►
From YouTube: Secure Section Group Conversation (Public Livestream)
Description
No description was provided for this meeting.
If this is YOUR meeting, an easy way to fix this is to add a description to your video, wherever mtngs.io found it (probably YouTube).
A
Okay,
well
welcome
everyone
to
the
group
conversation
for
the
secure
section,
I'll,
be
your
MC
David
Santo
him
director
of
product
for
secure
and
defend
to
kind
of
kick
us
off
here.
I,
don't
want
to
go
through
the
slides,
like
we
have
in
the
past,
just
wanted
to
highlight
a
couple
of
items.
First,
we
have
some
new
team
members,
so
when
you
get
a
chance
to
go
through
the
slides,
you'll
see
we've
labeled
them
as
new.
These
people
started
since
the
last
group
conversation
we
had,
which
would
be
six
weeks
ago.
A
Furthermore,
we
keep
on
growing
the
team.
We've
had
some
good
success
here
shortly,
there's
still
a
lot
of
open
positions
left
to
fill
on
the
secure
team,
including
product
management,
people
within
UX,
as
well
as
within
development
on
front
end
and
back
ends.
And
finally,
we
have
a
lot
of
cool
things
have
recently
come
out
or
coming
out
here
shortly,
so
please
feel
free
to
check
that
all
out
and
learn
a
lot
more
about
what
we're
doing
in
secure.
A
A
Sure
so
Nicole
is
highlighting
a
major
project
that
we've
kicked
off.
The
overall
arching
goal
of
the
project
is
to
bring
all
of
secure
core
and
that's
not
our
intellectual
property.
The
components
like
the
gymnasium
acquisition,
as
well
as
some
other
ones,
we've
planned
here
shortly.
It's
referring
to
the
open
source
scanners
and
so
across
secure
or
I'm.
Sorry
cross
comes
analysis
stack
now
since
dynamic
analysis.
A
We
use
a
lot
of
OSS
tools
and
we
want
to
be
able
to
bring
that
to
core
and
allow
our
customers
to
secure
themselves
better,
get
into
better
dev
psych
office
practice
and
whatnot.
So
Nicole's
comment
is
that
we're
first
focusing
on
SAS
the
core,
so
the
core
SAS
team
is
working
on
what
it
means
to
separate
out
the
scanners
and
again
the
open
source
scanners
and
make
those
available
with
the
pipeline
at
that
free
level
a
core.
A
Furthermore,
they're
looking
at
also,
how
do
we
begin
to
provide
additional
value
within
premium
and
ultimate
for
those
security
features?
So
we're
very
excited
about
that
time.
We
can
talk
about
that
more
in
upcoming
calls
once
we
begin
to
move
things
down
right
now.
Our
goal
is
to
hopefully,
by
the
end
of
q4,
bring
a
couple
of
scanners
within
sassed
with
the
goal
of
over
the
next
six
to
nine
months.
B
Just
one
thing
to
call
out
specifically
for
a
lot
of
people
who
might
be
concerned
about,
but
you
know,
where
does
that
leave
ultimate
ultimate
is
designed
for
organizations
that
are
larger,
not
individual
developers
as
the
buyer,
and
in
that
particular
case,
the
value
of
security
is
not
in
knowing
about
the
vulnerabilities.
But
it's
in
having
policies
to
enforce
rules
around
how
you
feel
about
licenses
and
vulnerabilities,
and
so
all
of
that
stuff
is
today
in
ultimate.
C
Yes,
I'm
enterprise
sa
I
just
want
to
understand,
with
a
bit
more
that
is
T
scan
and
fast
and
how
the
align
in
the
competitive
market,
because
the
a
lot
of
enterprises
purchase,
for
example,
fortify
it
already.
How
we
stand
in
in
our
positioning
from
future
perspective
to
you
know
to
articulate
our
offerings
and
values
to
those
enterprise,
customers.
A
Absolutely
so
to
kind
of
start
I'll
do
them
in
the
opposite
order.
You
have
them
so
for
fuzzing,
we're
talking
about
generating
malformed
structures
to
test
the
stability,
reliability
and
potential
weaknesses
in
an
application
or
service,
so
for
a
fussing
standpoint
for
gitlab
we're
looking
at
it
from
three
different
angles.
A
The
first
is
doing
protocol
level
fuzzing
and
that's
probably
the
most
advanced
type
of
fuzzing.
You
can
do
so
imagine.
Somebody
is
working
on
a
new
HTTP
service.
Maybe
a
mail
relay
and
they're
leveraging
gitlab
to
that
development
and
will
even
say,
including
deploying
it
out
into
their
operations
environment.
A
If
you
look
at
I'll
use,
AWS
and
GCP
has
great
examples.
They
talk
a
lot
about.
You
know
no
need
to
use
our
UI,
you
can
just
integrate
with
our
API
and
we're
the
same
way
here
get
loud.
We
want
people
to
be
able
to
test
those
API
is
to
make
sure
again
they're
stable,
they're,
reliable
and
they
don't
have
security
weaknesses
in
them.
The
final
part
of
fuzzing,
which
is
something
that
we've
already
started,
development
on,
is
focused
on
web
vulnerability.
A
Scamming-
and
this
is
where
we're
taking
and
injecting
malformed
content
into
websites,
and
so
with
all
three
of
those
we
would
be
in
a
very
good
competitive
position.
A
lot
of
companies
today
pick
one
of
those
three
and
work
on
them.
We
have
the
faith
in
the
team,
whether
that's
leveraging
open
source
and
extending
it
building
our
own,
that
we
can
actually
be
a
leader
within
that
fuzzing
space.
Now,
if
we
I
guess
I
should
say
first
is
that
I
show.
Does
that
answer
your
question
on
fuzzing
before
I
come.
C
From
thousand
perspective,
I
was
particularly
interesting
from
API
approach
because
a
lot
of
enterprise
they
the
wait
until
very
end
after
the
UAT
to
do
a
so-called
penetration
test.
That's
where
they're
trying
to
do
some
fuzzing
I,
would
imagine
and
try
to
address
any
vulnerabilities,
but
it's
a
very
late
in
the
stage
of
the
lifecycle.
So
it's
great
hi
I
see
our
Sui
approach
not
only
addressing
API
but
also
from
web
app
perspective.
I.
Imagine
that
would
also
cover
mobile
mobile,
so.
B
C
A
A
lot
of
people
wait
to
later
in
the
cycle
to
begin
testing
and
by
providing
this
type
of
fuzzing
earlier
Nicole's
point
spinning
up
a
review
app
with
every
merge
being
able
to
verify
that
what
has
changed
and
did
it
cause
an
issue
I
think
is
a
huge,
competitive,
differentiator
and
so
I
know.
I'll
speak
for
Derrick
as
the
PM
for
that
space.
Matt
from
the
defense
team
has
been
holding
them
as
well.
A
Since
he's
only
been
here
a
couple
weeks,
all
females
are
very
excited,
along
with
the
engineering
team,
on
what
we're
gonna
be
able
to
do
in
the
fuzzing
space
for
I
asked.
So
that's
interactive
analysis
for
those
who
are
not
familiar.
This
is
basically
combining
for
a
high
level
the
concepts
of
sass
for
the
concepts
of
desks
so
being
able
to
actually
sit
within
the
code
and
monitor
the
behaviors
that
are
happening.
All
your
running,
a
test
things
like
fuzzing,
as
well
as
things
like
diced
or
more
blackbox
testing.
A
They
don't
have
that
visibility
of
what's
happening
in
the
code
in
real
time
and
that's
what
gives
I
asked
the
unique
is
in
the
industry
and
why
people
think
of
the
next
five
or
so
years
it
could
actually
replace
dynamic
analysis
and
their
testing
for
us.
That
is
something
that
is
much
further
out.
I,
don't
remember
the
exact
date
we
have
it
set.
I
know
man
Derek
are
also
on
the
call,
so
if
they
wanted
to
suggest
or
provide
a
data
stew
when
they're
targeting
minimal
for
that
I
just
know
it's
not
anytime.
A
In
the
next
three
or
four
months,
I
asked
from
a
competitive
standpoint
before
they
they
chime
in
here
will
give
us
a
nice
differentiation.
I'll
tell
you
that,
as
opposed
to
fuzzing
or
Dastur
SAS,
a
lot
of
is
tooling,
is
commercial,
only
there's
no
open
source.
There's
one
person
who
provides
an
open
source
community
version
of
their
I
asked,
but
you
must
use
it
via
their
portal,
so
they're
kind
of
keeping
it
within
their
environments.
D
A
Anything
you
wanted
to
add
to
that.
Nicole,
no
okay,
while
people
are
kind
of
typing
in
additional
questions,
I'll
take
this
opportunity
to
kind
of
highlight
one
thing:
we're
going
to
talk
about
a
little
bit
more.
The
next
group
conversation
with
further
along.
A
We
recently
did
a
change
to
the
secure
stage,
and
the
thing
I
want
to
highlight
here
is
we
created
a
new
group
and
you
can
see
everybody's
interim
on
because
we're
just
trying
to
figure
out
its
long-term
plan,
though,
within
that
we
added
in
your
category
and
that's
really
what
I
want
to
highlight.
You
can
see
that
we
have
attack
emulation
as
well
as
the
vulnerability
database,
that
vulnerability
database
is
the
research
team
that
already
pre
exists.
We're
moving
them
from
composition.
A
Analysis
to
this,
as
well
as
from
the
security
team
over
but
attack
emulation,
is
going
to
allow
us
to
have
that
Metasploit
like
functionality,
that
to
highlight
Sherry's
comment
earlier
that
pentesting
type
of
effect
within
our
portfolio
over
the
next
six
or
so
weeks.
As
we
continue
to
flesh
out
our
story,
there
will
update
the
page
here
and
I
recommend
you
check
back
before
him.
Otherwise,
the
next
group
conversation
will
we'll
spend
some
time
highlighting
it
while
we're
doing
it
and
what
makes
us
unique
in
the
space.