Application Security PodCast

Application Security PodCast

Reaching new people, explaining the details, and leaving the echo chamber in the dust.... Show More

Episodes

February 17, 2021 27 min

For this episode, Robert and I decided to talk about an article I wrote called "DevOps security culture: 12 fails your team can learn from". We hope you enjoy this walkthrough of the 12 fails. If we missed any, hit us up on Twitter and let us know what we should add to the list. [...]

The post Chris Romeo — DevSecOps Fails appeared first on Security Journey Podcasts.

Share
Mark as Played
February 10, 2021 44 min

Jim Routh has built software security programs at some of the biggest brands in the world. He has served as CISO or CSO six different times in his career, always staying close to his cyber and software security roots. Jim has hung up his CISO badge and now focuses on serving on boards and advising [...]

The post Jim Routh — Secure software pipelines appeared first on Security Journey Podcasts.

Share
Mark as Played

Andrew van der Stock has been around the world of Application Security for quite a long time. In 2020, he took over as the Executive Director of OWASP, and he's working from within the organization to further the mission of taking application security to the masses. We discuss Andrew's OWASP origin story and he defines [...]

The post Andrew van der Stock — Taking Application Security to the Masses appeared first on Security...

Share
Mark as Played

JC Herz is the COO of Ion Channel, a software logistics and supply chain assurance platform for critical infrastructure. She is a visiting fellow at George Mason’s National Security Institute and co-chairs a Department of Commerce working group on software bills of materials for security-sensitive public and private sector enterprises. JC and Steve Springett join [...]

The post JC Herz and Steve Springett — SBOMs and software suppl...

Share
Mark as Played

Brian Reed is Chief Mobility Officer at NowSecure. Brian has over 30 years in tech and 15 years in mobile, security, and apps dating back to the birth of mobile including BlackBerry, Good Technology, BoxTone, and MicroFocus. Brian joins us to discuss mobile application security, the good, the bad, and the ugly as we head [...]

The post Brian Reed — Mobile Appsec: The Good, the Bad and the Ugly as We Head into 2021 appeared first on...

Share
Mark as Played
November 24, 2020 24 min

This is part two of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. In this episode, we move on from definition [...]

The post The Threat Modeling Manifesto – Part 2 appeared first on Security Journey Podcasts.

Share
Mark as Played
November 17, 2020 25 min

This is part one of the story of a diverse group of security and privacy people that love threat modeling and gathered to define threat modeling, encourage people to threat model, help them succeed, and change the world. This is our story of the Threat Modeling Manifesto. Our intention is to share a distilled version [...]

The post The Threat Modeling Manifesto – Part 1 appeared first on Security Journey Podcasts.

Share
Mark as Played
October 26, 2020 40 min

This is our final episode of Season 7, and we thought we'd share some of our favorite clips with you. We've covered lots of ground, from featuring many OWASP projects to DevSecOps, penetration testing, AWS security, SameSite cookies, crypto, and that just scratches the surface. We hope you enjoy this wrap-up episode with.... A whole [...]

The post Season 7 Guests — The best of Season 7 appeared first on Security Journey Pod...

Share
Mark as Played

Jb Aviat is CTO and co-founder at Sqreen. Prior to this, Jb worked at Apple as a reverse engineer, pentester, and developer. Jb joins us to discuss the new Application Security Report that Sqreen has released. We review what the report contains, key takeaways and conclusions, and even consider which framework/language is the most secure. [...]

The post Aviat Jean-Baptiste — The AppSec report appeared first on Security Journey Podca...

Share
Mark as Played

Frank Rietta is the CEO of Rietta.com, a Security Focused Web Application Firm. He is a web application security architect, expert witness, author, and speaker. Frank joins us to discuss secure coding with Ruby on Rails. We get into a discussion about RoR vs. other languages, primary threats, counters to threats, and tools available for the [...]

The post Frank Rietta — The convergence of Ruby on Rails and #AppSec appeared first on...

Share
Mark as Played

Dmitry Sotnikov serves as Chief Product Officer at 42Crunch – an enterprise API security company. He maintains https://APISecurity.io, a popular community site with daily API Security news and weekly newsletter API vulnerabilities, breaches, standards, best practices, regulations, and tools. Dmitry joins us to discuss REST API Security. We talk about the top API security threats, counters [...]

The post Dmitry Sotnikov – REST API S...

Share
Mark as Played

Caroline Wong is the Chief Strategy Officer at Cobalt.io. Wong's close and practical information security knowledge stems from broad experience as a Cigital consultant, a Symantec Product Manager, and day-to-day leadership roles at eBay and Zynga. Caroline joins us to talk about penetration testing and reviews key findings from the Cobalt.io "State of Pentesting" report. [...]

The post Caroline Wong — The state of Penet...

Share
Mark as Played

Aaron Davis is a founder, dev, and a lead security researcher at MetaMask, a popular Ethereum wallet. He introduces us to LavaMoat, an approach to solving javascript software supply chain security for node and the browser. The LavaMoat runtime prevents modifying JavaScript's primordials, limits access to the platform API, and prevents packages from corrupting other [...]

The post Aaron Davis — LavaMoat — solving JavaScript soft...

Share
Mark as Played

Anastasiia Voitova is a software engineer who works on data security solutions at @cossacklabs, making complex crypto easy-to-use in modern software. She joins us to explore the idea of boring crypto. She caught our attention with a talk at OWASP 24 where she encouraged developers to NOT learn crypto. You'll have to listen to understand [...]

The post Anastasiia Voitova — Use Cryptography; Don’t Learn It appeared first on ...

Share
Mark as Played
September 3, 2020 35 min

Michael Furman is the Lead Security Architect at Tufin, and is responsible for the security and Security Development Lifecycle (SDL) of Tufin software products. Michael is passionate about application security for over 13 years already and evangelizes about application security at various conferences (including OWASP conferences) and security meetups. Michael joins us to break down [...]

The post Michael Furman — SameSite Cookies a...

Share
Mark as Played

Application security applies to everyone, network architects included. Chris had an opportunity to join a friend's Podcast called "The Hedge." Chris talks with hosts Tom and Russ about the state of security and what network engineers need to know about security from an application perspective. They talk about the importance of empathy in all jobs, [...]

The post Chris Romeo — The State of Security and the Importance of ...

Share
Mark as Played

Neil Matatall is a product security engineer at GitHub. He focuses on designing and engineering user experiences solutions related to authentication and account recovery. Working remotely from Hawaii, Neil is a strong believer in the future of remote work. Neil joins us for a deep-dive into Content Security Policy. We explore what it is, the [...]

The post Neil Matatall — Content Security Policy appeared first on Security Journey P...

Share
Mark as Played

Grant Ongers is co-founder of the bearded trio called Secure Delivery, with a philosophy and purpose for optimal delivery and security in one dynamic package. Grant's experience spans Dev, Ops, and Security, with over 30 years pushing the limits of (Info)Sec. Grant’s community involvement is global: Staff at BSides (London, Las Vegas, and Cape Town), [...]

The post Grant Ongers — Gamification of threat modeling appeared first o...

Share
Mark as Played

Elie Saad is an application security engineer, leading three different OWASP projects. He focuses on helping developers own and champion security in their projects by providing guidance, tests, secure pipeline design and aiding them in applying external security measures. In this conversation, Elie educates us about the current happenings with WSTG, Cheat Sheets, and the [...]

The post Elie Saad — OWASP WSTG, Cheat Sheets, and Int...

Share
Mark as Played

Graham Holmes is the founder and owner of AoP CyberSecurity, LLC whose mission is to enable organizations to “create scalable and effective strategies for trustworthy outcomes.” His career includes over 22 years as a leader at Cisco Systems, where he infamously served as my boss for a period of time, and before that he served [...]

The post Graham Holmes — Adversarial Machine Learning appeared first on Security Journey Podcasts.

Share
Mark as Played

Chat About Application Security PodCast

Advertise With Us

Popular Podcasts

Women's History Month Podcasts
Mommy Doomsday
Mommy Doomsday
The disappearance of two of Lori Vallow’s children in Rexburg, Idaho in September 2019 would expose a bizarre trail of death, devotion and Doomsday beliefs that captivated the nation… A haunting podcast from Keith Morrison and Dateline NBC.
Stuff You Should Know
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks then look no further. Josh and Chuck have you covered.

For You

    Music, radio and podcasts, all free. Listen online or download the iHeartRadio App.

    Connect

    © 2021 iHeartMedia, Inc.