OWASP 24/7-logo

OWASP 24/7

Technology News >

OWASP 24/7 is a recorded series of discussions with project leads within OWASP. Each week, we talk about the new projects that have come on board, updates to existing projects and interesting bits of trivia that come across our desk.

OWASP 24/7 is a recorded series of discussions with project leads within OWASP. Each week, we talk about the new projects that have come on board, updates to existing projects and interesting bits of trivia that come across our desk.
More Information

Location:

United States

Description:

OWASP 24/7 is a recorded series of discussions with project leads within OWASP. Each week, we talk about the new projects that have come on board, updates to existing projects and interesting bits of trivia that come across our desk.

Language:

English


Episodes

The Journey to Open Source at Capital One w/ Tapabrata "Topo" Pal

10/29/2018
More
Why would you allow open source usage in your company. What are the compelling reasons to take the risk. In this discussion, I talk with Topo Pal and Derek Weeks about the industry perception of open source and what's really happening behind the curtain at large enterprises. Topo had just finished his keynote presentation at DevOps Enterprise Summit 2018 and I wanted to dive a little deeper into some of the things he talked about. About Topo Pal Dr. Topo Pal is Senior Director & Sr....

Duration:00:12:57

The Future of Software and DevOps / with Sacha Labourey

9/17/2018
More
"The compensation, the incentives that people have are very much anchored in short term objectives that do not take into account the vision for the bigger transformations that are happening within the market." -- Sacha Labourey, CEO, CloudBees Sacha Labourey runs one of the most visible, respected companies within the DevOps and DevSecOps communities. At Jenkins World 2018, I sat down with Sacha to hear how his year went, how security can become more of an important process within the...

Duration:00:14:03

How to Build Chapter Engagement at OWASP

9/17/2018
More
While at 2018 AppSec EU, I spoke with Sam Stepanyan and Grigorios Fragkos, chapter leaders of one of OWASP's largest chapters. The conversation centered around what does it take to grow a community, what does it take to lead a chapter.

Duration:00:10:04

Less than 10 Minutes Series: The Juice Shop Project

5/10/2017
More
This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Juice Shop Project with project lead Bjoern Kimminich. The Juice Shop is an intentionally insecure webapp for security training, written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Bjoern Kimminich (Project Leader OWASP Juice Shop) Personal Twitter: http://twitter.com/bkimminich OWASP Juice Shop Project Twitter:...

Duration:00:08:00

AppSec EU 2017, Belfast Keynote Preview with Jaya Baloo

3/22/2017
More
"Why does OWASP even exist? Why do we even have this idea of understanding common issues, common problems. There are resources to help us do it better next time. I feel we are not learning at the curve where we should be, considering the resources available to us." -- Jaya Baloo As CISO of KPN, the largest telecom in the Netherlands, Jaya Baloo has a lot on her mind, but maybe not what you'd think. In this free wheeling discussion, we begin with what Jaya will be talking about during her...

Duration:00:18:30

Struts 2 Vulnerability Analysis

3/10/2017
More
Brian Fox and Shannon Lietz talk about the recent announcement of the struts 2 vulnerability: What is it, how can it affect you, what you can do about it. You can view this broadcast as video on YouTube: https://www.youtube.com/watch?v=EzRKOudJPtQ

Duration:00:13:53

AppSec EU 2017 Belfast - What to Expect

2/18/2017
More
In mid-May I'll be joining the organizing team of AppSec EU 2017 in Belfast for a week of security and DevOps sessions. Listen in as Gary Robinson, Michelle Simpson and Owen Pendlebury talk about what's planned for the week.

Duration:00:15:22

Culture Hacker: How to Herd CATTs and Inspire Rebels to Change the World

2/15/2017
More
In preparation for her keynote session at AppSec EU 2017 in Belfast, Shannon Lietz continues to explore the integration of DevOps and security. This is a recording of her session at RSAC 2017 in San Francisco.

Duration:00:21:08

Shannon Lietz - Keynote Preview for AppSec EU 2017, Belfast

1/17/2017
More
Shannon Lietz, DevSecOps Lead at Intuit, will be giving a keynote presentation at AppSec EU 2017, Belfast. I talked with Shannon about what she will be presenting and why she is so excited to return to Ireland.

Duration:00:06:42

2016 AppSec USA - An Update on the WebGoat Project

11/30/2016
More
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is one of the most used projects at OWASP. With the current team headed by Bruce Mayhew, Nanne Baars and Jason White, work is moving forward on the creation of new content for creating training lessons for application security. I talked with Bruce and team about what they've done with the latest update and what they hope to accomplish in the coming year.

Duration:00:13:55

2016 AppSec USA: The Core Rule Set Project w/ Chaim Sanders

10/12/2016
More
The OWASP ModSecurity Core Rule Set Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application. Chaim Sanders,Ryan Barnett, Christian Folini and Walter Hop are the team coordinating the project. During 2016 AppSec USA, I spoke with Chaim about the purpose of the project, the work work done in the past year, the upcoming release and what the team hopes to accomplish in 2017....

Duration:00:09:52

The Future of DevSecOps w/ Shannon Lietz and Chris Swan, Live From IP Expo London

10/9/2016
More
This is a live recording from 2016 IP Expo London, with Shannon Lietz (Intuit), Chris Swan (CSC) and host Mark Miller (Sonatype) discussing the future of security as it relates to DevOps. Shannon and Chris are real world practitioners, bringing stories from the trenches. We initially start with where the term DevSecOps came from, then move on to the future of automated security as part of the DevOps ecosystem.

Duration:00:57:23

2016 Board Election Interviews - Part Four of Four - Members, Projects, Conferences, Chapters

9/19/2016
More
Today's podcast is the fourth in a series of four, talking with prospective 2016 board members. Today's question is, "What is more important to you as a candidate 1) Members 2) Projects 3) Conferences 4) Chapters " The format for today's Q&A with potential board members is simple. We ask a single question. Each candidate has 2 minutes to respond to the question. These recordings were done using google hangouts, so there will be slight sound glitches and background noises during some of the...

Duration:00:16:32

2016 Board Election Interviews - Part Three of Four - Most Important Issues

9/18/2016
More
Today's podcast is the third in a series of four, talking with prospective 2016 board members. Today's question is, "What is the single most important issue for you to tackle if elected to the board?" The format for today's Q&A with potential board members is simple. We ask a single question. Each candidate has 2 minutes to respond to the question. These recordings were done using google hangouts, so there will be slight sound glitches and background noises during some of the answers.

Duration:00:18:16

2016 Board Election Interviews - Part Two of Four - Vendor Neutrality

9/15/2016
More
Today's podcast is the second in a series of four, talking with prospective 2016 board members. Today's question is, "Do you consider vendor neutrality an issue at OWASP? If so, why?" The format for today's Q&A with potential board members is simple. We ask a single question. Each candidate has 2 minutes to respond to the question. These recordings were done using google hangouts, so there will be slight sound glitches and background noises during some of the answers.

Duration:00:19:43

2016 OWASP Board Election Interviews - Part One of Four - Developer Participation

9/14/2016
More
Today's podcast is the first in a series of four, talking with prospective 2016 board members. Today's question is, "What kind of action plan do you have in mind to help motivate the participation of Developers into OWASP community." The format for today's Q&A with potential board members is simple. We ask a single question. Each candidate has 2 minutes to respond to the question. These recordings were done using google hangouts, so there will be slight sound glitches and background noises...

Duration:00:20:12

AppSec USA 2016 Pre-Conference Update

9/8/2016
More
From October 11 - 14, 2016, appsec professionals from around the world will gather in Washington DC to participate in one of this year's main OWASP events, AppSec USA 2016. In this broadcast, I speak with three organizers of the event (Andrew Weidenhamer, Mike McCabe, Patrick Cooley )to get insight as to what to anticipate at the conference, the unique qualities of an AppSec USA event, and a sneak peek at the sessions that will be given over the 4 day event.

Duration:00:16:46

Security as Part of Continuous Delivery with Sacha Labourey

8/18/2016
More
Continuing the theme of integrating security in DevOps processes, I spoke with Sacha Lebourey, CEO of Cloudbees, during a stop at CD Summit in London. As one of the main players in the software supply chain for DevOps, I was interested in Sacha's perspective on how automated security fit into that supply chain. We start the discussion with "What is continuous delivery" followed by the place for security in the modern developer environment. About Sacha Labourey Sacha was born in Neuchâtel,...

Duration:00:17:58

Unicorns on an Aircraft Carrier: DevOps Security at Scale with Sanjeev Sharma

7/21/2016
More
Sanjeev Sharma is a Distinguished Engineer at IBM. His main concern is how DevOps initiative scale in large enterprises. In this wide ranging discussion recorded during CD Summit in Stockholm, I talk with Sanjeev about DevOps adoption, how security will play a critical role in any automated, scalable solution and the transition of traditional IT operations to the role of service provider.

Duration:00:22:54

2016 State of the Software Supply Chain Report with Derek Weeks

7/11/2016
More
The "State of the Software Supply Chain Report" featured in today's show is an industry report produced by Sonatype. In the spirit of full disclosure, Mark Miller is the Senior Storyteller and DevOps Advocate for Sonatype. That said, no products are mentioned, nothing is being sold. Sonatype is the steward of the Central Repository and has access to an incredible set of data. The information in the report relates directly to A9 within the OWASP Top 10: Using components with known...

Duration:00:16:23