Software Package Deconstruction Series

Deconstructing Video Conferencing Software: GoToMeeting & BlueJeans

GoToMeeting and BlueJeans Meet are two popular video conferencing tools, relied on by organizations of all sizes for global communication. But what threats and risks are lurking beneath the code? How are these standard tools impacting an enterprise's security posture? What does the code tell us about the build quality and risk profile?

In this episode, Tim Stahl deconstructs these video conferencing tools, exposing the threats hidden within, and discusses how your organization can address these potential threats.

Watch Episode

Deconstructing Enterprise VPNs: SonicWall, Check Point & OpenVPN

Knowing how your VPN tools are constructed, whether they exhibit any suspicious functionality, contain vulnerabilities and outdated components, or represent a risk to the data they are meant to protect is critical. Trust but verify!

Watch as Tim Stahl deconstructs these common tools, exposing the threats hidden within, and discusses how your organization can address these potential threats.

Watch Episode

Software-Package-Deconstruction-Uncover Software Vendor Risk

Uncover Software Vendor Risk: How to use Software Supply Chain Analysis to Assess CI/CD Pipelines

By using information revealed from a software package analysis, you'll gain insight into a vendor’s CI/CD pipeline, which will enhance your risk assessments and product evaluations by scoring the software vendors themselves.

Watch Episode

Reducing-False-Positives-in-the-SOC-with-Software-Analysis Deconstruction Series

Reducing False Positives in the SOC through Software Analysis

On Demand

Software supply chain analysis can reveal important information that security teams can leverage to tune detections across security solutions before deploying new software. Preventing false positives, and time wasted doing investigations related to expected application behaviors (EDR detections) and network traffic elements, can save significant resources for today’s overworked security teams.

Watch Episode

Software-Package-Deconstruction-OneDrive-and Dropbox

Deconstructing OneDrive and Dropbox: A Cloud Storage App Throwdown

On Demand

In this episode, we will analyze popular cloud storage applications from a third party risk management perspective. We will review behaviors, Internet communications, and other relevant information to evaluate the risk related to each option.

Watch Episode

Fine Tuning your Risk Assessment Baseline

Fine Tuning Your Risk Baseline With Code Signing Certificates

On Demand | Presented on August 3, 2023

In this episode, we focus on code signing certificates, the role they play in software, and the many ways they can be abused. Understanding these elements will help define and tune baselines in that area.

Watch Episode

Software-Package-Deconstruction-EP06-1400x732

Supply Chain Analysis - Creating a Risk Assessment Baseline

On Demand | Presented on July 27, 2023

In this episode, Tim talks about creating a policy baseline and tuning it to suit an enterprise’s use cases, risk appetite, and areas of concern.

Watch Episode

Software-Package-Deconstruction-Docker-Desktop-1400x732

Deconstructing Docker Desktop Software Package

On Demand | Presented on July 13, 2023

In this episode, Tim will take a look at one of the most popular container related applications: Docker Desktop. Container security involves more than containers... it encompasses the tools used to create and manage them. The tools used for any type of development, security or administration functions are often overlooked elements of an enterprise's attack surface.

Watch Episode

Software-Package-Deconstruction-Crypto-Wallet-1280x720

Deconstructing Crypto-Wallet Software Packages

On Demand | Presented on June 22, 2023

In this episode, Tim will leverage several software supply chain analysis concepts to perform comparisons across similar crypto-wallet software packages, highlighting the risks and threats from within the packages to everyday users. These elements can be used to assess a vendor's overall “build quality” and the level of risk inherent in their software pipeline across products.

Watch Episode

Software-Package-Deconstruction-UPS Ship Manager 1200x628 (1)

Deconstructing UPS Ship Manager Software Package for File Rot and Risk Detection

On Demand | Presented on June 8, 2023

In this episode, Tim will show the real world risk of expired code signing certificates in a software package. Learn how to detect, investigate and assess file rot from both a software production and third party risk management use case.

Watch Episode

next ›

Software Supply Chain Security

File Security

Security Operations

Products

Technology

Partners

Alliances

Resources

Company

Events

Press

Software Package Deconstruction

Deconstructing Video Conferencing Software: GoToMeeting & BlueJeans

Deconstructing Enterprise VPNs: SonicWall, Check Point & OpenVPN

Uncover Software Vendor Risk: How to use Software Supply Chain Analysis to Assess CI/CD Pipelines

Reducing False Positives in the SOC through Software Analysis

Deconstructing OneDrive and Dropbox: A Cloud Storage App Throwdown

Fine Tuning Your Risk Baseline With Code Signing Certificates

Supply Chain Analysis - Creating a Risk Assessment Baseline

Deconstructing Docker Desktop Software Package

Deconstructing Crypto-Wallet Software Packages

Deconstructing UPS Ship Manager Software Package for File Rot and Risk Detection

Special Reports

The State of Software Supply Chain Security 2024

Get Started
Request a DEMO

Software Package Deconstruction

Follow us

Subscribe

Special Reports

Get StartedRequest a DEMO

Get Started
Request a DEMO