DotNet & More
Подкаст о .Net технологиях и не только. YouTube: https://www.youtube.com/playlist?list=PLbxr_aGL4q3R6kfpa7Q8biS11T56cNMf5 Обсуждайте: Telegram: https://t.me/dotnetmore_chat Следите за новостями: Twitter: https://twitter.com/dotnetmore Telegram channel: https://t.me/dotnetmore
#43 выпуск подкаста DotNet&More: Security и не только
Хакеры, взломы, скандалы, интриги, расследования. Все это и не только в новом выпуске нашего подкаста.
Мы часто экспериментируем и нам очень важно Ваше мнение. Поделитесь им с нами в опросе: https://forms.gle/jAi6PkyF4t7KVR7c7
Спасибо всем кто нас слушает. Не стесняйтесь оставлять обратную связь и предлагать свои темы.
Shownotes:
0:02:38 101 принципов безопасного приложения
0:07:16 Моделирование угроз
0:13:50 Чеклист безопасного приложения
0:35:53 SDLC
0:42:20 DevSecOps
0:50:17 Статические анализаторы
1:10:00 OWASP Top 10
1:18:14 Что нового в security?
1:34:00 Red Teaming Training
1:45:52 Offencive vs Defencive
2:02:23 Что почитать/посмотреть
Ссылки:
- https://youtu.be/-rQ3B5p5dUs : Владимир Кочетков — Теория Application Security .NET
- https://lab.wallarm.com/owasp-top-10-2021-proposal-based-on-a-statistical-data/ : OWASP Top-10 by Wallarm
- https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 : Dependency Confusion
- https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf : Рекомендации от MS
- https://blackhat.com/ : Blackhat конференция
- https://defcon.org/ : Defcon конференция
- https://www.phdays.com/ : PHDays конференция
- https://zeronights.ru/ : Zeronights конференция
- https://offzone.moscow/ : Offzone конференция
- https://www.amazon.com/Web-Application-Hackers-Handbook-Exploiting/dp/1118026470 : The Web Application Hacker's Handbook (web security для начинающих)
- https://securitydriven.net/ : Stan Drapkin
- https://portswigger.net/web-security : Актуальные лабы по web security
- https://www.mdsec.co.uk/knowledge-centre : MDSec, много интересных кейсов постэксплуатации с иcпользованием .NET, для любителей странного
- https://www.ndss-symposium.org/ndss2021/keynote-feb-23/ : Supply chain attack на Solar Winds
Educational
Interesting
Funny
Agree
Love
Wow
Are you the creator of this podcast?
and pick the featured episodes for your show.
Listen to DotNet & More
RadioPublic
A free podcast app for iPhone and Android
- User-created playlists and collections
- Download episodes while on WiFi to listen without using mobile data
- Stream podcast episodes without waiting for a download
- Queue episodes to create a personal continuous playlist
Connect with listeners
Podcasters use the RadioPublic listener relationship platform to build lasting connections with fans
Yes, let's begin connecting
Find new listeners
- A dedicated website for your podcast
- Web embed players designed to convert visitors to listeners in the RadioPublic apps for iPhone and Android
Understand your audience
- Capture listener activity with affinity scores
- Measure your promotional campaigns and integrate with Google and Facebook analytics
Engage your fanbase
- Deliver timely Calls To Action, including email acquistion for your mailing list
- Share exactly the right moment in an episode via text, email, and social media
Make money
- Tip and transfer funds directly to podcastsers
- Earn money for qualified plays in the RadioPublic apps with Paid Listens
Updated privacy policy: We have made some changes to our Privacy Policy. Please note that your continued use of the RadioPublic services following the posting of such changes will be deemed an acceptance of this update. Learn more.