In this episode of the We Hack Purple podcast host Tanya Janca met with Anant Shrivastava! We talked about securing the entire software supply chain (including your CI/CD and where you get your packages from), and how it is more than just buying a software composition analysis (SCA) tool. He explained the new and very different risks of securing a mobile app versus a regular web app or an API, that’s he’s more of an ops than a dev person, and how the risks are all coming together now that many of us are doing DevOps. He shared his numerous open source projects, such as:
Anant Shrivastava is an experienced information security professional with over 15 years of corporate experience. He has expertise in Network, Mobile, Application and Linux Security. He is the founder of Cyfinoid Research, a cyber security research firm and has previously served as Technical Director at NotSoSecure Global Services, a boutique cyber security consultancy. He is a frequent speaker and trainer at international conferences such as BlackHat, Nullcon, and c0c0n. Additionally, Anant leads the open source projects Tamer Platform and CodeVigilant and maintains the Hacking Archives of India. He also participates in open communities targeted towards spreading information security knowledge such as null (null.community). His work can be found at anantshri.info and his blog is here https://blog.anantshri.info/!