Browsed by
Author: Chris

Hustle and Flow: Dealing With Burnout in Security (S03E07)

Hustle and Flow: Dealing With Burnout in Security (S03E07)

Magen Wu works through the topic of burnouts and mental health in the world of security. She gives some examples on how to handle this and how to recognize if people around you are burning out.

You can find her on Twitter @infosec_tottie

Additional information on this topic:

Insecure Deserialization (S03E03)

Insecure Deserialization (S03E03)

Bill Sempf joins to talk insecure deserialization. We do a deep dive and contextual review of the generalities of deserialization, and the specifics of how it applies to “.NET”. Bill gets into his journey to understand these types of vulnerabilities and provides some hints and tips for how you can look for them in your code.

Security Champions (S03E02)

Security Champions (S03E02)

Security champions are the hands and feet of any well-equipped product security team. Robert and Chris introduce security champions, where to find them, why you need them, and how to set up a beginning champion program from scratch.

Here are a few other resources that we’ve written about Security Champions:

Do you have Security Champions in your company?

Information security needs community: 6 ways to build up your teams

Shifting left (S03E01)

Shifting left (S03E01)

Welcome to season 3 of the podcast. In this episode, Robert and Chris interview Kevin Greene from Mitre. We discuss an article Kevin wrote about shifting left and explore codifying intuitions and new projects at Mitre that will bolster the knowledge of your developers and testers. Kevin brings up the lack of true results from the SAST and DAST tools on the market. He brings an interesting perspective, having focused on research and development in his time at DHS. We enjoyed the conversation, and look forward to having Kevin back again in the future!

Kevin’s article on Dark Reading

CAWE

ATT&CK

OWASP for everyone (S02E21)

OWASP for everyone (S02E21)

This is the conclusion of Season 02 for the AppSec PodCast. In this episode, we focus in on all the OWASP goodness we’ve experienced this year. You’ll hear our favorite clips and explanations from a season full of OWASP.

With the publication of this episode, season 02 is a wrap, and on to season 03 which will roll out in March. Please visit our iTunes page and give us a 5 star review!

The Future of the OWASP Top 10 (S02E16)

The Future of the OWASP Top 10 (S02E16)

In this episode we talk about the future of the OWASP Top 10. We do this by meeting the new project leadership team, understanding the process for how they do governance now and into the future, and how they deal with provided feedback. We get a look behind the curtain about how they make decisions and how they use the data and feedback provided.

Side note, at the AppSec USA closing, the OWASP T10 leaders did announce that A7 and A10 from the OWASP Top 10 RC1 have been removed.

We hope you enjoy!

Docker Security and AppSec (S02E11)

Docker Security and AppSec (S02E11)

A listener asked for a recommendation for a PodCast or Blog post about Docker security. We looked, couldn’t find one, so we decided to create one. Robert interviews Jay Beale from Inguardians and asks what is docker, what threats does it introduce, and what are the specific tie-ins with AppSec. Enjoy!

Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10)

Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10)

Robert and I try a new format talking about a few topics per episode. We talk about changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing.

We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates.

Controversy within the OWASP Top 10 RC (S02E02)

Controversy within the OWASP Top 10 RC (S02E02)

On this episode of the application security podcast, Robert and I jump over a wall. Just kidding. This isn’t Top Gear.

This is our second episode of season two of the #AppSec PodCast. Robert and I talk about the OWASP Top 10 2017 release candidate. We walk through what is the OWASP Top 10, and what is some of the controversy that surrounds the changes made for this year.

Rate us on iTunes and provide a positive comment, please!