- Resources
- DAST
- Application Security Testing
- Penetration Testing
- Vulnerability Management
Guide to DAST (Dynamic Application Security Testing)
Your primer for application security testing.
We explain the concept of penetration testing.
Comprehensive overview of vulnerability management.
- DevSecOps
- API Security
- Unit Testing
- Fuzzing
All the necessary knowledge to get started with DevSecOps
We take a deeper look into securing & protecting your APIs!
All you need to know about keys of unit testing & best practices.
We explore fuzzing and evaluate if it's the next big thing in cybersec.
- DAST
- Partners
- Contact
12 days of security: Day 11
Speaker 1: Hi, everyone, and welcome to the 12 days of security with Bright Security. My name is Amanda McCarvill and I am your host for day 11. And with me today I have Marko Perovic, who is one of our success engineers. Welcome, Marko.
00:00:19
Speaker 2: Hey. Well, thank you for having me.
00:00:21
Speaker 1: Absolutely. So to start off, can you tell us a little bit about yourself?
00:00:27
Speaker 2: Sure. My name is Marko and I’m a success engineer at Bright Security. I joined a company a year and a half ago. And my main, let’s say, job description is I help our customers after they buy, after they acquire our product to help them set up and to maintain their happiness in some kind of in some way and integrate their products with ours.
00:00:55
Speaker 1: What happened this year in cybersecurity that really stood out to you?
00:01:00
Speaker 2: Well, that’s an interesting question. Going back maybe a year. The most interesting, interesting thing for me was the Log4J vulnerability found at the end of 2021. Log4J was a library for Java, which was used to log messages within the software and has the ability to communicate with other services on the system. And when people found out this vulnerability, they were able to inject malicious code into the logs which were executed on the system. So that’s called remote code execution and it was found in a game I used to play a lot called Minecraft. And the worst problem is, is how many companies and how many products were using this library and how many were vulnerable at the time. So if I remember what was one of the most critical stuff we had in the last couple of years, which was really interesting to find, and a lot of systems today didn’t update to the latest version of that library. So a lot of stuff is vulnerable today as well.
00:02:11
Speaker 1: So on a more personal note, what challenges did you face and how did you overcome them?
00:02:18
Speaker 2: Hmm. Going back to the most, let’s say, challenging stuff I did so far was when we had new people in the company and onboarding new teammates, especially to our department. So the plan was how can we create an intuitive, easy to learn path for our colleagues, our new colleagues, for them to feel at home with the product, with clients, and how they could use their new knowledge to even promote themselves in this cybersecurity world, how their knowledge can even grow more. So I think that that was the biggest challenge on how to onboard new people, help them and get them to the standard we want to be and of course how to get ourselves to that standard as well. So.
00:03:08
Speaker 1: Absolutely. We definitely need to be constantly growing and improving in order to kind of meet that standard that’s always changing.
00:03:19
Speaker 2: Yeah. you mean you have to improve in yourself so you never, you cannot be static like.
00:03:25
Speaker 1: Definitely. So looking at the next couple of years, what do you think or what do you predict will happen, both the good and the bad?
00:03:37
Speaker 2: So. Coming first to mind could be artificial intelligence. And how is it evolving so far? And we are already enjoying the fruits of its labor. Um, well, I know from, from my experience that when the new AI like chats and something came to the world, people started testing them and to the point now they are so sophisticated. I know a couple of people who don’t use regular search engines. They just like to use the AI search bars. And if you come to mind, like I’m already imagining, like if you ever watched if Google was a guy, like a guy who was interested in Google, I think that would be the possible reality for our future. So that can be characterized as good, but also the bad, so that AI could be used for malicious intent. And even though they have some kind of protection, I think that like people could use the AI to generate maybe it could be used to create malware or ransomware or any other stuff. So I mean, there’s always the good and the bad, but the bad could be also really bad on this one.
00:04:53
Speaker 1: Absolutely. Yeah, It’s definitely a double edged sword.
00:04:57
Speaker 2: I mean, you never know what’s going to happen. So, yeah, I mean, it’s up to us to install some security practices. We can say so, but nothing prevents someone who knows how to create those AIs to just use them for malicious intent. So you never know.
00:05:20
Speaker 1: Absolutely. So one more question for you Marko, what security gift do you want for the holidays?
00:05:29
Speaker 2: Hmm. So going back, I mean, I joined cybersecurity because it looked fun. It’s something new. So we all started with, let’s say, some kind of ethical hacking. So one good thing I would love to get is a USB device called Rubber Ducky. So it has a lot of features could be used for education, whitehat, ethical hacking. So if I have a secret Santa, I really hope he’s listening.
00:05:59
Speaker 1: Perfect
00:06:02
Speaker 2: I hope.
00:06:02
Speaker 1: Yeah. Well, thank you so much Marko for being on the 12 days of security. And to you and everyone watching I want to wish you all a happy holidays. Bye everyone!