $8 billion in November 2021...
info_outline PCI 4.0 - Winn Schwartau - PSW #825Security Weekly Podcast Network (Audio)
Version 4.0 of the Payment Card Industry Data Security Standard (PCI DSS) puts greater emphasis on application security than did previous versions of the standard. It also adds a new “customized approach” option that allows merchants and other entities to come up with their own ways to comply with requirements, and which also has implications for application security. Specifically, PCI DSS 4.0 requires that by March 31, 2025, more testing of public-facing applications related to payment processing or other activities be considered “in scope” for compliance. Generally, any system that...
info_outline Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, & Josh Marpet - SWN #378Security Weekly Podcast Network (Audio)
Duo, Steganography, Roku, Palo Alto, Putty, Cerebral, IPOs, SanDisk, Josh Marpet, and more, on this Edition of the Security Weekly News. Visit for all the latest episodes! Show Notes:
info_outlineWhile awareness and attention towards cybersecurity are on the rise, some popular and persistent myths about cybersecurity have almost become threats themselves. API security requires a modern understanding of the threat landscape, with the context that most API providers desire to be more open and accessible to all. We will debunk the 5 worst myths about protecting your APIs.
Segment Resources:
- API Security Basics - Everything You Need to Know
- Graylog API Security - Gain Visibility & Control Over Your API Attack Surface
This segment is sponsored by Graylog. Visit https://securityweekly.com/graylog to learn more about API security!
In the enterprise security news,
Lots of funding news, including: - Nozomi Networks Raises $100 Million to Expand Industrial Cybersecurity Business - BigID Raises $60 Million at $1 Billion Valuation - J.P. Morgan Growth Leads $39 Million Investment in Eye Security - CyberSaint raises $21 million to accelerate market expansion Zscaler Acquires Avalor for $350 Million Cisco completes $28 bn acquisition of cybersecurity firm Splunk Airbus Calls Off Planned Acquisition of Atos Cybersecurity Group Cybersecurity firm Cato Networks hires banks for 2025 IPO, sources say
Visit https://www.securityweekly.com/esw for all the latest episodes!
Show Notes: https://securityweekly.com/esw-354