(2019-01-17): cloud and app security

[00:54:36] It's just one great example on how much we've become complacent, because until something hits you in your face, you don't realise how dangerous this stuff is.

Presented from an airport, we have Francesco Cipollone, founder of NSC42, with a rant filled talk about cloud security, securing the infrastructure, and security practices. Topics covered in this talk include:

  • application security;
  • vendor security;
  • securing the infrastructure;
  • enforcing good practices;
  • responsible disclosure;
  • Rant of the Episode: not doing the basic things right.

Some quotes to grab your interest:

  • [00:04:43] The best way, I think, to learn stuff is to teach;
  • [00:42:09] go back to the design board and start saying "this is what is right, this is what is wrong", and start doing that from a logging perspective;
  • [00:50:39] Your normal admin, at this point in time, is saying "Oh, this is boring! Why do I need the multi-factor"; while tomorrow, my normal admin is saying "Why am I accessing the production server without multi-factor?".

Also check out Frank's blog at https://medium.com/@FrankSEC42

Listen here: download

Hosted by Stu, episode production Lijnk, Meadow and the Moderators team.

Please subscribe!

Ep. 43, S in Cloudsecurity stands for... (with Francesco Cipollone)