Date: Mon, 04 Oct 2021 08:00:00 +0000
<p><span style="font-weight: 400;">This week, Jeffrey is joined by Troy Vinson; a Principal Software Architect at Clear Measure as a CISSP (Certified Information System Security Professional.) He is an experienced leader, architect, and problem-solver in Information Systems Security and Software Development technologies and has spent the majority of his career integrating computer science, information science, and cognitive science to assist in software development and the management of information.</span></p> <p> </p> <p><span style="font-weight: 400;">With October being CyberSecurity Awareness Month, Troy gives a rundown on everything that developers and development teams need to know regarding security, how to become more cyber security aware, the top ten web application security risks you need to look out for, how to keep your environment secure regardless or where you’re working from, and what you can putting in place today to improve your cyber security.</span></p> <p> </p> <p><strong>Topics of Discussion:</strong></p> <p><span style="font-weight: 400;">[:39] About</span> <em><span style="font-weight: 400;">The Azure DevOps Podcast</span></em><span style="font-weight: 400;">, Clear Measure; the new video podcast</span> <em><span style="font-weight: 400;">Architect Tips</span></em><span style="font-weight: 400;">; and Jeffrey’s offer to speak at virtual user groups.</span></p> <p><span style="font-weight: 400;">[1:11] About today’s episode with Troy Vinson!</span></p> <p><span style="font-weight: 400;">[1:23] Jeffrey welcomes Troy to the podcast.</span></p> <p><span style="font-weight: 400;">[1:30] What is CISSP?</span></p> <p><span style="font-weight: 400;">[2:53] Troy shares his career highlights and the path that led him to his current role in cyber security.</span></p> <p><span style="font-weight: 400;">[4:39] Why is October Cybersecurity Awareness Month?</span></p> <p><span style="font-weight: 400;">[6:18] What developers should be aware of when setting up a connected environment for themselves at home.</span></p> <p><span style="font-weight: 400;">[8:47] Troy’s favorite VPN services.</span></p> <p><span style="font-weight: 400;">[10:08] Best practice: Always work from a VPN, especially as a developer working from a public place.</span></p> <p><span style="font-weight: 400;">[10:25] What developers should keep in mind about source code when it comes to cyber security.</span></p> <p><span style="font-weight: 400;">[12:32] How to keep documents (that don’t quite fit in a source control repository) secure.</span></p> <p><span style="font-weight: 400;">[14:31] Troy highlights important security architecture models of practice.</span></p> <p><span style="font-weight: 400;">[15:56] How is the STRIDE model applicable?</span></p> <p><span style="font-weight: 400;">[17:59] A word from</span> <em><span style="font-weight: 400;">The Azure DevOps Podcast</span></em><span style="font-weight: 400;">’s sponsor: Clear Measure.</span></p> <p><span style="font-weight: 400;">[18:30] What is repudiation in the STRIDE model referring to? What is it in code changes? When is it necessary?</span></p> <p><span style="font-weight: 400;">[20:22] Are there test suites that developers can use to augment their functional tests that check for security measures?</span></p> <p><span style="font-weight: 400;">[23:16] Should development teams hire third parties to do audits versus doing it in-house?</span></p> <p><span style="font-weight: 400;">[24:36] What OWASP Top Ten is and why all of your engineers should be trained on it.</span></p> <p><span style="font-weight: 400;">[26:15] Is there a comprehensive list of web application security risks?</span></p> <p><span style="font-weight: 400;">[27:28] Troy highlights the importance of #6 on the OWASP Top Ten list: vulnerable and outdated components.</span></p> <p><span style="font-weight: 400;">[29:15] Rules of thumb regarding security for development teams when it comes to deployment and configuring environments</span></p> <p><span style="font-weight: 400;">[30:56] Free online courses for cyber security awareness that you can share with family members and friends.</span></p> <p><span style="font-weight: 400;">[33:52] Jeffrey thanks Troy Vinson for joining the podcast!</span></p> <p> </p> <p><strong>Mentioned in this Episode:</strong></p> <p><a href="http://architecttips.clearmeasure.com/"><em><span style="font-weight: 400;"> Architect Tips</span></em></a> <span style="font-weight: 400;">— New video podcast!</span></p> <p><a href="https://azure.microsoft.com/en-ca/services/devops/?&OCID=AID736756_SEM_7eul5uID"> <span style="font-weight: 400;">Azure DevOps</span></a></p> <p><a href="https://www.clear-measure.com/"><span style="font-weight: 400;">Clear Measure</span></a> <span style="font-weight: 400;">(Sponsor)</span></p> <p><a href="https://www.amazon.com/NET-DevOps-Azure-Developers-Architecture/dp/1484253426"> <em><span style="font-weight: 400;">.NET DevOps for Azure: A Developer’s Guide to DevOps Architecture the Right Way,</span></em> <span style="font-weight: 400;">by Jeffrey Palermo</span></a> <span style="font-weight: 400;">— Available on Amazon!</span></p> <p><a href="http://www.lulu.com/shop/jeffrey-palermo/net-devops-for-azure-ebook-edition/ebook/product-24094762.html"> <span style="font-weight: 400;">bit.ly/dotnetdevopsebook</span></a> <span style="font-weight: 400;">— Click here to download the</span> <em><span style="font-weight: 400;">.NET DevOps for Azure</span></em> <span style="font-weight: 400;">ebook!</span></p> <p><a href="https://www.youtube.com/channel/UC-ROXy08zc-qTA0-3GAQDLw"><span style="font-weight: 400;"> Jeffrey Palermo’s YouTube</span></a></p> <p><a href="https://twitter.com/jeffreypalermo?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor"> <span style="font-weight: 400;">Jeffrey Palermo’s Twitter</span></a> <span style="font-weight: 400;">—</span> <span style="font-weight: 400;">Follow to stay informed about future events!</span></p> <p><a href="https://devintersection.com/#!/?track=dev"><span style="font-weight: 400;">DEVintersection Conference</span></a> <span style="font-weight: 400;">— Dec. 7th‒9th in Las Vegas, Nevada</span></p> <p><a href="https://www.cisa.gov/cybersecurity-awareness-month"><span style="font-weight: 400;">Cybersecurity Awareness Month | CISA</span></a></p> <p><a href="https://staysafeonline.org/cybersecurity-awareness-month/"><span style="font-weight: 400;"> Cybersecurity Awareness Month | National Cybersecurity Alliance (NCSA)</span></a></p> <p><a href="https://nordvpn.com/country/canada/?vpn=brand&gclid=Cj0KCQjwwNWKBhDAARIsAJ8HkhcFJxtbDGhRzh8JM52y2LeXZ4BkJkvtRN2ymQukGMGy2oCmPSktOnoaAuSYEALw_wcB"> <span style="font-weight: 400;">NordVPN</span></a></p> <p><a href="https://www.expressvpn.com/?gclid=Cj0KCQjwwNWKBhDAARIsAJ8HkhfVxsnXGxF-sNq4vZV1JvKqLlaHG8kYGd3glFy2zqhEKj1_8m8-qOQaAilcEALw_wcB"> <span style="font-weight: 400;">ExpressVPN</span></a></p> <p><a href="https://securityintelligence.com/articles/what-is-stride-threat-modeling-anticipate-cyberattacks/"> <span style="font-weight: 400;">STRIDE Model</span></a></p> <p><a href="https://github.com/"><span style="font-weight: 400;">GitHub</span></a></p> <p><a href="https://www.devsecops.org/blog/2015/2/15/what-is-devsecops"><span style="font-weight: 400;"> DevSecOps</span></a></p> <p><a href="https://www.microsoft.com/en-ca/microsoft-365/sharepoint/collaboration?ms.officeurl=sharepoint&rtc=1"> <span style="font-weight: 400;">SharePoint</span></a></p> <p><a href="https://office.live.com/start/OneDrive.aspx?ui=en%2DUS&rs=US"><span style="font-weight: 400;"> One Drive</span></a></p> <p><a href="https://azure.microsoft.com/en-us/services/frontdoor/"><span style="font-weight: 400;"> Azure Front Door</span></a></p> <p><a href="https://docs.microsoft.com/en-us/azure/application-gateway/overview#:~:text=Azure%20Application%20Gateway%20is%20a,traffic%20to%20your%20web%20applications.&text=This%20type%20of%20routing%20is,URL%2Dbased%20routing%20and%20more."> <span style="font-weight: 400;">Azure Application Gateway</span></a></p> <p><a href="https://docs.microsoft.com/en-us/visualstudio/code-quality/net-analyzers-faq?view=vs-2019"> <span style="font-weight: 400;">FxCop</span></a></p> <p><a href="https://en.wikipedia.org/wiki/Roslyn_(compiler)"><span style="font-weight: 400;">Roslyn</span></a></p> <p><a href="https://www.sonarqube.org/?gads_campaign=North-America-DSA-SonarQube&gads_ad_group=DSA&gads_keyword=&gclid=Cj0KCQjwwNWKBhDAARIsAJ8HkhfDpleVAa31F8nzk8rysFc03hGPvhYyegualKFpqqrJfXPHNNPppdQaApvNEALw_wcB"> <span style="font-weight: 400;">Sonarqube</span></a></p> <p><a href="https://owasp.org/www-project-top-ten/"><span style="font-weight: 400;">OWASP Top Ten</span></a></p> <p><a href="https://www.sans.org/top25-software-errors/"><span style="font-weight: 400;">Top 25 Most Dangerous Software Errors CWE/SANS</span></a></p> <p><a href="https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html"><span style="font-weight: 400;"> 2021 CWE Top 25 Most Dangerous Software Weaknesses</span></a></p> <p> </p> <p><strong>Want to Learn More?</strong></p> <p><span style="font-weight: 400;">Visit</span> <a href="http://azuredevopspodcast.clear-measure.com/"><em><span style="font-weight: 400;">AzureDevOps.Show</span></em></a> <span style="font-weight: 400;">for show notes and additional episodes.</span></p>