The Future of the OWASP Top 10 (S02E16)

The Future of the OWASP Top 10 (S02E16)

In this episode we talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We get a look behind the curtain about how they make decisions and how they use the data and feedback provided.

Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and A10 from the OWASP Top 10 RC1 have been removed.

We hope you enjoy!

Threat Modeling (S02E15)

Threat Modeling (S02E15)

On this weeks episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA.

We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in depth than ever before on the show, and we hope you enjoy!

Rate us on iTunes and provide a positive comment, please!

Passwords, Identity, and #AppSec (S02E14)

Passwords, Identity, and #AppSec (S02E14)

On this episode, Robert and Chris talk about Passwords, something we all are familiar with.

They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec.

Rate us on iTunes and provide a positive comment, please!

Hacking APIs and Web Services with DevSlop (S02E13)

Hacking APIs and Web Services with DevSlop (S02E13)

On this weeks episode, Chris and Robert are joined by Tanya and Nicole. They talk about what APIs are, how they are used, and some of the threats involved with them.
They also look at what DevSlop and ZAP are in combination with APIs.

As always, thanks for listening, and enjoy!

Agile #AppSec (S02E12)

Agile #AppSec (S02E12)

On this week’s episode, Robert and Chris speak with Jon Mccoy and Jonathan Marcil about using Agile #AppSec in the Secure Development Lifecycle.

They dive deeper into what is agile, how it can be used, some practical applications using security champions, and much more.

Rate us on iTunes and provide a positive comment, please!

Docker Security and AppSec (S02E11)

Docker Security and AppSec (S02E11)

A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked, couldn’t find one, so we decided to create one. Robert interviews Jay Beale from Inguardians and asks what is docker, what threats does it introduce, and what are the specific tie-ins with AppSec. Enjoy!

Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10)

Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10)

Robert and I try a new format talking about a few topics per episode. We talk about changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing.

We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.

Blackhat Security Conference (S02E09)

Blackhat Security Conference (S02E09)

On this episode of the AppSec Podcast.

We talk with Robert about his experiences at the Blackhat Security Conference.

He’s going to explain some of the AppSec focused parts of the conference, and more about the Alec Stamos Keynote.

Rate us on iTunes and provide a positive comment, please!

The OWASP Top 10 Proactive Controls (S02E08)

The OWASP Top 10 Proactive Controls (S02E08)

It’s time for another episode of The Application Security Podcast.

On this episode, Dave Ferguson talks with Chris about the OWASP Top 10 Proactive Controls.

Rate us on iTunes and provide a positive comment, please!

MORE OWASP! (S02E07)

MORE OWASP! (S02E07)

Hey everyone,

Welcome to the next episode of the #AppSecPodcast.

We’re here today with Jim Manico, a project lead with OWASP. We dive deep into some of the projects on his plate.

Rate us on iTunes and provide a positive comment, please!