The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
https://securityweekly.com/asw
ASW #225 - Dan Moore
Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Space, AWS making better defaults for S3, resources for learning Rust
This segment will discuss options for protecting your APIs. First, why protect them? Second, what are the options and the tradeoffs.
Segment Resources:
- https://stackoverflow.blog/2022/04/11/the-complete-guide-to-protecting-your-apis-with-oauth2/
- https://fusionauth.io/learn/expert-advice/
- https://fusionauth.io/learn/expert-advice/oauth/modern-guide-to-oauth
- https://oauth.net/2/
- https://tools.ietf.org/html/rfc6749
- https://datatracker.ietf.org/doc/id/draft-ietf-oauth-v2-1-07.html
- https://paseto.io
- https://securityboulevard.com/2021/11/biggest-api-security-attacks-of-2021-so-far/
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw225