Security – Software Engineering Daily

A large software company such as Dropbox is at a constant risk of security breaches. These security breaches can take the form of social engineering attacks, network breaches, and other malicious adversarial behavior. This behavior can be surfaced by analyzing collections of log data. Log-based threat response is not a new technique. But how should The post Grapl: Graph-Based Detection and Response with Colin O’Brien appeared first on Software Engineering Daily.

Infrastructure-as-code tools are used to define the architecture of software systems. Common infrastructure-as-code tools include Terraform and AWS CloudFormation.  When infrastructure is defined as code, we can use static analysis tools to analyze that code for configuration mistakes, just as we could analyze a programming language with traditional static analysis tools. When a developer writes The post Static Analysis for Infrastructure with Guy Eisenkot appeared first on Software Engineering Daily.

Zoom video chat has become an indispensable part of our lives. In a crowded market of video conferencing apps, Zoom managed to build a product that performs better than the competition, scaling with high quality to hundreds of meeting participants, and millions of concurrent users. Zoom’s rapid growth in user adoption came from its focus The post Zoom Vulnerabilities with Patrick Wardle appeared first on Software Engineering Daily.

Large software companies have lots of users, and the activity from those users results in high volumes of traffic. These companies also have a large surface area across the enterprise.  There are hundreds of services and databases that are fulfilling user requests. As these requests enter the infrastructure of the enterprise, the requests travel through The post Cloud Log Analysis with Jack Naglieri appeared first on Software Engineering Daily.

The software supply chain includes cloud infrastructure, on-prem proprietary solutions, APIs, programming languages, networking products, and open source software.  Each of these software categories has its own security vulnerabilities, and each category has tools that can help protect a company from attackers that are trying to exploit known vulnerabilities. As open source software has grown The post Snyk: Open Source Security with Guy Podjarny appeared first on Software Engineering Daily.

The modern software supply chain contains many different points of distribution: JavaScript frameworks, npm modules, Docker containers, open source repositories, cloud providers, on-prem firmware, IoT, networking proxies, and so much more. With so much attack surface, securing a large enterprise is an uphill battle. Jeff Williams is the CTO at Contrast Security, a company that The post Security Monitoring with Jeff Williams appeared first on Software Engineering Daily.

A Kubernetes instance occupies a wide footprint of multiple servers, creating an appealing target to an attacker, due to its access to a large pool of compute resources. A common attack against an exposed Kubernetes cluster is to take it over for the purposes of mining cryptocurrency. Thus it is important to keep a cluster The post Container Platform Security with Maya Kaczorowski appeared first on Software Engineering Daily.

Upcoming events: A Conversation with Haseeb Qureshi at Cloudflare on April 3, 2019 FindCollabs Hackathon at App Academy on April 6, 2019 Steve Herrod was the CTO at VMware and now works as a managing director at General Catalyst, where he focuses on investments relating to security. Large enterprises are difficult to secure. An enterprise The post Security Businesses with Steve Herrod appeared first on Software Engineering Daily.

Computational integrity is a property that is required for financial transactions on the Internet. Computational integrity means that the output of a certain computation is correct. If I deposit money into my bank, my bank sends me a number that represents the new balance in my account. I assume that the number they have sent The post StarkWare: Transparent Computational Integrity with Eli Ben Sasson appeared first on Software Engineering Daily.

The nature of software projects is changing. Projects are using a wider variety of cloud providers and SaaS tools. Projects are being broken up into more git repositories, and the code in those repositories are being deployed into small microservices. With the increased number of tools, repositories, and deployment targets, it can become difficult to The post Policy Enforcement with Shimon Tolts appeared first on Software Engineering Daily.

When Aran Khanna was a college student, he accepted an internship to work at Facebook. Even before his internship started, he started playing around with Facebook’s APIs and applications. Aran built a Chrome extension called Marauder’s Map, which used Facebook Messenger’s web APIs to track where people lived, what their schedule was, and other highly The post Digital Privacy with Aran Khanna appeared first on Software Engineering Daily.

If you have ever stayed in a short-term rental (like an Airbnb, HomeAway, or CouchSurfing), you have probably used the wifi network at that rental property. Why wouldn’t you? It’s no different than hopping on an open wifi network at an airport, or a Starbucks, or your friend’s house, right? One major difference: the hardware The post Hacking Your Short-Term Rental with Jeremy Galloway appeared first on Software Engineering Daily.

Last year, the WannaCry ransomware attack shut down hospitals, public transportation systems, and governments, demanding payment to unlock key computer systems. A programmer named Marcus Hutchins was able to stop WannaCry by registering a DNS entry buried in the WannaCry code. Not long after he stopped the WannaCry attack, Marcus Hutchins was arrested at a The post WannaCry’s Gray Hat with Reeves Wiedeman appeared first on Software Engineering Daily.

Employees often find themselves needing to do work outside of the office. Depending on the sensitivity of your task, accessing internal systems from a remote location may or may not be OK. If you are using a corporate application that shows the menu of your company’s cafe on your smartphone, your workload is less sensitive. The post Google BeyondCorp with Max Saltonstall appeared first on Software Engineering Daily.

Last month, Software Engineering Daily had our 4th Meetup at Cloudflare in San Francisco. For this Meetup, the format was short interviews with security specialists from Pinterest, Cloudflare, and Segment. Each of these companies has unique security challenges, but they also have overlap in their security strategies. Nick Sullivan, Amine Kamel, and Evan Johnson are The post Web Security at Cloudflare, Pinterest, and Segment appeared first on Software Engineering Daily.

Military force is powered by software. The drones that are used to kill suspected terrorists can identify those terrorists using the same computer vision tools that are used to identify who is in an Instagram picture. Nuclear facilities in Iran were physically disabled by the military-sponsored Stuxnet virus. National intelligence data is collected and processed The post Modern War with Peter Warren Singer appeared first on Software Engineering Daily.

When I log into my bank account from my laptop, I first enter my banking password. Then the bank sends a text message to my phone with a unique code, and I enter that code into my computer to finish the login. This login process is two-factor authentication. I am proving my identity by entering The post Secure Authentication with Praneet Sharma appeared first on Software Engineering Daily.

Public key encryption allows for encrypted, private messages. A message sent from Bob to Alice gets encrypted using Alice’s public key. Public key encryption also allows for signed messages–so that when Alice signs a message, Alice uses her private key and Bob can verify it if Bob has her public key. In both cases, Bob The post Keybase with Max Krohn appeared first on Software Engineering Daily.

A smart contract is a program that allows for financial transactions. Smart contracts are usually associated with the Ethereum platform, which has a language called Solidity that makes it easy to program smart contracts. Someday, we will have smart contracts issuing insurance, processing legal claims, and executing accounting transactions. Smart contracts involve money, and they The post Smart Contract Security with Emin Gün Sirer appeared first on Software Engineering Daily.

Static analysis is the process of evaluating code for errors, memory leaks, and security vulnerabilities. The “static” part refers to the fact that the code is not running. This differentiates it from unit tests and integration tests, which evaluate the runtime characteristics of code. If you use an IDE or a linter, you are using The post Static Analysis with Paul Anderson appeared first on Software Engineering Daily.