The OWASP Podcast Series
The OWASP Podcast Series is a recorded series of discussions with thought leaders and practitioners who are working on securing the future for coming generations.
Episodes
December 23, 2024 • 60 mins
Some production issues caused this one to slip to December so the intro is a bit off but this is still a great episode. So, learn some lessons on creating secure code from one of my favorite guests: Tanya Janca. It was hard to keep this one to its current length as Tanya is such a great person to talk to for any reason. Enjoy and happy holidays!
Show Links:
Get your copy of Alice and Bob Learn Secure Coding! (and more):
https://s...
Mark as Played
October 30, 2024 • 37 mins
There's no reason to be scared about a pen test - especially when it's run by a professional like Brad Causey. I catch up with Brad in this episode to discuss what's recently changed in pen testing in how you test and people's motivations for hiring a pen testing. Interesting and not spooky at all.
Show Links:
Brad on LinkedIn
- https://www.linkedin.com/in/bradcausey/
SecurIT360
- https://www.securit360.com/
- https://www.linkedin...
Mark as Played
September 24, 2024 • 36 mins
What happens when you get interested in Threat Modeling and you want to share. For some, that means you do one work shop, then another, then another. What happens when you start down this path. Takaharu Ogasa tells us what it's been like to become a threat modeling evangelist in Japan, what he's learned and what he's got planned next. It's a great story on how sharing what you learned can make the world just that much better for yo...
Mark as Played
August 29, 2024 • 36 mins
The August episode is a review of projects from a recent OWASP project showcase. We talk to the leaders of the OWASP pytm, OWASP Developer Guide, OWASP State of AppSec Survey Project. Get up on the latest news and update on these OWASP projects.
OWASP pytm:
- https://owasp.org/www-project-pytm/
- https://github.com/izar/pytm
OWASP Develper Guide:
- https://owasp.org/www-project-developer-guide/
- https://github.com/OWASP/www-proje...
Mark as Played
July 11, 2024 • 32 mins
After a long and unplanned pause, the OWASP podast is back with a home run of an episode. We have Lisa Plaggemier as our guest who reprises her eloquent keynote topic from AppSec DC. All hope isn't lost, we are making progress - just look at safety in the auto industry to understand where we are and where we're going.
Links:
Lisa's keynote from AppSec DC
https://www.youtube.com/watch?v=Rirxc1OXR4Q&list=PLpr-xdpM8wG_3eyVQxB0oXqVJwl...
Mark as Played
October 2, 2023 • 32 mins
After getting a ping from an old friend about a potential new OWASP project, I had to bring him on as a guest. He's got an interesting idea around potential vulnerabilities in web crawlers which just happen to gather data for so many AI system. We talk about that, Cybersecurity and Government and so much more.
Show Links:
- LinkedIn https://www.linkedin.com/in/buanzo/
- Github https://www.linkedin.com/in/buanzo/
Mark as Played
August 30, 2023 • 32 mins
For years we've heard talk about a shortage of cybersecurity professionals so what can be done about that? In this episode, I speak to Brad Causey who has taken one approach he's found successful. We cover the trade-offs of his approach and how, should you agree with him, you can help fill those troubling vacancies at your company.
Show Links:
- SecurIT360 https://securit360.com/
- Offensive Security Blog https://offsec.blog/
Mark as Played
July 31, 2023 • 33 mins
In this episode we talk with Zain Haq and take a leap and bound over the first and second line to discover more about the third line - internal audit. We discover answers to a number of questions: What role does audit play in the overall cybersecurity of an organization? What does the CISO gain from having an audit function? What makes a good auditor? Learn how to get the most out of audit and what they bring to the table. Special ...
Mark as Played
June 27, 2023 • 29 mins
Software supply chain seems to be front and center for technologists, cybersecurity and many governments. One of the early pioneers in this space was Steve Springett with two highly successful projects: OWASP Dependency Track and CycloneDX. In this episode, we catch up with Steve to talk about how he got started in software supply chain management as well as the explosive growth for Dependency Track and ClycloneDX. We also touch on...
Mark as Played
May 22, 2023 • 44 mins
In this episode I speak with Jerry Hoff who provides some very interesting perspective on application security especially at scale and from a high level view like that of a CISO. Even if you're not in a senior leadership position, you're likely to be reporting to one. Understanding that point of view can help you successfully frame your work and accomplish your goals. We touch on multiple topics and have some great back and forth t...
Mark as Played
April 30, 2023 • 29 mins
WAFs have been with us a while and it's about time someone reconsidered WAFs and their role in AppSec given the cloud-native and Kubernetes landscape. The OWASP Coraza is not only asking these questions but putting some Go code behind their ideas. Should WAFs work in a mesh network? Why create an open source WAF? What's next for the OWASP Coraza project? These and more topics are covered in this episode. I had a great time recordin...
Mark as Played
March 27, 2023 • 34 mins
In this episode I speak with Aaron about Point of Sale or POS systems. He's been investigating the security of POS systems for quite some time now and brings to light the state of the POS ecosystem. Buckle your seat belts, this is going to be a bumpy and very interesting ride.
Mark as Played
February 28, 2023 • 33 mins
In this episode I speak with Amitai Cohen who's been thinking a lot about tenant isolation. This is a problem for more then just cloud providers. Anyone with a SaaS offering or even large enterprise may want to isolate customers or parts of their business from each other. Several useful items came out of this including the Cloud VulnDB which catalogs security issues in cloud services and the PEACH tenant isolation framework. You ma...
Mark as Played
January 30, 2023 • 27 mins
In this episode, I speak with Caleb Queern, one of the authors of "Investments Unlimited" a book I highly recommend you get and read. While the book is fiction, there's a great deal of truth in the story about how automation can work for more than just DevSecOps. Compliance and audit also deserve a seat at the table. Learn how you can get more code out the door, with more safety and a 'risk reduced' smile on the auditors face.
Sho...
Mark as Played
December 30, 2022 • 14 mins
In this episode, I go solo and review the last year of podcasts but with a twist. I do my best to compare the topics covered to the OWASP Flagship projects. The goal is to see if the episodes I recorded this year match up with the projects strategically important to OWASP. Plus, the holiday listeners get gifts all around as I cover (and link) the OWASP Flagship projects.
Show Links:
- (January) New Ideas, New Voices, New Hosts: ht...
Mark as Played
November 28, 2022 • 41 mins
In this episode, I speak with Jimmy Mesta, the project leader of the new OWASP Kubernetes Top 10. Beyond covering the actual Kubernetes Top 10 project, we cover how AppSec has expanded to cover other areas. You not only have to ensure that your application is secure, you need to ensure the security of the environment in which it runs. That environment is increasing becoming Kubernetes so what better than talk to someone who's prot...
Mark as Played
October 31, 2022 • 33 mins
In this episode, I speak with Simon Bennetts, the creator of OWASP Zed Attack Proxy lovingly known as ZAP. We talk about how it all got started, some of the surprises and lessons learned running a wildly successful open source project. We also cover how some security controls can sometimes actually hurt security. It's an interesting discussion I think you'll enjoy it just in time for Halloween.
Show Links:
- Zap Website: https://...
Mark as Played
September 28, 2022 • 39 mins
In this episode, Matt Tesauro hosts wirefall to talk about creating and growing a security community and his 26 years of pen testing experience. In wirefall's case, it's the Dallas Hackers Association or DHA. Our conversation includes what motivated him to create DHA, the lessons he's learned, challenges faced and what success looks like today. He provides some advice for those wanting to get into cybersecurity or be a part of the ...
Mark as Played
August 30, 2022 • 30 mins
In this episode, Matt Tesauro hosts Neil Matatall to talk about going beyond 2FA as he relates lessons learned from Twitter and Github on account security. This is another episode with some good nuggets of wisdom and some sound advice for those writing or maintaining APIs. It's obvious that Neil has not only spent time doing solid engineering work but he's learned a few things that he's willing to share. Enjoy.
Show Links:
- OWAS...
Mark as Played
July 19, 2022 • 30 mins
In this episode, Matt Tesauro hosts Greg Anderson and Cody Maffucci to talk about OWASP DefectDojo. DefectDojo is an OWASP flagship project that aims to be the single source of truth for AppSec or Product Security teams. It provides a single pane of glass for security programs and can import and normalize over 150 different security tools. I thought that the OWASP podcast might just cover an OWASP project now and then so here we ...
Mark as Played
Popular Podcasts
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
On Health Stuff, hosts Dr. Priyanka Wali and comedian Hari Kondabolu tackle all the health questions that keep you up at night with hilarity and humanity. Together they demystify the flashy trends, and keep you informed on the latest research. You can rely on Health Stuff to bring you real, uninhibited, and thoughtful health talk of the highest caliber, and a healthy dose of humor.
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!