Browsed by
Month: October 2016

Interview: Security Must Meet the Needs of the Business (S01E08)

Interview: Security Must Meet the Needs of the Business (S01E08)

Robert and I are joined by Mike Landeck. Mike is a Cyber security evangelist, AppSec junky & Docker Security geek, and can be found on twitter @MikeLandeck.

We interviewed Mike in person at the ISC2 Security Congress event in Orlando, Florida. We discussed his latest talk on breach fatigue, the need to reach outside the echo chamber of security, twitter as a news source for security, secure coding, and a bunch of other things.

Please enjoy, and search for something you can apply directly into your day to day life!

Foundations: Web Application Pen Testing – Part 2 (S01E07)

Foundations: Web Application Pen Testing – Part 2 (S01E07)

On this two part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part two, we focus on the process of pen testing and web app pen testing.

I (Chris) connected with Daniel through the RVASec security conference in Richmond, Virginia. Daniel has been in the security field for over 10 years, with most of that time focused on application security. He spent two years as a full-time consultant at Cigital, and is now doing independent appsec consulting through his company, Enigma Technologies. We hope you enjoy!

Foundations: Web Application Pen Testing – Part 1 (S01E06)

Foundations: Web Application Pen Testing – Part 1 (S01E06)

On this two part episode of the Application Security PodCast, Robert and I speak with Daniel Ramsbrock about Web App Penetration testing. In part one, we focus on the difference between pen testing and web app pen testing, where pen testing fits in you development methodology (waterfall, agile, and DevOps) and why someone should care about it.

I (Chris) connected with Daniel through the RVASec security conference in Richmond, Virginia. Daniel has been in the security field for over 10 years, with most of that time focused on application security. He spent two years as a full-time consultant at Cigital, and is now doing independent appsec consulting through his company, Enigma Technologies. We hope you enjoy!

 

Foundations: Development Security Maturity (S01E05)

Foundations: Development Security Maturity (S01E05)

Robert and I are joined today by Matt Clapham. Matt “makes products more secure”, I mean, hey, his Twitter handle is @ProdSec.

The topic of this interview is what Matt calls development security maturity. This concept is based on Matt’s research and also a talk he delivered at RSA. Matt created a simple process to measure the maturity of development security by looking at 5 key behaviors. We cover the what and why of development security, the 5 key behaviors, and scoring and reporting. As a conclusion, we discuss how to make the results of an assessment actionable.

Matt’s RSA slides are a great resource to review in conjunction with the interview: str-w05-estimating-development-security-maturity-in-about-an-hour-final.pdf

Bio: Matt Clapham makes products more secure. His career is a rare blend of both product development and enterprise operations. He is currently a Principal of Product Development Security at GE Healthcare. Matt previously worked as a Software Tester, IT Policy Author, and Security Advisor to all things games at Microsoft. He is quite familiar with security foibles of the Industrial Device Internet of Things and how to overcome them. Matt is a frequent speaker and author of magazine articles on IT, security, games or some combination thereof. He holds degrees in engineering and music from the University of Michigan.

Foundations: Privacy and Data Protection (S01E04)

Foundations: Privacy and Data Protection (S01E04)

Welcome to the first of many interviews on the #AppSec Podcast. In this episode, Robert and I interview Elena Elkina (@el0chka) on the subject of privacy. We cover the foundations of privacy, data protection, and customer data protection. This is a quick chat at around 20 minutes, in the future we’ll do a deeper dive on the crossroads of security and privacy.

Elena is a Senior Global Privacy & Data Protection Management Executive. She has worked with financial and healthcare institutions, software and internet companies, major law firms, and the government sector on both international and domestic levels. She is the co-founder of Women in Security and Privacy, a non-profit organization that focuses on advancing women in security and privacy. She is also a board member for Leading Women in Technology, a non-profit organization dedicated to unlocking the potential of female professionals who advise technology businesses.

We hope you enjoy this conversation with Elena about privacy and data protection!