Ben Burkert of Anchor.Dev on the challenges of Internal Certificate Management

Summary:

In this episode, Timothy De Block chats with Ben Burkert about the challenges of managing internal certificate authorities (CAs) and certificates. Ben shares his experiences working with internal CAs at major companies and how those challenges inspired the creation of Anchor.dev.

Key Topics:

  • The Importance of Certificates: Ben explains how certificate mismanagement can lead to outages and business interruptions, and why automation is crucial.

  • TLS and ACME: Understanding how TLS secures communications and how ACME clients automate certificate management.

  • Anchor.dev: A cloud service that simplifies internal CA management and helps companies secure their internal networks with automated renewals and distribution.

  • LCL Host: A tool from Anchor.dev that enables HTTPS in local development environments, improving deployment workflows.

Links:

Contact Information:

Leave a comment below or reach out via the contact form on the site, email timothy.deblock[@]exploresec[.]com, or reach out on LinkedIn.

Check out our services page and reach out if you see any services that fit your needs.

Social Media Links:

[RSS Feed] [iTunes] [LinkedIn]


How to talk to developers

In this chatty edition of the Exploring Information Security podcast, AppSec Nerd Tanya Janca joins me to discuss how to talk to developers.

Tanya (@shehackspurple), is a former developer turned security person. She speaks regularly at conferences around the globe. The topics often focus on working with developers to improve security, which is something I believe in. She's a project lead for OWASP DevSlop.

In this episode we discuss:

  • Why working with the developers is important

  • How to talk to developers

  • What are the benefits of working with developers?

  • What are the top recommendations for talking to developers

How to build an AppSec Pipeline

In this foundational episode of the Exploring Information Security podcast, Matt Tesauro and Aaron Weaver join me to discuss the AppSec Pipeline.

Matt (@matt_tesauro) and Aaron (@weavera) are the project leads for the OWASP AppSec Pipeline. The project provides resources and guidance for building out your own appsec pipeline within a development team. Building a pipeline is important in helping get security embedded within software.

In this episode we discuss:

  • What is the OWASP AppSec Pipeline

  • How did it get started

  • Who should use the AppSec Pipeline

  • How to implement the AppSec Pipeline

What is the Orange Team?

In this colorful edition of the Exploring Information Security podcast, April Wright joins me to discuss the orange team.

April (@aprilwright) and I met earlier this year at ShowMeCon. She shared with me the concept of the Orange Team. Which is an idea around the security (blue) team working more closely with the development (yellow) team. I loved the idea and wanted to hear more. She spoke about the topic at BlackHat and DefCamp. Unfortunately, the recordings of her session haven't been released yet. So, I decided to have her on to discuss in more detail.

In this episode we discuss:

  • What is the orange team
  • How did the idea come about?
  • What are the activities of the orange team?
  • Who should participate

How to secure NodeJS

In this protuberance episode of the Exploring Information Security podcast, Max McCarty joins me to discuss how to secure NodeJS.

Max (@maxrmccarty) has a great course called Securing Your Node.Js Web App available on Pluralsight. The course is five and a half-hours long, walking through the basics on security. Security for NodeJS is not unlike security for other languages and technologies. If you can secure other web apps you can secure NodeJS.

In this episode we discuss:

  • What is NodeJS
  • How Max got started in NodeJS
  • Why it's important to secure NodeJS
  • How to secure NodeJS

More resources:

What is the Node Security Platform?

In this devtastic episode of the Exploring Information Security podcast, Adam Baldwin joins me to discuss the Node Security Platform (NSP).

Adam (@adam_baldwin) is the team lead at Lift Security and founder of the Node Security Platform. NSP is one of the simplest tools to put into a development life cycle for NodeJS. It checks for vulnerable packages in an environment during pull requests or builds. This allow developers to quickly and easily identify packages that put their applications at risk.

In this episode we discuss:

  • What is nsp?
  • How it should be used?
  • Where it should be used?
  • How to use it.

Resources: