Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Chris Romeo and Robert Hurlbut, Chris Romeo, and Robert Hurlbut에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Chris Romeo and Robert Hurlbut, Chris Romeo, and Robert Hurlbut 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
The Application Security Podcast와 비슷한 콘텐츠
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
A podcast about web design and development.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
S
Syntax - Tasty Web Development Treats
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
4k908
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
W
What Next: TBD | Tech, power, and the future
1
What Next: TBD | Tech, power, and the future
Slate Podcasts
11k573
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
Daily Deals
Kayra Otaner -- DevSecOps
Manage episode 447445631 series 2408745
Chris Romeo and Robert Hurlbut, Chris Romeo, and Robert Hurlbut에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Chris Romeo and Robert Hurlbut, Chris Romeo, and Robert Hurlbut 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Kayra Otaner joins the podcast today to discuss DevSecOps and answer the question, is it dead? Kayra is the Director of DevSecOps at Roche and is highly involved in the DevSecOps community. Kayra states that DevSecOps in its traditional form is “dead” and that each organization should approach its needs based on their size. Otaner introduces the concept of "security as code" and "policy as code" as more effective approaches, where security functions are codified rather than relying on traditional documentation and checklists. Finally, they discuss the emergence of Application Security Posture Management (ASPM) tools as the "SIM for AppSec," suggesting these tools, especially when enhanced with AI, could help manage the overwhelming number of security alerts and issues that currently plague development teams.
Mentioned in this Episode:
Books by Yuval Noah Harari
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
309 에피소드
공유Manage episode 447445631 series 2408745
Chris Romeo and Robert Hurlbut, Chris Romeo, and Robert Hurlbut에서 제공하는 콘텐츠입니다. 에피소드, 그래픽, 팟캐스트 설명을 포함한 모든 팟캐스트 콘텐츠는 Chris Romeo and Robert Hurlbut, Chris Romeo, and Robert Hurlbut 또는 해당 팟캐스트 플랫폼 파트너가 직접 업로드하고 제공합니다. 누군가가 귀하의 허락 없이 귀하의 저작물을 사용하고 있다고 생각되는 경우 여기에 설명된 절차를 따르실 수 있습니다 https://ko.player.fm/legal.
Kayra Otaner joins the podcast today to discuss DevSecOps and answer the question, is it dead? Kayra is the Director of DevSecOps at Roche and is highly involved in the DevSecOps community. Kayra states that DevSecOps in its traditional form is “dead” and that each organization should approach its needs based on their size. Otaner introduces the concept of "security as code" and "policy as code" as more effective approaches, where security functions are codified rather than relying on traditional documentation and checklists. Finally, they discuss the emergence of Application Security Posture Management (ASPM) tools as the "SIM for AppSec," suggesting these tools, especially when enhanced with AI, could help manage the overwhelming number of security alerts and issues that currently plague development teams.
Mentioned in this Episode:
Books by Yuval Noah Harari
FOLLOW OUR SOCIAL MEDIA:
➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast
Thanks for Listening!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
309 에피소드
모든 에피소드
×
T
The Application Security Podcast
1 Javan Rasokat and Andra Lezza -- When Chatbots Go Rogue - Lessons Learned from Building and Defending LLM Applications 47:31
47:31 
나중에 재생 
나중에 재생 
리스트 
좋아요 
좋아요47:31
나중에 재생 나중에 재생 리스트 좋아요 좋아요Andra Lezza and Javan Rasokat discuss the complexities of securing AI and LLM applications. With years of experience in Application Security (AppSec), Andra and Javan share their journey and lessons from their DEF CON talk on building and defending LLMs. They explore critical vulnerabilities, prompt injection, hallucinations, and the importance of data security. This discussion sheds light on the evolving landscape of AI and LLM security, offering practical advice for developers and security professionals alike. Javan’s blog article: Adversarial Misuse of Generative AI Javan’s recommendation for the TLDR newsletter Andra's book recommendation: The Cuckoo’s Egg by Cliff Stoll FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Former CISO Jim Routh discusses his perspective on retirement and career fulfillment in cybersecurity. Rather than viewing retirement as simply stopping work, Routh describes his three-filter approach: working only with people he respects and admires, doing only work he finds fulfilling, and controlling when he works. He shares valuable lessons learned about which post-retirement opportunities truly bring satisfaction and explains why he avoids certain roles. Routh emphasizes the importance of cybersecurity professionals taking ownership of their career development, recommending they focus on developing two specific skills annually rather than using tenure to guide career moves. The article written by Jim, published on LinkedIn: CISO Transition Check out previous episodes with Jim: Jim’s original AppSec podcast episode is our #1 listened to of all time. Jim Routh -- Selling #AppSec Up The Chain And Jim Routh — Secure Software Pipelines FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Henrik Plate joins us to discuss the OWASP Top 10 Open Source Risks, a guide highlighting critical security and operational challenges in using open source dependencies. The list includes risks like known vulnerabilities, compromised legitimate packages, name confusion attacks, and unmaintained software, providing developers and organizations a framework to assess and mitigate potential threats. Henrik offers insights on how developers and AppSec professionals can implement the guidelines. Our discussion also includes the need for a dedicated open-source risk list, and the importance of addressing known vulnerabilities, unmaintained projects, immature software, and more. The OWASP Top 10 Open Source Risks FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Tanya Janca -- A Secure SDLC from a Developer's Perspective 48:54
48:54 나중에 재생 나중에 재생 리스트 좋아요 좋아요48:54
나중에 재생 나중에 재생 리스트 좋아요 좋아요Security expert Tanya Janca discusses her new book "Alice and Bob Learn Secure Coding" and shares insights on making security accessible to developers. In this engaging conversation, she explores how security professionals can better connect with developers through threat modeling, maintaining empathy, and creating inclusive learning environments. Tanya emphasizes the importance of system maintenance after deployment and shares practical advice on input validation, while highlighting how security teams can build better relationships with development teams by avoiding arrogance and embracing collaboration. Tanya’s new book: Alice & Bob Learn Secure Coding Three Individuals that Tanya would like to introduce to you: Confidence Staveley https://confidencestaveley.com/ Rana Khalil https://www.linkedin.com/in/ranakhalil1 Laura Bell Main https://www.laurabellmain.com/ FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Mehran Koushkebaghi -- Security as a Systemic Concern: How to develop Anti-Requirements 45:08
45:08 나중에 재생 나중에 재생 리스트 좋아요 좋아요45:08
나중에 재생 나중에 재생 리스트 좋아요 좋아요Mehran Koushkebaghi, a seasoned engineering expert, delves into the intricacies of systemic security. He draws parallels between civil engineering and IT systems, and explains the importance of holistic thinking in security design. Discover the difference between semantic and syntactic vulnerabilities and understand how anti-requirements play a critical role in system resilience. This episode offers fresh perspectives on application security. Books recommended by Mehran: Critical System Thinking Book by Mike Jackson The Fifth Discipline by Peter Senge Understanding Complexity on Audible read by Scott E Page Nassim Taleb books FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Kalyani Pawar shares critical strategies for integrating security early and effectively in AppSec for startups. She recommends that startups begin focusing on AppSec around the 30-employee mark, with an ideal ratio of one AppSec professional per 10 engineers as the company grows. Pawar emphasizes the importance of building a security culture through "culture as code" - implementing automated guardrails and checkpoints that make security an integral part of the development process. She advises startups to prioritize visibility into their systems, conduct pentests, develop thoughtful policies, and carefully vet third-party tools and open-source solutions. Ultimately, Pawar's approach is about making security a collaborative, integrated effort that doesn't impede innovation but instead supports the startup's long-term success and safety. Kalyani’s Book recommendation: The Alignment Problem by Brian Christian FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Milan Williams discusses the importance of application security metrics and how to make them both meaningful and actionable. She explains that metrics are crucial for tracking progress in what can often feel like an overwhelming security landscape, and they're valuable for career advancement and securing resources. We discuss metrics categories and several specific metrics that are good to track. Milan shares important principles on the importance of making metrics actionable through storytelling and relating security impacts to real-world consequences for users. Milan's Book Recommendation: Quiet Influence : The Introvert’s Guide to Making a Difference by Jennifer Kahnweiler FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Mo Sadek shares his unique journey of building an Application Security program from scratch at Roblox. Mo discusses his unconventional path, including temporarily joining the infrastructure team to truly understand engineering challenges. He emphasizes that security isn't about mandating rules, but about making processes easier and more secure by default. Mo shares his insights on how to build effective cross-team security relationships and approaches for gaining leadership buy-in. Mo's Book Recommendation: I Have No Mouth and I Must Scream by Harlan Ellison FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Brett Crawley discusses the Elevation of Privilege (EoP) card game, a powerful tool for threat modeling in software development. The discussion explores recent extensions to the game including privacy-focused suits and TRIM (Transfer, Retention/Removal, Inference, Minimization) categories. Crawley emphasizes that threat modeling shouldn't end with the game but should be an ongoing process throughout an application's lifecycle, ideally starting before implementation. He also shares insights from his book, which provides detailed examples and guidance for teams new to threat modeling using EoP. You can find Brett on X @brettcrawley Brett’s book: Threat Modeling Gameplay with EoP: A reference manual for spotting threats in software architecture Book recommendation: Conscious Business by Fred Kofman FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Matin Mavaddat - Understanding Security as a Systemic Concern: The Role of Anti-Requirements 50:20
50:20 나중에 재생 나중에 재생 리스트 좋아요 좋아요50:20
나중에 재생 나중에 재생 리스트 좋아요 좋아요Matin Mavaddat discusses his perspective on security as a systemic concern, developed from his background in requirements engineering and systems architecture. He introduces the concept of "anti-requirements" - defining what a system should not do - and distinguishes between "syntactic security" (addressing technical vulnerabilities that are always incorrect) and "semantic security" (context-dependent security emerging from system interactions). Mavaddat shares his perspective that security itself doesn't have independent existence but rather emerges from preventing undesirable states. The discussion concludes with practical implementation strategies, suggesting that while automated tools can handle syntactic security issues, organizations should focus more energy on semantic security by understanding business context and defining anti-requirements early in the development process. Mentioned in this episode: Matin’s article: Reframing Security: Unveiling Power Anti-Requirements Systems Thinking for Curious Managers by Russell Ackoff Antifragile by Nassim Nicholas Taleb The Black Swan by Nassim Nicholas Taleb FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Kayra Otaner joins the podcast today to discuss DevSecOps and answer the question, is it dead? Kayra is the Director of DevSecOps at Roche and is highly involved in the DevSecOps community. Kayra states that DevSecOps in its traditional form is “dead” and that each organization should approach its needs based on their size. Otaner introduces the concept of "security as code" and "policy as code" as more effective approaches, where security functions are codified rather than relying on traditional documentation and checklists. Finally, they discuss the emergence of Application Security Posture Management (ASPM) tools as the "SIM for AppSec," suggesting these tools, especially when enhanced with AI, could help manage the overwhelming number of security alerts and issues that currently plague development teams. Mentioned in this Episode: Books by Yuval Noah Harari FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 François Proulx - Arbitrary Code Execution 0-day in Build Pipeline of Popular Open Source Packages 45:31
45:31 나중에 재생 나중에 재생 리스트 좋아요 좋아요45:31
나중에 재생 나중에 재생 리스트 좋아요 좋아요François Proulx shares his discovery of security vulnerabilities in build pipelines. Francois has found that attackers can exploit this often overlooked side of the software supply chain. To help address this, his team developed an open source scanner called Poutine that can identify vulnerable build pipelines at scale and provide remediation guidance. Francois has over 10 years of experience in building application security programs, he’s also the founder of the NorthSec conference in Montreal. Mentioned in the Episode: Cooking for Geeks by Jeff Potter Poutine Living Off the Pipeline project Grand Theft Actions Abusing Self Hosted GitHub Runners - Adnan Khan and John Stawinski Where to find Francois: LinkedIn X: @francoisproulx Previous Episodes: François Proulx -- Actionable Software Supply Chain Security FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Steve Wilson -- The Developer's Playbook for Large Language Model Security: Building Secure AI Applications 36:32
36:32 나중에 재생 나중에 재생 리스트 좋아요 좋아요36:32
나중에 재생 나중에 재생 리스트 좋아요 좋아요Steve Wilson, the author of 'The Developer's Playbook for Large Language Model Security’ is back to dive into topics from his book like AI hallucinations, trust, and the future of AI. Steve has been at the forefront of the explosion of activity at the intersection of AppSec, LLM, and AI. We discuss the biggest fears surrounding LLMs and AI, and explore advanced concepts like Retrieval Augmented Generation and prompt injection. Links: The Developer’s Playbook for Large Language Model Security by Steve Wilson Find Steve on LinkedIn Previous Episodes: Steve Wilson -- OWASP Top Ten for LLMs Steve Wilson and Gavin Klondike -- OWASP Top Ten for LLM Applications Release Two people Steve recommends you look up: Chris Voss , Former FBI Negotiator and author of “Never Split the Difference” Arshan Dabirsiaghi FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Jeff Williams, a renowned pioneer in the field of application security is with us to discuss Application Detection and Response (ADR), detailing its potential to revolutionize security in production environments. Jeff shares stories from his career, including the founding of OWASP, and his take on security assurance. We cover many topics including; security assurance, life, basketball and plenty of AppSec as well. Where to find Jeff: LinkedIn: https://www.linkedin.com/in/planetlevel/ Previous Episodes: Jeff Williams – The Tech of Runtime Security Jeff Williams – The History of OWASP FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Phillip Wylie -- Pen Testing from Somebody who Knows about Pen Testing 52:08
52:08 나중에 재생 나중에 재생 리스트 좋아요 좋아요52:08
나중에 재생 나중에 재생 리스트 좋아요 좋아요Philip Wiley shares his unique journey from professional wrestling to being a renowned pen tester. We define pen testing and the role of social engineering in ethical hacking. We talk tools of the trade, share a favorite web app pentest hack and offer good advice on starting a career in cybersecurity. Philip shares some insights from his book, ‘The Pentester Blueprint: Starting a Career as an Ethical Hacker.’ And we discuss the impact of AI on pen testing and where this field is headed in the next few years. The Pentester Blueprint Starting a Career as an Ethical Hacker written by Phillip Wylie The Web Application Hacker’s Handbook written by Dafydd Stuttard, Marcus Pinto Where to find Phillip: Website: https://thehackermaker.com/ Podcast: https://phillipwylieshow.com/ X: https://x.com/PhillipWylie LinkedIn: https://www.linkedin.com/in/phillipwylie/ FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Steve Springett, an expert in secure software development and a key figure in several OWASP projects is back. Steve unpacks CycloneDX and the value proposition of various BOMs. He gives us a rundown of the BOM landscape and unveils some new BOM projects that will continue to unify the security industry. Steve is a seasoned guest of the show so we learn a bit more about Steve's hobbies, providing a personal glimpse into his life outside of technology. Links from this episode: https://cyclonedx.org/ Previous episodes with Steve Springett: JC Herz and Steve Springett -- SBOMs and software supply chain assurance Steve Springett — An insiders checklist for Software Composition Analysis Steve Springett -- Dependency Check and Dependency Track Book: Software Transparency: Supply Chain Security in an Era of a Software-Driven Society by Chris Hughes and Tony Turner FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Irfaan Santoe joins us for an in-depth discussion on the power of strategy in Application Security. We delve into measuring AppSec maturity, return on investment, and communicating technical needs to business leaders. Irfaan shares his unique journey from consulting to becoming an AppSec professional, and addresses the gaps between CISOs and AppSec knowledge. Irfaan shares valuable insights for scaling AppSec programs and aligning them with business objectives. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Andrew Van Der Stok, a leading web application security specialist and executive director at OWASP joins us for this episode. We discuss the latest with the OWASP Top 10 Project, the importance of data collection, and the need for developer engagement. Andrew gives us the methodology behind building the OWASP Top 10, the significance of framework security, and much more. Previous episodes with Andrew Van Der Stock Andrew van der Stock — Taking Application Security to the Masses Andrew van der Stock and Brian Glas -- The Future of the OWASP Top 10 Books mentioned in the episode: The Crown Road by Iain Banks Edward Tufte FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Derek Fisher, an expert in hardware, software, and cybersecurity with over 25 years of experience is back on the podcast. Derek shares his advice on cybersecurity hiring, specifically in application security, and dives into the challenges of entry-level roles in the industry. We discuss the value of certifications, the necessity of lifelong learning, and the importance of networking. Listen along for good advice on getting noticed in cybersecurity, resume tips, and the evolving landscape of AppSec careers. Mentioned in this episode: The Application Security Handbook by Derek Fisher With the Old Breed by E.B. Sledge Cyber for Builders by Ross Haleliuk Effective Vulnerability Management by Chris Hughes Previous episode: Derek Fisher – The Application Security Handbook FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Tanya Janka, also known as SheHacksPurple, discusses secure guardrails, the difference between guardrails and paved roads, and how to implement both in application security. Tanya is an award-winning public speaker and head of education at SEMGREP and the best-selling author of ‘Alice and Bob Learn Application Security’. Tanya shares her insights on creating secure software and teaching developers in this episode. Mentioned in this episode: Tanya Janca – What Secure Coding Really Means Tanya Janca – Mentoring Monday - 5 Minute AppSec Tanya Janca and Nicole Becher – Hacking APIs and Web Services with DevSlop The Expanse Series by James S.A. Corey Alice and Bob Learn Application Security by Tanya Janca FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Jahanzeb Farooq -- Launching and executing an AppSec program 49:44
49:44 나중에 재생 나중에 재생 리스트 좋아요 좋아요49:44
나중에 재생 나중에 재생 리스트 좋아요 좋아요Jahanzeb Farooq discusses his journey in cybersecurity and the challenges of building AppSec programs from scratch. Jahanzeb shares his experience working in various industries, including Siemens, Novo Nordisk, and Danske Bank, highlighting the importance of understanding developer needs and implementing the right tools. The conversation covers the complexities of cybersecurity in the pharmaceutical and financial sectors, shedding light on regulatory requirements and the role of software in critical industries. Learn about prioritizing security education, threat modeling, and navigating digital transformation. Mentioned in this Episode: The Power of Habit by Charles Duhigg FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 David Quisenberry -- Building Security, People, and Programs 56:54
56:54 나중에 재생 나중에 재생 리스트 좋아요 좋아요56:54
나중에 재생 나중에 재생 리스트 좋아요 좋아요David Quisenberry shares about his journey into the security world, insights on building AppSec programs in small to mid-sized companies, and the importance of data-driven decision-making. The conversation delves into the value of mentoring and why it's important to build real relationships with the people you work with, the vital role of trust with engineering teams, and the significance of mental health and community in the industry. Books Shared in the Episode: SRE Engineering by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy The Phoenix Project by Gene Kim, Kevin Behr and George Spafford Security Chaos Engineering by Aaron Rinehart and Kelly Shortridge CISO Desk Reference Guide by Bill Bonney, Gary Hayslip, Matt Stamper Wiring the Winning Organization by Gene Kim and Dr. Steven J. Spear The Body Keeps the Score by Bessel van der Kolk, M.D. Intelligence Driven Incident Response by Rebekah Brown and Scott J. Roberts Never Eat Alone by Keith Ferrazzi Thinking Fast and Slow by Daniel Kahneman Do Hard Things by Steve Magness How Leaders Create and Use Networks , Whitepaper by Herminia Ibarra and Mark Lee Hunter FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Matt Rose -- Software Supply Chain Security Means Many Different Things to Different People 46:14
46:14 나중에 재생 나중에 재생 리스트 좋아요 좋아요46:14
나중에 재생 나중에 재생 리스트 좋아요 좋아요Matt Rose, an experienced technical AppSec testing leader discusses his career journey and significant contributions in AppSec. The conversation delves into the nuances of software supply chain security and exploring how different perceptions affect its understanding. Matt provides insights into the XZ compromise, critiques the buzzword 'shift left,' and discusses the role of digital twins and AI in enhancing the supply chain security. He emphasizes the need for a comprehensive approach beyond SCA, the relevance of threat modeling, and the potential risks and benefits of AI in security. Mentioned in the episode: The Application Security Program Handbook by Derek Fisher https://www.manning.com/books/application-security-program-handbook Podcast Episode: Derek Fisher – The Application Security Program Handbook https://youtu.be/DgmlHgNT-UM Authors mentioned: Steven E. Ambrose https://www.simonandschuster.com/authors/Stephen-E-Ambrose/1063454 Mark Frost https://en.wikipedia.org/wiki/Mark_Frost FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 James Berthoty -- Is DAST Dead? And the future of API security 44:56
44:56 나중에 재생 나중에 재생 리스트 좋아요 좋아요44:56
나중에 재생 나중에 재생 리스트 좋아요 좋아요James Berthoty, a cloud security engineer with a diverse IT background, discusses his journey into application and product security. James highlights his career trajectory from IT operations to cloud security, his experiences with security tools like Snyk and StackHawk, and the evolving landscape of Dynamic Application Security Testing (DAST) and API security. They delve into the practical challenges of CVEs, reachability analysis, and the complexities of patching in mid-sized companies. James shares his views on the often misunderstood role of WAF and the importance of fixing issues over merely identifying them. James Berthoty’s LinkedIn post: AppSec Kool-Aid Statements I Disagree With What is Art by Leo Tolstoy FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Mark Curphey and Simon Bennetts -- Riding the Coat Tails of ZAP, without Open Source Funding 42:32
42:32 나중에 재생 나중에 재생 리스트 좋아요 좋아요42:32
나중에 재생 나중에 재생 리스트 좋아요 좋아요Mark Curphey and Simon Bennetts, join Chris on the podcast to discuss the challenges of funding and sustaining major open source security projects like ZAP. Curphey shares about going fully independent and building a non-profit sustainable model for ZAP. The key is getting companies in the industry, especially companies commercializing ZAP, to properly fund its ongoing development and maintenance. Bennetts, who has led ZAP for over 15 years, shares the harsh reality that while ZAP is likely the world's most popular web scanner with millions of active users per month, very few companies contribute back financially despite making millions by building products and services on top of ZAP. Curphey and Bennetts are asking those in the industry to step up and properly fund open source projects like ZAP that are critical infrastructure, rather than freeloading off the hard work of a few individuals. Curphey's company is investing substantial funds in a "responsible marketing" model to sustain ZAP as a non-profit, with hopes others will follow this ethical example to prevent open source security going down a dangerous path. FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
Devon Rudnicki, the Chief Information Security Officer at Fitch Group, shares her journey of developing an application security program from scratch and advancing to the CISO role. She emphasizes the importance of collaboration, understanding the organization's business, and using metrics to drive positive change in the security program. Elon Musk - Walter Isaacson Steve Jobs - Walter Isaacson The Code Breaker: Jennifer Doudna, Gene Editing, and the Future of the Human Race - Walter Isaacson https://www.simonandschuster.com/authors/Walter-Isaacson/697650 FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Dustin Lehr -- Culture Change through Champions and Gamification 45:10
45:10 나중에 재생 나중에 재생 리스트 좋아요 좋아요45:10
나중에 재생 나중에 재생 리스트 좋아요 좋아요Dustin Lehr, Senior Director of Platform Security/Deputy CISO at Fivetran and Chief Solutions Officer at Katilyst Security, joins Robert and Chris to discuss security champions. Dustin explains the concept of security champions within the developer community, exploring the unique qualities and motivations behind developers becoming security advocates. He emphasizes the importance of fostering a security culture and leveraging gamification to engage developers effectively. They also cover the challenges of implementing security practices within the development process and how to justify the need for a champion program to engineering leadership. Dustin shares insights from his career transition from a developer to a cybersecurity professional, and he provides practical advice for organizations looking to enhance their security posture through community and culture-focused approaches. Links: "Maker's Schedule, Manager's Schedule" article by Paul Graham — https://www.paulgraham.com/makersschedule.html Never Split the Difference by Chris Voss & Tahl Raz — https://www.harpercollins.com/products/never-split-the-difference-chris-vosstahl-raz?variant=32117745385506 FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Francesco Cipollone -- Application Security Posture Management and the Power of Working with the Business 38:11
38:11 나중에 재생 나중에 재생 리스트 좋아요 좋아요38:11
나중에 재생 나중에 재생 리스트 좋아요 좋아요Francesco Cipollone, CEO of Phoenix Security, joins Chris and Robert to discuss security and explain Application Security Posture Management (ASPM). Francesco shares his journey from developer to cybersecurity leader, revealing the origins and importance of ASPM. The discussion covers the distinction between application security and product security, the evolution of ASPM from SIEM solutions, and ASPM's role in managing asset vulnerabilities and software security holistically. Francesco emphasizes the necessity of involving the business side in security decisions and explains how ASPM enables actionable, risk-based decision-making. The episode also touches on the impact of AI on ASPM. It concludes with Francesco advocating for a stronger integration between security, development, and business teams to effectively manage software security risks. Recommended Reading: Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup by Ross Haleliuk — https://ventureinsecurity.net/p/cyber-for-builders FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Mukund Sarma -- Developer Tools that Solve Security Problems 46:32
46:32 나중에 재생 나중에 재생 리스트 좋아요 좋아요46:32
나중에 재생 나중에 재생 리스트 좋아요 좋아요Mukund Sarma, the Senior Director for Product Security at Chime, talks with Chris about his career path from being a software engineer to becoming a leader in application security. He explains how he focuses on building security tools that are easy for developers to use and stresses the importance of looking at application security as a part of the broader category of product security. Mukund highlights the role of collaboration over security mandates and the introduction of security scorecards for proactive risk management. He and Chris also discuss the strategic implementation of embedded security functions within development teams. Discover the potential of treating security as an enabling function for developers, fostering a culture of shared responsibility, and the innovative approaches Chime employs to secure its services with minimal friction for developers. Links Chime's Monocle -- https://medium.com/life-at-chime/monocle-how-chime-creates-a-proactive-security-engineering-culture-part-1-dedd3846127f -- https://medium.com/life-at-chime/mitigating-risky-pull-requests-with-monocle-risk-advisor-part-2-7013e1485bf2 Introduction to Overwatch -- https://www.youtube.com/watch?v=QtZKBtw8VO4 Recommended Reading Building Secure and Reliable Systems by Adkins, Beyer, Blankinship, Lewandowski, Oprea, Stubblefield -- https://www.oreilly.com/library/view/building-secure-and/9781492083115/ Drive by Daniel Pink -- https://www.danpink.com/books/drive/ FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
T
The Application Security Podcast
1 Meghan Jacquot -- Assumed Breach Red Team Engagements for AppSec 40:55
40:55 나중에 재생 나중에 재생 리스트 좋아요 좋아요40:55
나중에 재생 나중에 재생 리스트 좋아요 좋아요AppSec specialist Megan Jacquot joins Chris and Robert for a compelling conversation about community, career paths, and productive red team exercises. Megan shares her unique cybersecurity origin story, tracing her interest in the field from childhood influences through her tenure as an educator and her formal return to academia to pivot into a tech-focused career. She delves into her roles in threat intelligence and application security, emphasizing her passion for technical work, penetration testing, and bug bounty programs. Additionally, Megan highlights the importance of mentorship, her involvement with the Women in Cybersecurity (WeCyS) community, and her dedication to fostering the next generation of cybersecurity professionals. The discussion covers assumed breach and red team engagements in cybersecurity, the significance of empathy in bug bounty interactions, tips for Call for Papers (CFP) submissions, and the value of community engagement within organizations like OWASP and DEF CON. Megan concludes with insights on the importance of difficult conversations and giving back to the cybersecurity community. Links Difficult Conversations (How to Discuss What Matters Most) by Douglas Stone, Bruce Patton, Sheila Heen -- https://www.stoneandheen.com/difficult-conversations Being Henry: The Fonz...and Beyond by Henry Winkler -- https://celadonbooks.com/book/being-henry-fonz-and-beyond-henry-winkler/ FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast ➜LinkedIn: The Application Security Podcast ➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~…
플레이어 FM에 오신것을 환영합니다!
플레이어 FM은 웹에서 고품질 팟캐스트를 검색하여 지금 바로 즐길 수 있도록 합니다. 최고의 팟캐스트 앱이며 Android, iPhone 및 웹에서도 작동합니다. 장치 간 구독 동기화를 위해 가입하세요.
The Application Security Podcast와 비슷한 콘텐츠
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
D
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
A podcast about web design and development.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
S
Syntax - Tasty Web Development Treats
1
Syntax - Tasty Web Development Treats
Wes Bos & Scott Tolinski - Full Stack JavaScript Web Developers
4k908
Full Stack Developers Wes Bos and Scott Tolinski dive deep into web development topics, explaining how they work and talking about their own experiences. They cover from JavaScript frameworks like React, to the latest advancements in CSS to simplifying web tooling.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
W
What Next: TBD | Tech, power, and the future
1
What Next: TBD | Tech, power, and the future
Slate Podcasts
11k573
Every Friday and Sunday, Slate’s popular daily news podcast What Next brings you TBD, a clear-eyed look into the future. From fake news to fake meat, algorithms to augmented reality, Lizzie O’Leary is your guide to the tech industry and the world it’s creating for us to live in.
…
continue reading
Material is a weekly discussion about the Google and Android universe. Your intrepid hosts try to answer the question, “What holds up the digital world?” The answer, so far, is that it’s Google all the way down. Hosted by Andy Ihnatko and Florence Ion.
…
continue reading
The power of Data is undeniable. And unharnessed - it’s nothing but chaos. Making data your ally. Using it to lead with confidence and clarity. Host Jess Carter is solving problems in real-time to reveal what’s possible. Helping communities and people thrive. This is Data Driven Leadership, a show brought to you by Resultant.
…
continue reading
TechStuff is getting a system update. Everything you love about Tech Stuff now twice the bandwidth with new hosts, Oz Woloshyn (Sleepwalkers) and Karah Preiss (Sleepwalkers). Oz and Karah bring humour and wit to the table as they break down what's happening in tech...and what it says about us. TechStuff is the podcast where technology meets culture. We speak to the folks building the future to understand what tomorrow will look like and how our technology is changing us: how we live, how we ...
…
continue reading
Player FM -팟 캐스트 앱
Player FM 앱으로 오프라인으로 전환하세요!
Player FM 앱으로 오프라인으로 전환하세요!
))
