Episodes

  • OWASP insecure design (noun)

    OWASP insecure design (noun)
    Apr 22 2025
    Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: “Oceans Eleven Problem Constraints Assumptions.” by Steve Jones, YouTube, 4 November 2015. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show more Show less
    8 mins
  • OWASP injection (noun)

    OWASP injection (noun)
    Apr 15 2025
    Please enjoy this encore of Word Notes. A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection Audio reference link: “APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities” YouTube Video. YouTube, March 19, 2018. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show more Show less
    7 mins
  • OWASP cryptographic failures (noun)

    OWASP cryptographic failures (noun)
    Apr 8 2025
    Please enjoy this encore of Word Notes. Code that fails to protect sensitive information. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-cryptographic-failure Audio reference link: Vandana Verma. “OWASP Spotlight - Project 10 - Top10.” YouTube Video. YouTube, January 4, 2021. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show more Show less
    7 mins
  • account takeover prevention (noun)

    account takeover prevention (noun)
    Apr 1 2025
    Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim. CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show more Show less
    6 mins
  • threat hunting (noun)

    threat hunting (noun)
    Mar 25 2025
    Please enjoy this encore of Word Notes. The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. CyberWire Glossary link: https://thecyberwire.com/glossary/threat-hunting Audio reference link: “My ‘Aha!" Moment - Methods, Tips, & Lessons Learned in Threat Hunting - sans Thir Summit 2019.” YouTube, YouTube, 25 Feb. 2020. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show more Show less
    7 mins
  • vulnerability management (noun)

    vulnerability management (noun)
    Mar 18 2025
    The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this. CyberWire Glossary link: https://thecyberwire.com/glossary/vulnerability-management Audio reference link: “Vulnerability Scanning - Comptia Security+ sy0-501 - 1.5.” YouTube, YouTube, 11 Nov. 2017, Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show more Show less
    8 mins
  • software bill of materials (SBOM) (noun)

    software bill of materials (SBOM) (noun)
    Mar 11 2025
    Please enjoy this encore of Word Notes. A formal record containing the details and supply chain relationships of various components used in building software. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show more Show less
    7 mins
  • zero trust (noun)

    zero trust (noun)
    Mar 4 2025
    Please enjoy this encore of Word Notes. A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Show more Show less
    9 mins
adbl_web_global_use_to_activate_webcro768_stickypopup