Securing Existing Applications with Joylynn Kirui
How do you secure your existing applications from the security exploits out there today? Carl and Richard talk to Joylynn Kirui about the challenges developers face in making secure applications. Joylynn talks about understanding the threat landscape and staying up to date on the CVEs that can represent a zero-day vulnerability to your application. There are a ton of tools to help make you aware of the potential risks, check out all the links in the show notes. And check out Joylynn's webinar on shifting application security left at https://aka.ms/DevSecOpsDNR
Guests:
Joylynn Kirui
Joylynn Kirui is an infosec evangelist who believes in empowering developers and users in general on security best practices. She has vast experience in web and mobile app security testing, DevSecOps and GSM security having previously worked in the telco industry for 6 years. She has a passion for mentorship and training students and empowering them. She has spoken in several conferences where she shares her knowledge in cyber security and software development. She is among the Top 50 Women in Cyber Security Africa 2020 finalists and Woman Hacker of the year Africa 2020. She is a Senior Cloud Security Advocate at Microsoft; Based in Nairobi, Kenya.
Links:
- AppVNext Training https://www.appvnext.com/training
- SQLite Exploit https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
- Microsoft Security Vulnerabilities https://msrc.microsoft.com/update-guide/vulnerability
- Azure Application Insights https://learn.microsoft.com/azure/azure-monitor/app/app-insights-overview?tabs=net&WT.mc_id=DT-MVP-10953
- Microsoft Defender for Cloud https://learn.microsoft.com/azure/defender-for-cloud/defender-for-cloud-introduction?WT.mc_id=DT-MVP-10953
- GitHub Security https://github.com/features/security
- Microsoft SBOM Tool https://github.com/microsoft/sbom-tool
- CVEDetails https://www.cvedetails.com/
- Microsoft Threat Modeling Tool https://learn.microsoft.com/azure/security/develop/threat-modeling-tool?WT.mc_id=DT-MVP-10953
- Microsoft Security Code Analysis https://learn.microsoft.com/azure/security/develop/security-code-analysis-overview?WT.mc_id=DT-MVP-10953
- OWASP Source Code Analysis Tools https://owasp.org/www-community/Source_Code_Analysis_Tools
- Microsoft Sentinel https://azure.microsoft.com/products/microsoft-sentinel/#overview
- Developer Digital Meetup Tour https://aka.ms/devsecopsdnr