Application Security 公开
[search 0]
更多

Download the App!

show episodes
 
Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application ...
 
Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application ...
 
Chris and Robert deconstruct world-class Application Security experts, digging deep to find the tools, tactics, projects, and tricks that make them successful. Each episode begins with the guest's security origin story or how they got started in Application Security. Topics range from DevOps+security, secure coding, OWASP, threat modeling, security culture, and anything else they can think of regarding application security. Chris Romeo (@edgeroute) is the CEO of Security Journey, and Robert ...
 
The state of application security is rapidly evolving and there is a need for a more frequent analysis of the threat landscape. Every month, join Setu Kulkarni, VP of Corporate Strategy and Business Development, alongside Zach Jones, Sr. Director Security Research, and other industry guests as they analyze key data points and trends, provide topical insights, and discuss what can be done to improve upon the current state of application security.
 
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a communit ...
 
In Season 2 of our podcast series, we’ll discuss the implications and mandates generated by Veracode’s most recent State of Software Security report. Our industry experts will pick up from Season 1’s highlights to take a closer look at application security today. Listeners will learn more about: The impact security debt is having across industries The changing attitudes and priorities put around application security How the average number of days to fix software flaws has almost tripled sinc ...
 
The events of the last year have propelled Security into the Fast Lane. Our lives transitioned, practically overnight, to a digital world and entire workforces were suddenly remote. All of this put security under the microscope, and we have been forced to ask ourselves, “Are we doing enough to secure our businesses? Can my security stack withstand an attack? Is our sensitive data protected and safe?” Join us each month as we chat with a prominent industry guest on the hot security topics tha ...
 
Welcome to the Cyber Security & Cloud Podcast #CSCP where we will explore the dark secret of cloud and cyber. The podcast focuses on people and their stories and explores the human element that brings so many people together Some episode will be for the well-seasoned cybersecurity veteran but most are about stories of infosec people and how they reach where they are now. The focus and various stream of the podcast is Cybersecurity, Cloud Security, Application Security Social Engineering, and ...
 
CyberSecurity Sense is LBMC Information Security's weekly podcast that will provide insight and updates on such information security topics as: Managed Security Service Providers, IPS Monitoring and Managed IDS Services, Security Information Event Management, Digital Forensic Analysis, Electronic Discovery and Litigation Support, Computer Security Incident Response, Penetration Testing, Risk Assessments, Security Program Planning, Web Application Security Assessments, ACAB LADMF Certificatio ...
 
Loading …
show series
 
This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva, to discuss Navigating the seas of security in serverless functions! In the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud secur…
 
This week in the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw159…
 
Download the accompanying report here. Applications are more vulnerable than last year. Time to fix serious vulnerabilities is increasing. Remediation rates are decreasing and the types of vulnerabilities that applications suffer from have not changed. Applications are now the path of least resistance for attackers to breach an enterprise. This is …
 
Kevin Greene is the Director of Security Solutions at Parasoft and has extensive experience and expertise in software security, cyber research and development, and DevOps. He leverages his knowledge to create meaningful solutions and technologies to improve software security practices. Kevin and I had a conversation to discuss software security fro…
 
Our special guest today is Aarti Gadhia. She is a highly successful cybersecurity professional who has worked in various leadership roles in sales and marking for well-known companies such as Bugcrowd, Carbon Black, Trend Micro and Sophos. Aarti is also the founder of Standout to Lead and SHE (Sharing Her Empowerment). Aarti is passionate about bri…
 
Adoption of serverless functions is rapidly growing, which means security teams will be challenged to deliver protection for data and applications in these complex environments in the coming months and years. Peter Klimek is helping Imperva customers address these challenges and will offer guidance on how to get protection for functions without slo…
 
CSCP is bringing back season 1 in a newly remastered version Chris will join us in the new season 3 in recording We talk all things Leadership, Risk Compliance with Chris Hodson CISO at Tanium After 17 years in cybersecurity, as well as talking all things cyber, Chris talks about the route he took to become a CISO and opens up on how to communicate…
 
This week, we welcome David DeSanto, Senior Director, Product Management, Dev & Sec at Gitlab! In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses De…
 
This week in the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw158…
 
In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent…
 
The software community has failed to draw a line between the security of products running in production with the product requirements that shape those very products in the first place. Join us, with special Guest James Robinson, Deputy CISO at Netskope, as we talk about security and product management. Special Guest: James Robinson, Deputy CISO at …
 
In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections. The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications…
 
In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw157
 
The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren’t bogged down by the limitations of legacy solutions. It’s never been more clear t…
 
CSCP is bringing back season 1 in a newly remastered version In this episode, we talk about all things cyber, from how to establish yourself in the industry and how not being allowed to play Doom when he was just eight years old led Daniel to become a hacker and eventually embark on a career in cybersecurity. Daniel is a hacker by day and by night,…
 
This week in the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: ht…
 
This week, we welcome Clint Gibler, Head of Security Research at r2c, to discuss Scaling Your Application Security Program! In the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it…
 
In this segment with Clint Gibler, learn: * Why secure defaults are higher ROI than finding vulnerabilities * How modern AppSec teams are working with their engineering counterparts * Targeting vulnerability classes, avoiding bug whack-a-mole * The latest innovations in lightweight static analysis Segment Resources: https://semgrep.dev/ https://git…
 
We reached the milestone of 50 Episodes on season 4 and celebrated with a live with 3 podcasts around the world. This is the recorded session of the live. Francesco Cipollone interview three hosts of cyber podcasts— Chris Cochran of Hacker Valley Studio, Allan Alford of Cyber Ranch Podcast, Ashish Rajan of Cloud Security Podcast. The four discuss t…
 
Our special guest today is Jeff Williams, Co-Founder and CTO of Contrast Security. Jeff was one of the pioneering members who formed the Open Web Application Security Project® (OWASP). Not only did he chair it, he also contributed to many successful open source projects, including WebGoat, the OWASP Application Security Verification Standard (ASVS)…
 
Download the supporting report here In this episode, we make a case for “Two Speed” Application Security to address the disparate needs of Legacy Applications and newer Greenfield Applications. In addition, hear about some simple takeaways for end users to protect themselves from potential application security vulnerabilities. Stay tuned for more u…
 
This week in the AppSec Weekly News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more! Visit https://www.securityweekly.com/asw for all the latest e…
 
This week, we welcome Nuno Loureiro & Tiago Mendo from Probely to discuss some Challenges of DAST Scanners, and their Adoption by Developers! Then, in the AppSec News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash,…
 
What are some of the DAST scanners challenges, like coverage of modern apps, point & shoot, scan time, partial scans, or scanning at scale? What do developers look for in a DAST scanner? This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them! Visit https://www.securityweekly.com/asw for all the lates…
 
Our special guest today is Frank Heidt who is the CEO and Co-Founder at Leviathan Security Group. Frank is a recognized expert in the fields of information assurance, network security and systems penetration. Prior to starting Leviathan, Frank was a managing security architect for @stake. He also engaged in various computer and networking security …
 
This week, we welcome Sebastian Deleersnyder, CTO at Toreon, to talk about OWASP SAMM - Software Assurance Maturity Model! In the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA…
 
This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekl…
 
We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity …
 
Loading …

快速参考指南

Google login Twitter login Classic login