Malicious User Stories (S03E18)

Malicious User Stories (S03E18)

On this episode, Robert speaks with Apollo Clark about Malicious User Stories and DevOps. He discusses how to properly handle user stories in a world being taken over by DevOps.

You can find Apollo on Twitter @apolloclark

Third Party Software is not a Cathedral, It’s a Bazaar (S03E14)

Third Party Software is not a Cathedral, It’s a Bazaar (S03E14)

David Habusha joins on this weeks episode to discuss the OWASP Top 10 A9: Using components with known vulnerabilities.

He also dives into the Software Composition Analysis (SCA) market.

You can find David on Twitter @davidhabusha

OWASP Top 10 A9

Dependency Check and Dependency Track (S03E13)

Dependency Check and Dependency Track (S03E13)

Steve Springett joins the show to talk Dependency Check and Dependency Track. He also discusses how they can be used to help prevent you from using components with known vulnerabilities.

OWASP Dependency Check

OWASP Dependency Track

You can find Steve on Twitter @stevespringett

The #OWASP Threat Modeling Project (S03E12)

The #OWASP Threat Modeling Project (S03E12)

Steven Wierckx joins Robert and Chris this week to talk about the #OWASP Threat Modeling project that he’s involved in.

You can find Steven on Twitter @ihackforfun

https://open-security-summit.org/

The #OWASP Cheat Sheet Project (S03E11)

The #OWASP Cheat Sheet Project (S03E11)

Jim Manico joins on this weeks episode to discuss some of the changes with the OWASP Cheat Sheets and the plans they have for the future of that project. Jim also talks about how they are looking for experts in the field to create or update some of the Cheat Sheets.

You can find Jim on Twitter @manicode

OWASP Top 10 #10: Logging (S03E10)

OWASP Top 10 #10: Logging (S03E10)

Neil Smithline joins this week to discuss one one of the new items on the OWASP Top 10 List, Insufficient Logging and Monitoring.

Links:

OWASP Logging Cheat Sheet

OWASP ASVS

OWASP Proactive Controls: Intrusion Detection

You can find Neil on Twitter @neilsmithine

Selling #AppSec Up The Chain (S03E09)

Selling #AppSec Up The Chain (S03E09)

Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built 5 successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with how to successfully sell #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program).

You can find Jim on Twitter @jmrouth01