Episode 303: Application Vulnerability Testing

We have these computers. And they are truly bastion hosts. Nothing comes in, and only that with which we want goes out. They’re perfect when we finish setting them up. Then people make changes and put apps on there. The changes we can mitigate, the apps require a little more analysis. A common strategy to manage that risk is to employ a reputation-based access such as dictated by zero trust - another is to test apps for vulnerabilities, which in a way feeds back into the zero trust decision mechanism in the end. But what kind of tests can be effective, especially since those compiled runtimes don’t tell us a lot about what’s going on. We’ll chat about this paradigm with today’s guest Niels Hofmans, and look for ways to fill up that task list for 2023! Hosts: Tom Bridge - @tbridge777 Charles Edge - @cedge318 Marcus Ransom - @marcusransom Guests: Niels Hofmans - @hazcod Transcript: Transcription of this episode brought to you by Alectrona Click here to read the transcript Links: Intigriti  Niels’ GitHub OWASP Foundation OWASP Mobile Application Security CodeQL NVD Belgian Beer Waffles Sponsors: Kandji Kolide dataJAR Watchman Monitoring If you're interested in sponsoring the Mac Admins Podcast, please email [email protected] for more information. Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast! The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson