Jim Manico joins on this weeks episode to discuss some of the changes with the OWASP Cheat Sheets and the plans they have for the future of that project. Jim also talks about how they are looking for experts in the field to create or update some of the Cheat Sheets.
You can find Jim on Twitter @manicode
Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built 5 successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with how to successfully sell #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program).
You can find Jim on Twitter @jmrouth01
Pete Chestna is an advocate for SAST, DAST, and IAST tools and a passionate #AppSec enthusiast. A moving quote that Pete shared during this episode is “an #AppSec program is the byproduct of building secure developers.” #Truth
Pete describes the differences between SAST, DAST, IAST, and RASP, the struggles that developers encounter using new tools, false positives that occur and how to reduce them, and advice for building an #AppSec program from scratch versus adding tools to a mature program.
You can find Pete on Twitter @PeteChestna.
Additional information on this topic:
- TechBeacon learning article for more details on the differences between AppSec testing tools
Irene Michlin operates at the intersection of security and agility. She teaches about incremental threat modeling and how to do threat modeling when living in an Agile or DevOps world.
Irene ends the discussion by saying that her goal when working with a team on threat modeling is that they all conclude “We are not making it worse.”