Any application that communicates with other systems or services will at some point require a credential or sensitive piece of information to operate properly. The question then becomes how best to securely store, transmit, and use that information. The world of software secrets management is vast and complicated, so in this episode Brian Kelly, engineering manager at Conjur, aims to help you make sense of it. He explains the main factors for protecting sensitive information in your software development and deployment, ways that information might be leaked, and how to get the whole team on the same page.
How secure are your servers? The best way to be sure that your systems aren’t being compromised is to do it yourself. In this episode Daniel Goldberg explains how you can use his project Infection Monkey to run a scan of your infrastructure to find and fix the vulnerabilities that can be taken advantage of. He also discusses his reasons for building it in Python, how it compares to other security scanners, and how you can get involved to keep making it better.
For any program that is used by more than one person you need a way to control identity and permissions. There are myriad solutions to that problem, but most of them are tied to a specific framework. Yosai is a flexible, general purpose framework for managing role-based access to your applications that has been decoupled from the underlying platform. This week the author of Yosai, Darin Gordon, joins us to talk about why he started it, his experience porting it from Java, and where he hopes to take it in the future.
Network protocols are often inscrutable, but if you have an effective way to experiment with them then they expose a lot of power. This week Guillaume Valadon explains how Scapy can be used to inspect your network traffic, test the security of your systems, and develop brand new protocols, all in Python!
Everyone who uses a computer on a regular basis knows the importance of backups. Duplicity is one of the most widely used backup technologies, and it’s written in Python! This week Kenneth Loafman shares how Duplicity got started, how it works, and why you should be using it every day.
As the internet and digital technologies continue to infiltrate our way of life, we are forced to consider how our concepts of identity and security are reflected in these spaces. Brian Warner joins me this week to discuss his work on privacy focused projects that he has worked on, including the Tahoe LAFS, Firefox Sync, and Magic Wormhole. He also has some intriguing ideas about how we can replace passwords and what it means to have an online identity.
If you write software then there’s a good probability that you have had to deal with installing dependencies, but did you stop to ask whether you’re installing what you think you are? My guest this week is Professor Justin Cappos from the Secure Systems Lab at New York University and he joined me to discuss his work on The Update Framework which was built to guarantee that you never install a compromised package in your systems.
Speech is the most natural interface for communication, and yet we force ourselves to conform to the limitations of our tools in our daily tasks. As computation becomes cheaper and more ubiquitous and artificial intelligence becomes more capable, voice becomes a more practical means of controlling our environments. This week Steve Penrod shares the work that is being done on the Mycroft project and the company of the same name. He explains how he met the other members of the team, how the project got started, what it can do right now, and where they are headed in the future.
Sandstorm.io is an innovative platform that aims to make self-hosting applications easier and more maintainable for the average individual. This week we spoke with Asheesh Laroia about why running your own services is desirable, how they have made security a first priority, how Sandstorm is architected, and what the installation process looks like.
Making sure that your code is secure is a difficult task. In this episode we spoke to Eric Brown, Travis McPeak, and Tim Kelsey about their work on the Bandit library, which is a static analysis engine to help you find potential vulnerabilities before your application reaches production. We discussed how it works, how to make it fit your use case, and why it was created. Give the show a listen and then go start scanning your projects!