Hashtag Realtalk with Aaron Bregg
Welcome to my little corner of the Internet!
In this channel I give 'real talk' about information security and technologies that impact both your business and personal lives. I try and focus on issues and items that can help you become more 'security curious'. The ultimate goal of help protect your personal and professional well being.
Employer Disclaimer - The opinions and views expressed in the podcast are not necessarily the views of my current employer, Corewell Health.
Legal Disclaimer - All of the security advice that I give is 'as is' and does not constitute real paid professional advice. As with everything security related, please seek second opinions from paid professionals. Photo by
Hashtag Realtalk with Aaron Bregg
Episode 36 - Let's Talk Secure Coding and Container Security
In this episode I talk with Clinton Herget about secure coding, container security and the importance of having a DevSecOps mindset. Clinton is the Principal Federal Solutions Engineer for Snyk.
Talking Points (including SSDLC diagram):
- Software Vulnerabilities can happen even before your first line of custom code (Open Source Libraries)
- Review an example of a Secure Software Development Lifecycle Diagram (SSDLC)
- Pros and cons of using a Static Application Scanning Tool (SAST)
- Pros and cons of using a Dynamic Application Scanning Tool (DAST)
- Container Security:
- Image scanning guidance
- Pros and cons of containers
Podcast Sponsor Info:
Snyk is a developer security company based out of Boston (Home of Great Chowdah) Massachusetts. Part of the sponsorship fees goes towards helping At Risk students in West Michigan.