Browsed by
Author: Chris

The Future of the OWASP Top 10 (S02E16)

The Future of the OWASP Top 10 (S02E16)

In this episode we talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We get a look behind the curtain about how they make decisions and how they use the data and feedback provided.

Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and A10 from the OWASP Top 10 RC1 have been removed.

We hope you enjoy!

Docker Security and AppSec (S02E11)

Docker Security and AppSec (S02E11)

A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked, couldn’t find one, so we decided to create one. Robert interviews Jay Beale from Inguardians and asks what is docker, what threats does it introduce, and what are the specific tie-ins with AppSec. Enjoy!

Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10)

Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10)

Robert and I try a new format talking about a few topics per episode. We talk about changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing.

We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.

Controversy within the OWASP Top 10 RC (S02E02)

Controversy within the OWASP Top 10 RC (S02E02)

On this episode of the application security podcast, Robert and I jump over a wall. Just kidding. This isn’t Top Gear.

This is our second episode of season two of the #AppSec PodCast. Robert and I talk about the OWASP Top 10 2017 release candidate. We walk through what is the OWASP Top 10, and what is some of the controversy that surrounds the changes made for this year.

Rate us on iTunes and provide a positive comment, please!

Security in the Design and Architecture (S02E01)

Security in the Design and Architecture (S02E01)

Welcome to the second season of the #AppSec PodCast. Robert and I are back at it, interviewing experts from across the world of application security. This episode is an interview Robert and I did with Brook Schoenfield (@BrkSchoenfield) during the RSA Conference 2017.

Brook S.E. Schoenfield is a Distinguished Engineer at Intel Security Group. At Intel Security (includes the former McAfee), Mr. Schoenfield is the senior technical leader for delivering software products that protect themselves and Intel Security’s customers. He has been a security architecture leader at global technology companies for over 15 years of his 30+ years in high tech. He is a founding member of IEEE’s Center For Secure Design.

We discuss secure design, architecture, and threat modeling. Brook has been an advocate for security across the industry for many years, and has a knack for explaining complex things in an uncomplicated way. What a pleasure to speak with him!

Rate us on iTunes and provide a positive comment, please!

Conclusion: The End…of Season 1 (S01E18)

Conclusion: The End…of Season 1 (S01E18)

Good day, friends. The Application Security PodCast has reached the conclusion of our first season. With the help of many friends, we were able to record 18 episodes. We’ve done something a bit different for this final episode of season 1. Our producer, Daniel Romeo, has collected some of our favorite clips from this season, the things that really stood out to us. Enjoy! and we look forward to the release of season 2 in a few months.

Interview: #DtSR and What Makes a Good Security Consultant? (S01E17)

Interview: #DtSR and What Makes a Good Security Consultant? (S01E17)

Greetings all! We have a treat for you this episode. Robert and I are joined by the crew from the Down the Security Rabbit Hole Podcast. This includes Rafal Los (@wh1t3rabbit), James Jardine (@jardinesoftware), and Michael Santarcangelo (@catalyst). This is a special conversation for me, because the AppSec PodCast was born from the first interview I did with #DtSR. I was featured on DtSR Episode 204 in July 2016 after a friend suggested me to Raf on Twitter. (Thanks Nigel!) The DtSR episode was entitled “On Changing Culture”.  I had listened to these guys on and off for years, and now had the chance to be interviewed by them. The experience pushed me to start this PodCast, and here we are 17 episodes later.

In this conversation we answer the question “What Makes a Good Security Consultant?” We quickly admit that a consultant does not have to mean someone that charges per hour for security. These guys have a wealth of knowledge and experience on the topic, and I know that you’ll walk away with multiple ideas to apply. Enjoy!

Interview: Think like an Attacker or Accountant? (S01E16)

Interview: Think like an Attacker or Accountant? (S01E16)

On this episode, Robert and I are joined by Adam Shostack (@adamshostack). Adam is a well known speaker and thought leader in the world of application security. We speak with Adam about how to connect with development teams. This all started about a year ago, when Adam tackled the issue of thinking like a hacker, and why he wanted people to think differently. We dive deep into this issue, but many other interesting nuggets also fall out in conversation.

Interview: The Mindset to Reverse Engineer (S01E15)

Interview: The Mindset to Reverse Engineer (S01E15)

Today we talk to Jon McCoy (@thejonmccoy), a developer turned security person. He’s been helping developers learn more about security. We talk about reverse engineering malware and .NET security, as well as a bit of security community, and the mindset to Reverse Engineer.

Talk: AppSec Awareness: A Blue Print for Security Culture Change (S01E14)

Talk: AppSec Awareness: A Blue Print for Security Culture Change (S01E14)

For this episode, we bring you a recorded version of Chris’s security conference talk from 2016. The talk is entitled “AppSec Awareness, A Blue Print for Security Culture Change”. He covers The Problem Space or why do we need application security, how to create sustainable security culture, and introduce the idea of Application Security Awareness. Chris had the luxury of building such a program while at Cisco, and shares his experiences with the community.

There are slides available to correspond with this talk. They aren’t required, but some may want to follow along. Check out https://speakerdeck.com/edgeroute to get a copy.