We have these computers. And they are truly bastion hosts. Nothing comes in, and only that with which we want goes out. They’re perfect when we finish setting them up. Then people make changes and put apps on there. The changes we can mitigate, the apps require a little more analysis. A common strategy to manage that risk is to employ a reputation-based access such as dictated by zero trust - another is to test apps for vulnerabilities, which in a way feeds back into the zero trust decision mechanism in the end. But what kind of tests can be effective, especially since those compiled runtimes don’t tell us a lot about what’s going on. We’ll chat about this paradigm with today’s guest Niels Hofmans, and look for ways to fill up that task list for 2023!

Hosts:

• Tom Bridge - @tbridge777
• Charles Edge - @cedge318
• Marcus Ransom - @marcusransom

Guests:

• Niels Hofmans - @hazcod

Transcript:

Transcription of this episode brought to you by Alectrona

Click here to read the transcript

Links:

• Intigriti 
• Niels’ GitHub
• OWASP Foundation
• OWASP Mobile Application Security
• CodeQL
• NVD
• Belgian Beer Waffles

Sponsors:

• Kandji
• Kolide
• dataJAR
• Watchman Monitoring

If you're interested in sponsoring the Mac Admins Podcast, please email [email protected] for more information.

Get the latest about the Mac Admins Podcast, follow us on Twitter! We're @MacAdmPodcast!

The Mac Admins Podcast has launched a Patreon Campaign! Our named patrons this month include Weldon Dodd, Damien Barrett, Justin Holt, Chad Swarthout, William Smith, Stephen Weinstein, Seb Nash, Dan McLaughlin, Joe Sfarra, Nate Cinal, Jon Brown, Dan Barker, Tim Perfitt, Ashley MacKinlay, Tobias Linder Philippe Daoust, AJ Potrebka, Adam Burg, & Hamlin Krewson