This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Podcast 61"
From OWASP
m (Created page with ''''OWASP Podcast Series #57''' OWASP Interview with David Linthicum<br/> Published February ?, 2010<br/> [http://itunes.apple.com/WebObjects/MZStore.woa/wa/vi…') |
m |
||
| (4 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | '''[[OWASP_Podcast|OWASP Podcast Series]] # | + | '''[[OWASP_Podcast|OWASP Podcast Series]] #61''' |
| − | OWASP Interview with | + | OWASP Interview with Richard Bejtlich<br/> |
| − | Published | + | Published March 10, 2010<br/> |
| − | [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/itunes.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] | + | [http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/itunes.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png][http://www.owasp.org/download/jmanico/owasp_podcast_61.mp3 mp3] |
==Participants== | ==Participants== | ||
<ul> | <ul> | ||
<li> | <li> | ||
| − | <b>Richard Bejtlich</b> is the director of incident response at GE. He is also the author of [ http://taosecurity.blogspot.com http://taosecurity.blogspot.com] | + | <b>Richard Bejtlich</b> is the director of incident response at GE. He is also the author of |
| + | [http://taosecurity.blogspot.com http://taosecurity.blogspot.com] | ||
</li> | </li> | ||
| + | </ul> | ||
| + | |||
| + | == Questions == | ||
| + | #Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days? | ||
| + | #What's the difference between focusing on threats vs focusing on vulnerabilities? | ||
| + | #What is your problem with the "protect the data" mindset? | ||
| + | #What do you mean by "building visibility in"? | ||
| + | #What is your take on the Aurora/Google hack? | ||
| + | #You just tweeted that "Network Security Monitoring ideology is the proper mechanism to combat APT/APA". Do you think network IPS/IDS/WAF can help defend insecure web applications? What are the limits of Network Security Monitoring? | ||
| + | #How important a role do you think secure coding and secure software development life-cycle play in defending the enterprise? | ||
| + | #Have HIPAA, PCI, SOX and other regulations helped reduce risk in the average enterprise? | ||
| + | #Is seems pretty clear that attackers have a clear advantage. Why is that? How can we turn the tide? | ||
| + | #Any thoughts on OWASP? Are we helping the cause? | ||
| + | #Where are we going to be as an industry in 10 years? | ||
| + | #You blogged that "The trustworthiness of a digital asset is limited by the owner's capability to detect incidents compromising the integrity of that asset." Given that we don't have any high integrity database, identities or application servers - how do you detect a breach of integrity when there is no verifiable integrity in the system in the first place? | ||
Latest revision as of 12:52, 10 March 2010
OWASP Interview with Richard Bejtlich
Published March 10, 2010
Participants
- Richard Bejtlich is the director of incident response at GE. He is also the author of http://taosecurity.blogspot.com
Questions
- Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days?
- What's the difference between focusing on threats vs focusing on vulnerabilities?
- What is your problem with the "protect the data" mindset?
- What do you mean by "building visibility in"?
- What is your take on the Aurora/Google hack?
- You just tweeted that "Network Security Monitoring ideology is the proper mechanism to combat APT/APA". Do you think network IPS/IDS/WAF can help defend insecure web applications? What are the limits of Network Security Monitoring?
- How important a role do you think secure coding and secure software development life-cycle play in defending the enterprise?
- Have HIPAA, PCI, SOX and other regulations helped reduce risk in the average enterprise?
- Is seems pretty clear that attackers have a clear advantage. Why is that? How can we turn the tide?
- Any thoughts on OWASP? Are we helping the cause?
- Where are we going to be as an industry in 10 years?
- You blogged that "The trustworthiness of a digital asset is limited by the owner's capability to detect incidents compromising the integrity of that asset." Given that we don't have any high integrity database, identities or application servers - how do you detect a breach of integrity when there is no verifiable integrity in the system in the first place?
