Shifting left (S03E01)

Shifting left (S03E01)

Welcome to season 3 of the podcast. In this episode, Robert and Chris interview Kevin Greene from Mitre. We discuss an article Kevin wrote about shifting left and explore codifying intuitions and new projects at Mitre that will bolster the knowledge of your developers and testers. Kevin brings up the lack of true results from the SAST and DAST tools on the market. He brings an interesting perspective, having focused on research and development in his time at DHS. We enjoyed the conversation, and look forward to having Kevin back again in the future!

Kevin’s article on Dark Reading

CAWE

ATT&CK

OWASP for everyone (S02E21)

OWASP for everyone (S02E21)

This is the conclusion of Season 02 for the AppSec PodCast. In this episode, we focus in on all the OWASP goodness we’ve experienced this year. You’ll hear our favorite clips and explanations from a season full of OWASP.

With the publication of this episode, season 02 is a wrap, and on to season 03 which will roll out in March. Please visit our iTunes page and give us a 5 star review!

Containers Again (S02E20)

Containers Again (S02E20)

This is the final interview from the #AppSecUSA Conference in Orlando, and Chris and Robert are joined by Brian Andrzejewski.

He talks about containers, their usage within #AppSec, and about orchestrations.

Rate us on iTunes and provide a positive comment, please!

ModSecurity and #AppSec (S02E19)

ModSecurity and #AppSec (S02E19)

On this weeks episode of the #AppSec Podcast, Robert and Chris are joined by Tin Zaw, an advocate for ModSecurity.

He dives into its background, the use of rules, and the many advantages.

Rate us on iTunes and provide a positive comment, please!

The Exploitation of IoT (S02E18)

The Exploitation of IoT (S02E18)

On this weeks episode of the #AppSec Podcast, Robert and Chris are joined by Aditya Gupta.

They speak with him about the many facets of IoT and some of its effects with pen testing, training, and mobile application security.

Rate us on iTunes and provide a positive comment, please!

The Future of the OWASP Proactive Controls (S02E17)

The Future of the OWASP Proactive Controls (S02E17)

On this episode of the Application Security Podcast, Chris and Robert talk to Jim Manico and Katy Anton about the OWASP Proactive Controls project.

This is something we have talked about before, and they are looking for feedback on the update coming soon.

Rate us on iTunes and provide a positive comment, please!

 

The Future of the OWASP Top 10 (S02E16)

The Future of the OWASP Top 10 (S02E16)

In this episode we talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We get a look behind the curtain about how they make decisions and how they use the data and feedback provided.

Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and A10 from the OWASP Top 10 RC1 have been removed.

We hope you enjoy!

Threat Modeling (S02E15)

Threat Modeling (S02E15)

On this weeks episode of the #AppSec Podcast, Chris and Robert are at #AppSecUSA.

We hear a conference talk done by Robert on the topic of Threat Modeling. He goes more in depth than ever before on the show, and we hope you enjoy!

Rate us on iTunes and provide a positive comment, please!

Passwords, Identity, and #AppSec (S02E14)

Passwords, Identity, and #AppSec (S02E14)

On this episode, Robert and Chris talk about Passwords, something we all are familiar with.

They dive into specifics with passwords and threats that can occur with them. They also talk about how passwords interact with Identity and AppSec.

Rate us on iTunes and provide a positive comment, please!

Hacking APIs and Web Services with DevSlop (S02E13)

Hacking APIs and Web Services with DevSlop (S02E13)

On this weeks episode, Chris and Robert are joined by Tanya and Nicole. They talk about what APIs are, how they are used, and some of the threats involved with them.
They also look at what DevSlop and ZAP are in combination with APIs.

As always, thanks for listening, and enjoy!