Application Security PodCast-logo

Application Security PodCast

Technology Podcasts >

More Information

Location:

United States

Language:

English

Contact:

919-335-5482


Episodes

Tommy Ross — The BSA Framework for Secure Software

7/19/2019
More
Tommy Ross serves as Senior Director, Policy with BSA | The Software Alliance. In this role, he works with BSA members to develop and advance global policy positions on a range of key issues, with a focus on cybersecurity, privacy, and market access barriers. Tommy is one of the coordinators/collaborators on the BSA Framework for [...] The post Tommy Ross — The BSA Framework for Secure Software appeared first on Security Journey.

Duration:00:36:58

Adam Shostack — Threat modeling layer 8 and conflict modeling

7/10/2019
More
Adam Shostack is a leading expert on threat modeling, and a consultant, entrepreneur, technologist, author and game designer. He's a member of the BlackHat Review Board and helped create the CVE and many other things. He currently helps many organizations improve their security via Shostack & Associates, and advises startups. Adam is known for his [...] The post Adam Shostack — Threat modeling layer 8 and conflict modeling appeared first on Security Journey.

Duration:00:35:56

Adam Shostack – Threat Modeling – 5 Minute AppSec

7/9/2019
More
If you've done anything with threat modeling, you've heard of Adam Shostack. We asked him the question, "why would anyone threat model?". The post Adam Shostack – Threat Modeling – 5 Minute AppSec appeared first on Security Journey.

Duration:00:01:55

Zoe Braiterman — AI, ML, AppSec, and a dose of data protection

7/1/2019
More
Zoe Braiterman is an Innovation Intelligence Strategist focused on both the Machine and Human and also the OWASP WIA Chair. We explore the intersection of application security with artificial intelligence and machine learning and end up discussing data protection. Zoe approaches AppSec from a different angle, and her perspectives get us thinking about the importance [...] The post Zoe Braiterman — AI, ML, AppSec, and a dose of data protection appeared first on Security Journey.

Duration:00:26:03

Caroline Wong — Self-care and self-aware for security people

6/13/2019
More
Caroline Wong has had a long career in security, starting with eBay and leading to her role today at Cobalt.IO as Chief Strategist. Caroline shares her explanation of self-care and tells her story about how neglecting self-care led to problems. She offers ideas about how to better approach self-care as a security professional, work-life balance, [...] The post Caroline Wong — Self-care and self-aware for security people appeared first on Security Journey.

Duration:00:40:50

Björn Kimminich — The new JuiceShop, GSOC, and Open Security Summit

5/31/2019
More
Björn Kimminich is the project leader for OWASP JuiceShop. This is his second visit to the podcast, and we discuss new features in JuiceShop, including XSS in jingle promo video, marketing campaign coupon hacking, GDPR related features and challenges, working 2FA with TOTP, and the DLP failure challenges. Then we get into the cool new [...] The post Björn Kimminich — The new JuiceShop, GSOC, and Open Security Summit appeared first on Security Journey.

Duration:00:28:31

Björn Kimminich — JuiceShop — 5 minute AppSec

5/26/2019
More
Björn Kimminich is the project leader for OWASP JuiceShop. He created JuiceShop out of necessity, after reviewing all the available vulnerable web apps years ago, and not finding what he needed. OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security training, awareness demos, CTFs, and [...] The post Björn Kimminich — JuiceShop — 5 minute AppSec appeared first on Security Journey.

Duration:00:04:45

Nancy Gariché and Tanya Janca — DevSlop, the movement

5/21/2019
More
Nancy Gariché and Tanya Janca are two of the project leaders for the OWASP DevSlop Project. As we learn more about DevSlop, we realize that it is much more than a project: it's a movement. DevSlop is about the learning and sharing of four awesome women and is a platform for them to share what [...] The post Nancy Gariché and Tanya Janca — DevSlop, the movement appeared first on Security Journey.

Duration:00:38:11

Tanya Janca — Mentoring Monday — 5 Minute AppSec

5/19/2019
More
Tanya Janca is excited about mentoring. She's started a hashtag on Twitter for mentors to find mentee's, and for mentee's to search for mentors. Mentoring is such an essential part of growing our community, so if you are not mentoring anyone today, I can only ask, why not? Here is Tanya's take on mentoring and [...] The post Tanya Janca — Mentoring Monday — 5 Minute AppSec appeared first on Security Journey.

Duration:00:05:06

Matt Clapham — A perspective on appsec from the world of medical software

5/13/2019
More
Matt Clapham is a product security person, as a developer, security engineer, advisor, and manager. He began his career as a software tester, which led him down the path of figuring out how to break things. Matt lives in the medical software world and visited the Healthcare Information and Management Systems Society (HIMSS) conference. Matt [...] The post Matt Clapham — A perspective on appsec from the world of medical software appeared first on Security Journey.

Duration:00:28:15

Jon McCoy — Hacker outreach

5/6/2019
More
Jon McCoy is a security engineer, a developer, and a hacker; and a passionate OWASP advocate. Maybe even a hacker first. Jon has a passion to connect people and break down barriers between hackers and corporate folks. Jon explains the idea of hacker outreach and breaks down what we can expect if we venture to [...] The post Jon McCoy — Hacker outreach appeared first on Security Journey.

Duration:00:24:49

Omer Levi Hevroni — K8s can keep a secret?

4/30/2019
More
Omer Levi Hevroni has written extensively on the topic of Kubernetes and secrets, and he's a super dev. He's the author of a tool for secrets management called Kamus. Kamus is an open source, GitOps, zero-trust secrets encryption and decryption solution for Kubernetes applications. Kamus enables users to easily encrypt secrets that can be decrypted [...] The post Omer Levi Hevroni — K8s can keep a secret? appeared first on Security Journey.

Duration:00:36:42

Izar Tarandach — Command line threat modeling with pytm

4/23/2019
More
Izar Tarandach is a threat modeling pioneer, seen as one of the movers and shakers in the threat modeling world. Izar leads a small team that develops the pytm tool, which is self-described as a "A Pythonic framework for threat modeling". The GitHub page goes on to say define your system in Python using the [...] The post Izar Tarandach — Command line threat modeling with pytm appeared first on Security Journey.

Duration:00:28:46

Simon Bennetts — OWASP ZAP: past, present, and future

4/13/2019
More
Simon Bennetts is the project leader for OWASP ZAP. Simon joined Robert at CodeMash to talk about the origin of ZAP, the new heads up display, and ZAP API. ZAP is an OWASP FlagShip Project and is available here: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project The post Simon Bennetts — OWASP ZAP: past, present, and future appeared first on Security Journey.

Duration:00:25:27

Bill Sempf — Growing AppSec People and KidzMash

4/7/2019
More
Robert meets up with Bill Sempf at the CodeMash conference and discusses how to grow AppSec people. Developers can transform into application security people. They also cover how to inspire the next generation of cybersecurity people (kids) through the example of KidzMash. The post Bill Sempf — Growing AppSec People and KidzMash appeared first on Security Journey.

Duration:00:20:12

Georgia Weidman — Mobile, IoT, and Pen Testing

3/30/2019
More
Georgia Weidman (@georgiaweidman) met with Robert at CodeMash to discuss her origin story, mobile, IoT, penetration testing, and details about her various companies. If you've never seen Georgia's book on penetration testing, we recommend you grab a copy. http://www.nostarch.com/pentesting To sign up for the The post Georgia Weidman — Mobile, IoT, and Pen Testing appeared first on Security Journey.

Duration:00:18:54

Season 4 Finale (S04E27)

2/24/2019
More
Here it is. The finale of season four. Thanks to everyone who listens in and remember, if there's any people you want us to interview on the podcast, tweet at us @AppSecPodcast The post Season 4 Finale (S04E27) appeared first on Security Journey.

Duration:00:24:18

Rapid Threat Model Prototyping Process (S04E26)

2/1/2019
More
On this episode, Chris and Robert are joined by Geoff Hill to talk about Rapid Threat Model Prototyping Process. You can find Geoff on Twitter @Tutamantic_Sec The post Rapid Threat Model Prototyping Process (S04E26) appeared first on Security Journey.

Duration:00:52:13

Running Azure Securely (S04E25)

1/25/2019
More
On this episode, Chris and Robert are joined by Bill Wilder to talk about Running Azure Securely. You can find Bill on Twitter @codingoutloud The post Running Azure Securely (S04E25) appeared first on Security Journey.

Duration:00:47:40

OWASP Glue (S04E24)

1/18/2019
More
On this episode, Chris and Robert are joined by Matt Konda to talk about what Glue is. You can find Matt on Twitter @mkonda OWASP Glue The post OWASP Glue (S04E24) appeared first on Security Journey.

Duration:00:31:52