#98 - The weakest link: why all software needs security?

During this episode we will go over common security breaches where the weakest service/software were exploited, why all components of a system should get their share of security evaluation, and why secure software design and coding are important for developers on all stacks. Guests Hammadi Agharass Souhail Mssassi Notes 0:01 - Intro and welcoming. 0:07 - Exciting security news: Log4j zero-day exploit meltdown. 0:13 - Java Naming and Directory Interface (JNDI). 0:16 - A brief introduction of security from your perspective? 0:22 - What are the software/system aspects that are more critically in need for security? 0:32 - The weakest links for system security: Physical security. 0:42 - The weakest links for system security: Network security. 0:49 - The weakest links for system security: Employees. 0:59 - Stuxnet, where employees contribute to getting malware to the org. 1:02 - Social engineering attack: FB & Google fraud attack. 1:04 - Small satellite apps: FBI website hack, ~100k email sent from a legit fbi.org email address. 1:35 - Secure coding principles for developers 1:45 - Securing small systems (usually considered irrelevant systems) 1:54 - How to secure frontend? 2:00 - How to make sure employees/developers machines are secure? 2:09 - How to manage secrets 2:28 - Wrap up and Goodbye Links Prepared and Presented by Mohamed Ez-zarghili