Browsed by
Month: September 2016

Foundations: Security in the Methodology (S01E03)

Foundations: Security in the Methodology (S01E03)

On this episode we talk product development methodologies and the impact of security. We explore how to apply security activities to waterfall and Agile, and discuss the pro’s and con’s. We’ve both had experience in these methodologies, and freely share what we’ve seen work, and what we’ve seen fail. This applies whether you are brand new to security or have been doing security for decades. If you have anything to add, share your wisdom by catching us @AppSecPodcast on Twitter!

Foundations: The Activities of the Secure Development Lifecycle (S01E02)

Foundations: The Activities of the Secure Development Lifecycle (S01E02)

On this episode of the Application Security PodCast we continue our journey through the foundations of application security. We explore the activities of the secure development life cycle. We cover requirements, secure design, secure coding, 3rd party SW, static analysis, and vulnerability scanning, and a few other things.

Introductions and why #AppSec? (S01E01)

Introductions and why #AppSec? (S01E01)

In the inaugural episode of the Application Security PodCast, Robert and I introduce ourselves to the audience, explain our journeys into the world of security, and answer the burning question “What the heck is application security?”

The key takeaways from this episode are:

  • Application security is:
    • foundational
    • required by customers
    • a worthy investment
    • a people issue, supported by tools