Browser security is crucial for protecting personal information and preventing malicious attacks, ensuring safe and private online experiences. In Episode 6 of The Security Detail, Chrome browser customer engineer Fletcher Oliver shares some of the top browser security risks and how to defend against them. We also discuss SURGe research that examines security risks associated with Chrome browser extensions.

Links:

- Chrome Safety: https://www.google.com/chrome/safety/

- Chrome Safe Browsing: https://support.google.com/chrome/answer/9890866

- Chrome Enhanced Safe Browsing: https://support.google.com/accounts/answer/11577602

- Chrome Enterprise Core:

https://chromeenterprise.google/

- SURGe research on Chrome browser extension security: https://www.splunk.com/en_us/blog/security/add-to-chrome-part-1-an-analysis-of-chrome-browser-extension-security.html

- Google's Permission Risk whitepaper download: https://storage.googleapis.com/support-kms-prod/H67pelgBrKlKSgvA24ooNwVYYx6emmcuJ0LD

- Chrome Enterprise Premium: https://chromeenterprise.google/products/chrome-enterprise-premium/

- Splunk integration in Chrome Enterprise Core: https://support.google.com/chrome/a/answer/12325467

- Google Chrome App for Splunk: https://splunkbase.splunk.com/app/6896

Application security is crucial for protecting sensitive data and ensuring the integrity and trustworthiness of software systems against cyber threats. In this episode, Tanya Janca, head of community and education at Semgrep discusses the importance of “shifting left” in the software development lifecycle, along with the best and worst practices in DevSecOps. Tanya has been coding and working in IT for more than 25 years and is the best-selling author of the book ‘Alice and Bob Learn Application Security’. You can follow Tanya on social media under the handle @SheHacksPurple.

Resources:

Semgrep website: https://semgrep.dev/

'Alice and Bob Learn Application Security': https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/B097NJSSV8

'Alice and Bob Learn Secure Coding': https://www.wiley.com/en-us/Alice+and+Bob+Learn+Secure+Coding-p-9781394171705

SheHacksPurple YouTube: https://www.youtube.com/channel/UCyxbNw11fMUgoR3XpVYVPIQ

SheHacksPurple website: https://shehackspurple.ca/

OWASP Global AppSec Conference: https://sf.globalappsec.org/

CISA Secure by Design: https://www.cisa.gov/securebydesign

Tanya's RSAC Talk on DevSecOps worst practices: https://www.rsaconference.com/library/Presentation/USA/2023/DevSecOps%20Worst%20Practices

RSAC Presentation: 'The End of DevSecOps?' by DJ Schleen: https://www.rsaconference.com/Library/presentation/usa/2024/the%20end%20of%20devsecops

Executive Order on Improving the Nation’s Cybersecurity (SBOMs): https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/

International law establishes norms and frameworks to ensure that States conduct their activities in a manner consistent with principles of sovereignty, responsibility, and human rights. In this episode, François Delerue, Assistant Professor of Law at IE University, discusses the application of international law to cyber operations, including the challenges with attribution and the threshold for cyberwarfare.

Resources:

- François Delerue's biography: https://francoisdelerue.eu/

- Cyber Operations and International Law: https://www.cambridge.org/core/books/cyber-operations-and-international-law/74D210E76E46531542AD27CECF07ABDE

- Tallinn Manual 2.0: https://www.cambridge.org/core/books/tallinn-manual-20-on-the-international-law-applicable-to-cyber-operations/E4FFD83EA790D7C4C3C28FC9CA2FB6C9

- "Russia Is Fighting for a Treaty That Could Soon Change the Internet Forever" (Newsweek): https://www.newsweek.com/russia-fighting-treaty-that-could-soon-change-internet-forever-1865118

- Microsoft's Digital Geneva Convention Proposal: https://www.microsoft.com/en-us/cybersecurity/content-hub/a-digital-geneva-convention-to-protect-cyberspace