The Application Security Podcast’s Episode List2018-08-24T04:54:42+00:00

Episodes List

1809, 2018

Back to the Lab Again with a DevOps (S04E08)

Mohammed Imran joins to discuss the DevSecOps Studio and more about the wonderful world of DevOps.

You can find him on Twitter @secfigo

DevSecOps Studio

1109, 2018

A Slice of the Razor with ASP.Net Core (S04E07)

On this week, Niels Tanis joins to talk about Razor and ASP.Net Core versus General.

You can find Niels on Twitter @nielstanis

409, 2018

A Pen Testers Transition to #AppSec: #VoteForOfer (S04E06)

On this week’s episode, Chris is joined by Ofer Maor to talk about his journey about transitioning into the world of #AppSec from the world of Pen Testing.

You can find him on Twitter @OferMaor

2808, 2018

#AppSec Pipeline as Toolbox (S04E05)

This week, we’re joined by Matt Tesauro, a co-lead for the AppSec Pipeline Project. He explains how they began building this project and some ways for you to start using this in your organization.

You can find Matt on Twitter @matt_tesauro

2008, 2018

Threat Modeling with a bit of #Startup (S04E04)

Stephen de Vries joins to discuss Threat Modeling and the unique approach that he takes by using tooling. We also discuss application security and startups.

You can find Stephen on Twitter @stephendv

Stephen is the CEO of Continuum Security. You can visit them on the web to find out more about their tool based solution for threat modeling and requirements management.

1408, 2018

Securing DevOps (S04E03)

On this episode, Julien Vehent joins to discuss all things DevOps + Security. We talk through Julien’s new book, Securing DevOps and go in depth as to the journey he went through building security into DevOps at his job.

You can find Julien on Twitter @jvehent

Purchase the book here!

The folks over at Manning Publications have also given a 40% discount on ALL their products to anyone who uses the AppSec Podcast specific discount code.

Discount Code: appsecpodcast18 

Visit Manning Publications

 

 

708, 2018

CRS and an Abstraction Layer (S04E02)

Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more.

You can find Christian on Twitter @ChrFolini.

OWASP ModSecurity Core Rule Set

ModSecurity

3007, 2018

Google Chrome and the Case of the Disappearing HTTP (S04E01)

On this episode, Chris is joined by Sean Wright to discuss the changes Google made with how they handle the HTTP Protocol. They also dive into TLS and some other pieces of crypto that relate to #AppSec.

You can find Sean on Twitter @SeanWrightSec

 

 

1206, 2018

All the Pieces You Need for an #AppSec Program: Finale(S03 E21) – Application Security PodCast

The conclusion of Season 3, all the best highlights, and some great advice from our guests on what you need to build an #AppSec Program.

We’ll be back in August with more episodes and more interviews.

Enjoy!

506, 2018

OWASP, Reach Out; We Are Known and Misunderstood (S03E20) – Application Security PodCast

Chris and Robert are joined by Martin Knobloch to discuss all things OWASP. They dive into the history of OWASP and some of the plans for the future.

You can find Martin on Twitter @knoblochmartin.

2205, 2018

Malicious User Stories (S03E18) – Application Security PodCast

On this episode, Robert speaks with Apollo Clark about Malicious User Stories and DevOps. He discusses how to properly handle user stories in a world being taken over by DevOps.

You can find Apollo on Twitter @apolloclark

1505, 2018

Neurodiversity in Security (S03E17) – Application Security PodCast

On this episode, Robert is joined by Megan Roddie at the SOURCE Conference in Boston. She talks about the how neurodiverse people can truly help an organization.

You can find her on Twitter @megan_roddie

2004, 2018

#OWASP AppSensor (S03E15) – Application Security PodCast

John Melton joins to discuss the #OWASP AppSensor project. He talks about how AppSensor works and how it can be used in your application.

You can find John on Twitter @_jtmelton

OWASP AppSensor Project

1304, 2018

Third Party Software is not a Cathedral, It’s a Bazaar (S03E14) – Application Security PodCast

David Habusha joins on this weeks episode to discuss the OWASP Top 10 A9: Using components with known vulnerabilities.

He also dives into the Software Composition Analysis (SCA) market.

You can find David on Twitter @davidhabusha

OWASP Top 10 A9

1204, 2018

Dependency Check and Dependency Track (S03E13) – Application Security PodCast

Steve Springett joins the show to talk Dependency Check and Dependency Track. He also discusses how they can be used to help prevent you from using components with known vulnerabilities.

OWASP Dependency Check

OWASP Dependency Track

You can find Steve on Twitter @stevespringett

604, 2018

The #OWASP Threat Modeling Project (S03E12) – Application Security PodCast

Steven Wierckx joins Robert and Chris this week to talk about the #OWASP Threat Modeling project that he’s involved in.

You can find Steven on Twitter @ihackforfun

https://open-security-summit.org/

504, 2018

The #OWASP Cheat Sheet Project (S03E11) – Application Security PodCast

Jim Manico joins on this weeks episode to discuss some of the changes with the OWASP Cheat Sheets and the plans they have for the future of that project. Jim also talks about how they are looking for experts in the field to create or update some of the Cheat Sheets.

You can find Jim on Twitter @manicode

2303, 2018

OWASP Top 10 #10: Logging (S03E10) – Application Security PodCast

Neil Smithline joins this week to discuss one one of the new items on the OWASP Top 10 List, Insufficient Logging and Monitoring.

Links:

OWASP Logging Cheat Sheet

OWASP ASVS

OWASP Proactive Controls: Intrusion Detection

You can find Neil on Twitter @neilsmithine

1603, 2018

Selling #AppSec Up The Chain (S03E09) – Application Security PodCast

Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built 5 successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with how to successfully sell #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program).

You can find Jim on Twitter @jmrouth01

903, 2018

#AppSec Recommendations (S03E08) – Application Security PodCast

Chris and Robert go over a plethora of recommendations they have accumulated over their years of experience in the industry.
Chris’s recommendations
1. Book: Agile Application Security: Enabling Security in a Continuous Delivery Pipeline
by Laura Bell (Author),‎ Michael Brunton-Spall (Author),‎ Rich Smith (Author),‎ Jim Bird (Author)
2. Website: Iron Geek
Adrian Crenshaw records many major, non-commercial security conferences and posts the talks to Youtube
3. Book: The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizations
by Gene Kim  (Author),‎ Patrick Debois  (Author),‎ John Willis (Author),‎ Jez Humble  (Author)
 4. News Source: The Register
News site, but has great sources and a bit of British humor attached to technology failures
5. Blog: TechBeacon
6. Book: Threat Modeling: Designing for Security
by Adam Shostack  (Author)
7. Book: The Tangled Web: A Guide to Securing Modern Web Applications
by Michal Zalewski  (Author)
8. Book: Start with Why: How Great Leaders Inspire Everyone to Take Action
by Simon Sinek  (Author)
Not a security book, but a good approach for those trying to change a security culture
Robert’s Recommendations
1. Books by Martin Fowler (Author)
He wrote many books on understanding Architecture.
2. Book: Software Security: Building Security In
by Gary McGraw (Author)
3. Book: Core Software Security: Security at the Source
by James Ransome (Author) and Anmol Misra (Author)
4. Book: Threat Modeling: Designing for Security
by Adam Shostack  (Author)
5. Websites: Troy Hunt
6. Conferences: #AppSec USA, , B-Sides, Source, Converge
7. Website: Google Alerts
Use this to be notified about specific topics you want to learn about.
8. Book: The Checklist Manifesto: How to Get Things Right
by Atul Gawande (Author)
9. Book Securing Systems: Applied Security Architecture and Threat Models
by Brook S. E. Schoenfield (Author)
10. Book: Risk Centric Threat Modeling: Process for Attack Simulation and Threat Analysis
by Tony UcedaVelez (Author) and Marco M. Morano
203, 2018

Hustle and Flow: Dealing With Burnout in Security (S03E07) – Application Security PodCast

Magen Wu works through the topic of burnouts and mental health in the world of security. She gives some examples on how to handle this and how to recognize if people around you are burning out.

You can find her on Twitter @infosec_tottie

Additional information on this topic:

2302, 2018

OWASP Top 10 #4 XXE (S03E06) – Application Security PodCast

Katy Anton joins this week to discuss number four on the OWASP Top 10. She dives into what XXE is, how to deal with it, and some of the other new items on the OWASP Top 10 2017.

You can find Katy on Twitter  @KatyAnton

1602, 2018

SAST, DAST, and IAST. Oh My! (S03E05) – Application Security PodCast

Pete Chestna is an advocate for SAST, DAST, and IAST tools and a passionate #AppSec enthusiast. A moving quote that Pete shared during this episode is “an #AppSec program is the byproduct of building secure developers.” #Truth

Pete describes the differences between SAST, DAST, IAST, and RASP, the struggles that developers encounter using new tools, false positives that occur and how to reduce them, and advice for building an #AppSec program from scratch versus adding tools to a mature program.

You can find Pete on Twitter @PeteChestna.

Additional information on this topic: