Coding Blocks avatar

Dexa/Coding Blocks

Learn more
Published Dec 20, 2021

PagerDuty's Security Training for Engineers

    Delve into PagerDuty's approach to security training as the episode underscores the criticality of responsible disclosure, modern framework adoption, and advanced data protection techniques like parameterized queries, hashing, and key stretching to shield systems from persistent threats like SQL injections.
    Episode Highlights
    Coding Blocks logo

    Topics covered

    Popular Clips

    Episode Highlights

    • Disclosure

      Responsible disclosure plays a crucial role in cybersecurity by managing vulnerabilities efficiently. Joe Zack explains that when a security researcher discovers a vulnerability, the company typically has 90 days to address it before the researcher releases the information publicly. This period allows companies to mitigate risks and develop patches, but it also highlights the importance of not relying solely on frameworks to handle security issues 1. Michael Outlaw emphasizes the need for proactive measures, such as sanitizing inputs and using open-source tools to stay informed about potential vulnerabilities 1.

         

      Framework Risks

      Relying solely on frameworks for security can be risky, as highlighted by Alan Underwood. He warns against the misconception that frameworks handle all security concerns, citing the example of a zero-day vulnerability in Grafana 2. Joe Zack adds that while frameworks like Dapper can help parameterize queries, developers should not entirely depend on them for input sanitization 2.

    Related Episodes