Pete Chestna is an advocate for SAST, DAST, and IAST tools and a passionate #AppSec enthusiast. A moving quote that Pete shared during this episode is “an #AppSec program is the byproduct of building secure developers.” #Truth Pete describes the differences between SAST, DAST, IAST, and RASP, the struggles that developers encounter using new tools, false positives that occur and how to reduce them, and advice for building an #AppSec program from scratch versus adding tools to a mature...
With episode 4, Robert and Chris are joined by Irene Michlin who is operating at the intersection of security and agility. They discuss incremental threat modeling and how to do threat modeling when living in an Agile or DevOps world. Irene ends our discussion by saying that her goal when working with a team on threat modeling is that they all conclude “We are not making it worse.” You can find Irene on Twitter @IreneMichlin, and check out Irene’s talk on... Read More Read More
Bill Sempf joins to talk insecure deserialization. We do a deep dive and contextual review of the generalities of deserialization, and the specifics of how it applies to “.NET”. Bill gets into his journey to understand these types of vulnerabilities and provides some hints and tips for how you can look for them in your code.
Security champions are the hands and feet of any well-equipped product security team. Robert and Chris introduce security champions, where to find them, why you need them, and how to set up a beginning champion program from scratch. Here are a few other resources that we’ve written about Security Champions: Do you have Security Champions in your company? Information security needs community: 6 ways to build up your teams
Welcome to season 3 of the podcast. In this episode, Robert and Chris interview Kevin Greene from Mitre. We discuss an article Kevin wrote about shifting left and explore codifying intuitions and new projects at Mitre that will bolster the knowledge of your developers and testers. Kevin brings up the lack of true results from the SAST and DAST tools on the market. He brings an interesting perspective, having focused on research and development in his time at DHS. We... Read More Read More
This is the conclusion of Season 02 for the AppSec PodCast. In this episode, we focus in on all the OWASP goodness we’ve experienced this year. You’ll hear our favorite clips and explanations from a season full of OWASP. With the publication of this episode, season 02 is a wrap, and on to season 03 which will roll out in March. Please visit our iTunes page and give us a 5 star review!
This is the final interview from the #AppSecUSA Conference in Orlando, and Chris and Robert are joined by Brian Andrzejewski. He talks about containers, their usage within #AppSec, and about orchestrations. Rate us on iTunes and provide a positive comment, please!
On this weeks episode of the #AppSec Podcast, Robert and Chris are joined by Tin Zaw, an advocate for ModSecurity. He dives into its background, the use of rules, and the many advantages. Rate us on iTunes and provide a positive comment, please!
On this weeks episode of the #AppSec Podcast, Robert and Chris are joined by Aditya Gupta. They speak with him about the many facets of IoT and some of its effects with pen testing, training, and mobile application security. Rate us on iTunes and provide a positive comment, please!
In this episode we talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We get a look behind the curtain about how they make decisions and how they use the data and feedback provided. Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and... Read More Read More
On this weeks episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA. We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in depth than ever before on the show, and we hope you enjoy! Rate us on iTunes and provide a positive comment, please!
On this episode, Robert and Chris talk about Passwords, something we all are familiar with. They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec. Rate us on iTunes and provide a positive comment, please!
On this weeks episode, Chris and Robert are joined by Tanya and Nicole. They talk about what APIs are, how they are used, and some of the threats involved with them. They also look at what DevSlop and ZAP are in combination with APIs. As always, thanks for listening, and enjoy!
On this episode of the AppSec Podcast. We talk with Robert about his experiences at the Blackhat Security Conference. He’s going to explain some of the AppSec focused parts of the conference, and more about the Alec Stamos Keynote. Rate us on iTunes and provide a positive comment, please!
Hey everyone, Welcome to the next episode of the #AppSecPodcast. We’re here today with Jim Manico, a project lead with OWASP. We dive deep into some of the projects on his plate. Rate us on iTunes and provide a positive comment, please!
Welcome back to the Application Security Podcast! On this episode, we speak with Mike Goodwin, the founder of the OWASP Threat Dragon. We dive into what the threat dragon is and how it can work for you You can find the tool here: https://github.com/mike-goodwin/owasp-threat-dragon Rate us on iTunes and provide a positive comment, please!
We’re back with another episode of The Application Security Podcast. This time, we talk to Mark Willis about the many facets of static analysis and how it affects the dev ops world. Rate us on iTunes and leave a positive comment, please!
Hello all, Welcome back to season two of the Application Security Podcast. On this weeks episode, we talk to Eric Johnson about static analysis, pen testing, continuous integration and much more. Thanks for listening! Rate us on iTunes and provide a positive comment, please!
Our topic today is technical debt and how security plays into it. Chris was at Converge Conference 2017 in Detroit, Michigan (for which he says is the best security conference around), and continued the AppSec PodCast series of hallway conversations. Chris is joined by Matt Clapham. This is Matt’s second time on the podcast. Rate us on iTunes and provide a positive comment, please!