Application Security PodCast-logo

Application Security PodCast

Technology Podcasts


Location:

United States

Language:

English

Contact:

919-335-5482


Episodes

Elissa Shevinsky — Static Analysis early and often

8/18/2019
Elissa Shevinsky is CEO at Faster Than Light. She's had a storied career as an entrepreneur with Brave, Everyday Health, and Geekcorps. We discuss Elissa's origin story, security startups, and the value of mentoring to her career. Then we get into Static Analysis and how we make security easier for people so that security gets [...] The post Elissa Shevinsky — Static Analysis early and often appeared first on Security Journey.

Duration:00:29:12

Elissa Shevinsky — Be Kind, Security People — 5 Minute AppSec

8/14/2019
Robert asks Elissa Shevinsky, why should people be nice, or why is niceness important in security? The post Elissa Shevinsky — Be Kind, Security People — 5 Minute AppSec appeared first on Security Journey.

Duration:00:02:18

Matt McGrath — Security coaches

8/5/2019
Matt McGrath is an old school Java developer that made the transition into security. Matt has had success in rolling out a programmatic approach to security improvement called security coaching. A security coach is much more than a wellness or life coach for your developers. They have some commonalities, but the security coach is thinking [...] The post Matt McGrath — Security coaches appeared first on Security Journey.

Duration:00:43:53

Erez Yalon and Liora Herman – The Application Security Village @ DefCon

7/29/2019
Erez Yalon and Liora Herman are both passionate security professionals. They joined forces to create the AppSec Village, an event at DefCon in Las Vegas. If you are in Vegas for BH/DC, stop by the village and say hi to Robert, who will be in attendance as well. The post Erez Yalon and Liora Herman – The Application Security Village @ DefCon appeared first on Security Journey.

Duration:00:22:53

Erez Yalon – AppSec Village – 5 Minute AppSec

7/29/2019
It's BlackHat and DefCon season, so we asked a question of Erez Yalon; why did you start the AppSec Village? The post Erez Yalon – AppSec Village – 5 Minute AppSec appeared first on Security Journey.

Duration:00:01:30

Tommy Ross — The BSA Framework for Secure Software

7/19/2019
Tommy Ross serves as Senior Director, Policy with BSA | The Software Alliance. In this role, he works with BSA members to develop and advance global policy positions on a range of key issues, with a focus on cybersecurity, privacy, and market access barriers. Tommy is one of the coordinators/collaborators on the BSA Framework for [...] The post Tommy Ross — The BSA Framework for Secure Software appeared first on Security Journey.

Duration:00:36:58

Adam Shostack — Threat modeling layer 8 and conflict modeling

7/10/2019
Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups. Adam is known for his [...] The post Adam Shostack — Threat modeling layer 8 and conflict modeling appeared first on Security Journey.

Duration:00:35:56

Adam Shostack – Threat Modeling – 5 Minute AppSec

7/9/2019
If you've done anything with threat modeling, you've heard of Adam Shostack. We asked him the question, "why would anyone threat model?". The post Adam Shostack – Threat Modeling – 5 Minute AppSec appeared first on Security Journey.

Duration:00:01:55

Zoe Braiterman — AI, ML, AppSec, and a dose of data protection

7/1/2019
Zoe Braiterman is an Innovation Intelligence Strategist focused on both the Machine and Human and also the OWASP WIA Chair. We explore the intersection of application security with artificial intelligence and machine learning and end up discussing data protection. Zoe approaches AppSec from a different angle, and her perspectives get us thinking about the importance [...] The post Zoe Braiterman — AI, ML, AppSec, and a dose of data protection appeared first on Security Journey.

Duration:00:26:03

Caroline Wong — Self-care and self-aware for security people

6/13/2019
Caroline Wong has had a long career in security, starting with eBay and leading to her role today at Cobalt.IO as Chief Strategist. Caroline shares her explanation of self-care and tells her story about how neglecting self-care led to problems. She offers ideas about how to better approach self-care as a security professional, work-life balance, [...] The post Caroline Wong — Self-care and self-aware for security people appeared first on Security Journey.

Duration:00:40:50

Björn Kimminich — The new JuiceShop, GSOC, and Open Security Summit

5/31/2019
Björn Kimminich is the project leader for OWASP JuiceShop. This is his second visit to the podcast, and we discuss new features in JuiceShop, including XSS in jingle promo video, marketing campaign coupon hacking, GDPR related features and challenges, working 2FA with TOTP, and the DLP failure challenges. Then we get into the cool new [...] The post Björn Kimminich — The new JuiceShop, GSOC, and Open Security Summit appeared first on Security Journey.

Duration:00:28:31

Björn Kimminich — JuiceShop — 5 minute AppSec

5/26/2019
Björn Kimminich is the project leader for OWASP JuiceShop. He created JuiceShop out of necessity, after reviewing all the available vulnerable web apps years ago, and not finding what he needed. OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security training, awareness demos, CTFs, and [...] The post Björn Kimminich — JuiceShop — 5 minute AppSec appeared first on Security Journey.

Duration:00:04:45

Nancy Gariché and Tanya Janca — DevSlop, the movement

5/21/2019
Nancy Gariché and Tanya Janca are two of the project leaders for the OWASP DevSlop Project. As we learn more about DevSlop, we realize that it is much more than a project: it's a movement. DevSlop is about the learning and sharing of four awesome women and is a platform for them to share what [...] The post Nancy Gariché and Tanya Janca — DevSlop, the movement appeared first on Security Journey.

Duration:00:38:11

Tanya Janca — Mentoring Monday — 5 Minute AppSec

5/19/2019
Tanya Janca is excited about mentoring. She's started a hashtag on Twitter for mentors to find mentee's, and for mentee's to search for mentors. Mentoring is such an essential part of growing our community, so if you are not mentoring anyone today, I can only ask, why not? Here is Tanya's take on mentoring and [...] The post Tanya Janca — Mentoring Monday — 5 Minute AppSec appeared first on Security Journey.

Duration:00:05:06

Matt Clapham — A perspective on appsec from the world of medical software

5/13/2019
Matt Clapham is a product security person, as a developer, security engineer, advisor, and manager. He began his career as a software tester, which led him down the path of figuring out how to break things. Matt lives in the medical software world and visited the Healthcare Information and Management Systems Society (HIMSS) conference. Matt [...] The post Matt Clapham — A perspective on appsec from the world of medical software appeared first on Security Journey.

Duration:00:28:15

Jon McCoy — Hacker outreach

5/6/2019
Jon McCoy is a security engineer, a developer, and a hacker; and a passionate OWASP advocate. Maybe even a hacker first. Jon has a passion to connect people and break down barriers between hackers and corporate folks. Jon explains the idea of hacker outreach and breaks down what we can expect if we venture to [...] The post Jon McCoy — Hacker outreach appeared first on Security Journey.

Duration:00:24:49

Omer Levi Hevroni — K8s can keep a secret?

4/30/2019
Omer Levi Hevroni has written extensively on the topic of Kubernetes and secrets, and he's a super dev. He's the author of a tool for secrets management called Kamus. Kamus is an open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enables users to easily encrypt secrets that can be decrypted [...] The post Omer Levi Hevroni — K8s can keep a secret? appeared first on Security Journey.

Duration:00:36:42

Izar Tarandach — Command line threat modeling with pytm

4/23/2019
Izar Tarandach is a threat modeling pioneer, seen as one of the movers and shakers in the threat modeling world. Izar leads a small team that develops the pytm tool, which is self-described as a "A Pythonic framework for threat modeling". The GitHub page goes on to say define your system in Python using the [...] The post Izar Tarandach — Command line threat modeling with pytm appeared first on Security Journey.

Duration:00:28:46

Simon Bennetts — OWASP ZAP: past, present, and future

4/13/2019
Simon Bennetts is the project leader for OWASP ZAP. Simon joined Robert at CodeMash to talk about the origin of ZAP, the new heads up display, and ZAP API. ZAP is an OWASP FlagShip Project and is available here: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project The post Simon Bennetts — OWASP ZAP: past, present, and future appeared first on Security Journey.

Duration:00:25:27

Bill Sempf — Growing AppSec People and KidzMash

4/7/2019
Robert meets up with Bill Sempf at the CodeMash conference and discusses how to grow AppSec people. Developers can transform into application security people. They also cover how to inspire the next generation of cybersecurity people (kids) through the example of KidzMash. The post Bill Sempf — Growing AppSec People and KidzMash appeared first on Security Journey.

Duration:00:20:12