The Absolute AppSec duo returns with an in-depth episode talking about true and false positives, where context matters and business impact must be taken into account in order to avoid rabbit holes. This discussion spurred by a recent article from signalblur of magonia.io discussing alerts in a security operations center. In short, only considering existence of a flaw (or alert) is not enough by itself. True impact comes by understanding context. Anyone want t-shirts? A discussion of the recent successful phish of an npm package maintainer, resulting in exposure of millions of projects depending on popular npm packages. It happens, folks, protect yourself.

Ver todos los episodios