Artwork

เนื้อหาจัดทำโดย The EPAM Continuum Podcast Network and EPAM Continuum เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดหาให้โดยตรงจาก The EPAM Continuum Podcast Network and EPAM Continuum หรือพันธมิตรแพลตฟอร์มพอดแคสต์ของพวกเขา หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่แสดงไว้ที่นี่ https://th.player.fm/legal
Player FM - แอป Podcast
ออฟไลน์ด้วยแอป Player FM !

Silo Busing 67: Andrew Whaley and Sam Rehman on App Security

25:28
 
แบ่งปัน
 

Manage episode 383159211 series 3215634
เนื้อหาจัดทำโดย The EPAM Continuum Podcast Network and EPAM Continuum เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดหาให้โดยตรงจาก The EPAM Continuum Podcast Network and EPAM Continuum หรือพันธมิตรแพลตฟอร์มพอดแคสต์ของพวกเขา หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่แสดงไว้ที่นี่ https://th.player.fm/legal
Going mobile: It’s going to create vulnerabilities. That’s the way things work with apps. They aren’t just friendly pieces of software that help you beat traffic or bring your favorite tunes into your eardrums… they are opportunities, rich ones, for the bad guys. Andrew Whaley, the Senior Technical Director (UK) at Promon and our guest on *Silo Busting,* says that with an app, “You have to be able to trust the security model that you've got around it.” Whaley talks with Sam Rehman, our Chief Information Security Officer and SVP, about how apps operate on a client-server model, but “all the client code is distributed outside of your enterprise.” Some of these users could well be criminals who, once gaining access to that code, could "reverse engineer it and come up with ways to attack that.” And the code in those apps can be a bit suspect. Whaley says that most apps are made up of 80% open-source software. “You know how many of those app developers go and build that source themselves from source and read over it before they compile?” he asks and then answers: “Probably close to zero.” Speaking of putting the work in… Rehman talks about calibrating “the level of effort that the attacker would have to go through versus the yield.” The trick is, he says, layering on cybersecurity techniques “so that the yield is not worth it for them.” Whaley replies that “once you layer obfuscation on, you then have this impenetrable forest” and that the “immediately accessible ways of attacking [an application] are taken off the table.” Together they chat about supply chain attacks, nonlinear programming, and more. Tune in and be safe(r)! Host: Glenn Gruber Editor: Kyp Pilalas Producer: Ken Gordon
  continue reading

165 ตอน

Artwork
iconแบ่งปัน
 
Manage episode 383159211 series 3215634
เนื้อหาจัดทำโดย The EPAM Continuum Podcast Network and EPAM Continuum เนื้อหาพอดแคสต์ทั้งหมด รวมถึงตอน กราฟิก และคำอธิบายพอดแคสต์ได้รับการอัปโหลดและจัดหาให้โดยตรงจาก The EPAM Continuum Podcast Network and EPAM Continuum หรือพันธมิตรแพลตฟอร์มพอดแคสต์ของพวกเขา หากคุณเชื่อว่ามีบุคคลอื่นใช้งานที่มีลิขสิทธิ์ของคุณโดยไม่ได้รับอนุญาต คุณสามารถปฏิบัติตามขั้นตอนที่แสดงไว้ที่นี่ https://th.player.fm/legal
Going mobile: It’s going to create vulnerabilities. That’s the way things work with apps. They aren’t just friendly pieces of software that help you beat traffic or bring your favorite tunes into your eardrums… they are opportunities, rich ones, for the bad guys. Andrew Whaley, the Senior Technical Director (UK) at Promon and our guest on *Silo Busting,* says that with an app, “You have to be able to trust the security model that you've got around it.” Whaley talks with Sam Rehman, our Chief Information Security Officer and SVP, about how apps operate on a client-server model, but “all the client code is distributed outside of your enterprise.” Some of these users could well be criminals who, once gaining access to that code, could "reverse engineer it and come up with ways to attack that.” And the code in those apps can be a bit suspect. Whaley says that most apps are made up of 80% open-source software. “You know how many of those app developers go and build that source themselves from source and read over it before they compile?” he asks and then answers: “Probably close to zero.” Speaking of putting the work in… Rehman talks about calibrating “the level of effort that the attacker would have to go through versus the yield.” The trick is, he says, layering on cybersecurity techniques “so that the yield is not worth it for them.” Whaley replies that “once you layer obfuscation on, you then have this impenetrable forest” and that the “immediately accessible ways of attacking [an application] are taken off the table.” Together they chat about supply chain attacks, nonlinear programming, and more. Tune in and be safe(r)! Host: Glenn Gruber Editor: Kyp Pilalas Producer: Ken Gordon
  continue reading

165 ตอน

ทุกตอน

×
 
Loading …

ขอต้อนรับสู่ Player FM!

Player FM กำลังหาเว็บ

 

คู่มืออ้างอิงด่วน