SAST, DAST, and IAST. Oh My! (S03E05)

SAST, DAST, and IAST. Oh My! (S03E05)

Pete Chestna is an advocate for SAST, DAST, and IAST tools and a passionate #AppSec enthusiast. A moving quote that Pete shared during this episode is “an #AppSec program is the byproduct of building secure developers.” #Truth

Pete describes the differences between SAST, DAST, IAST, and RASP, the struggles that developers encounter using new tools, false positives that occur and how to reduce them, and advice for building an #AppSec program from scratch versus adding tools to a mature program.

You can find Pete on Twitter @PeteChestna.

Additional information on this topic:

We Are Not Making It Worse (S03E04)

We Are Not Making It Worse (S03E04)

Irene Michlin operates at the intersection of security and agility. She teaches about incremental threat modeling and how to do threat modeling when living in an Agile or DevOps world.

Irene ends the discussion by saying that her goal when working with a team on threat modeling is that they all conclude “We are not making it worse.”

You can find Irene on Twitter @IreneMichlin, and check out Irene’s talk on Incremental Threat Modeling last year at AppSec EU.

Insecure Deserialization (S03E03)

Insecure Deserialization (S03E03)

Bill Sempf joins to talk insecure deserialization. We do a deep dive and contextual review of the generalities of deserialization, and the specifics of how it applies to “.NET”. Bill gets into his journey to understand these types of vulnerabilities and provides some hints and tips for how you can look for them in your code.

Security Champions (S03E02)

Security Champions (S03E02)

Security champions are the hands and feet of any well-equipped product security team. Robert and Chris introduce security champions, where to find them, why you need them, and how to set up a beginning champion program from scratch.

Here are a few other resources that we’ve written about Security Champions:

Do you have Security Champions in your company?

Information security needs community: 6 ways to build up your teams

Shifting left (S03E01)

Shifting left (S03E01)

Welcome to season 3 of the podcast. In this episode, Robert and Chris interview Kevin Greene from Mitre. We discuss an article Kevin wrote about shifting left and explore codifying intuitions and new projects at Mitre that will bolster the knowledge of your developers and testers. Kevin brings up the lack of true results from the SAST and DAST tools on the market. He brings an interesting perspective, having focused on research and development in his time at DHS. We enjoyed the conversation, and look forward to having Kevin back again in the future!

Kevin’s article on Dark Reading

CAWE

ATT&CK

OWASP for everyone (S02E21)

OWASP for everyone (S02E21)

This is the conclusion of Season 02 for the AppSec PodCast. In this episode, we focus in on all the OWASP goodness we’ve experienced this year. You’ll hear our favorite clips and explanations from a season full of OWASP.

With the publication of this episode, season 02 is a wrap, and on to season 03 which will roll out in March. Please visit our iTunes page and give us a 5 star review!

Containers Again (S02E20)

Containers Again (S02E20)

This is the final interview from the #AppSecUSA Conference in Orlando, and Chris and Robert are joined by Brian Andrzejewski.

He talks about containers, their usage within #AppSec, and about orchestrations.

Rate us on iTunes and provide a positive comment, please!

ModSecurity and #AppSec (S02E19)

ModSecurity and #AppSec (S02E19)

On this weeks episode of the #AppSec Podcast, Robert and Chris are joined by Tin Zaw, an advocate for ModSecurity.

He dives into its background, the use of rules, and the many advantages.

Rate us on iTunes and provide a positive comment, please!

The Exploitation of IoT (S02E18)

The Exploitation of IoT (S02E18)

On this weeks episode of the #AppSec Podcast, Robert and Chris are joined by Aditya Gupta.

They speak with him about the many facets of IoT and some of its effects with pen testing, training, and mobile application security.

Rate us on iTunes and provide a positive comment, please!

The Future of the OWASP Proactive Controls (S02E17)

The Future of the OWASP Proactive Controls (S02E17)

On this episode of the Application Security Podcast, Chris and Robert talk to Jim Manico and Katy Anton about the OWASP Proactive Controls project.

This is something we have talked about before, and they are looking for feedback on the update coming soon.

Rate us on iTunes and provide a positive comment, please!