Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279

Application Security Weekly (Video)

English - April 02, 2024 16:12 - 34 minutes - 153 MB Video - ★★★★ - 5 ratings
Technology News Tech News devops technology video applicationsecurityweekly appsec asw keithhoodlet paulasadoorian sdlcsecurity Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278

Next Episode: Top 10's First Update, Metasploit's Second Update, PHP Prepares Statements, RSA & MS - ASW #279

Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old data, irrelevant data, or made up data. Adrian Sanabria walks through some of the archeological work he's done to dig up the source of some myths. We talk about some of our favorite (as in most disliked) myths to point out how oversimplified slogans and oversimplified threat models lead to bad advice -- and why bad advice can make users less secure.

Segment resources:

https://www.oreilly.com/library/view/cybersecurity-myths-and/9780137929214/

Show Notes: https://securityweekly.com/asw-279