show episodes
 
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations are able to make informed decisions. OWASP is in a unique position to provide impartial, practical information about AppSec to individuals, corporations, universities, government agencies, and other organizations worldwide. Operating as a communit ...
 
Chris and Robert deconstruct world-class Application Security experts, digging deep to find the tools, tactics, projects, and tricks that make them successful. Each episode begins with the guest's security origin story or how they got started in Application Security. Topics range from DevOps+security, secure coding, OWASP, threat modeling, security culture, and anything else they can think of regarding application security. Chris Romeo (@edgeroute) is the CEO of Security Journey, and Robert ...
 
Welcome to the Cyber Security & Cloud Podcast #CSCP where we will explore the dark secret of cloud and cyber. The podcast focuses on people and their stories and explores the human element that brings so many people together Some episode will be for the well-seasoned cybersecurity veteran but most are about stories of infosec people and how they reach where they are now. The focus and various stream of the podcast is Cybersecurity, Cloud Security, Application Security Social Engineering, and ...
 
Contrast Security provides the industry’s only DevOps-Native AppSec Platform using instrumentation to continuously analyze and protect software from within the application. This enables businesses to see more of the risks in their software and less development delays and AppSec complexity. The Contrast platform integrates seamlessly into development pipelines, enabling easier security bug and vulnerability fixes that significantly speed release cycles. The Contrast Inside AppSec Podcast feat ...
 
iDigitalClassroom is a reliable source of first-class remote learning and remote work resources where eLearning content creators and remote technology providers are empowered by providing insight from a user perspective to enable the production of engagement tools and resources. Support this podcast: https://anchor.fm/digitalclassroom/support
 
Past speeches and talks from the Black Hat Briefings computer security conferences. The Black Hat Briefings USA 2005 was held July 27-28 in Las Vegas at Caesars Palace. A post convention wrap up can be found at http://www.blackhat.com/html/bh-usa-05/bh-usa-05-index.html Black Hat Briefings bring together a unique mix in security: the best minds from government agencies and global corporations with the underground's most respected hackers. These forums take place regularly in Las Vegas, Washi ...
 
Loading …
show series
 
Commonjoe/ WrongSecrets - https://github.com/commjoen/wrongsecrets Improper secret storage is a common technology problem. Use this tool to expose your developers to how to do it wrong, so they can learn how to do it right List of IT Assets an Attacker is most likely to Extort -https://www.helpnetsecurity.com/2021/10/13/it-assets-target/ Attackers …
 
Simon Bennetts is the OWASP Zed Attack Proxy (ZAP) Project Leader and a Distinguished Engineer at StackHawk, a company that uses ZAP to help users fix application security bugs before they hit production. He has talked about and demonstrated ZAP at conferences all over the world. Prior to making a move into security, he was a developer for 25 years…
 
CSCP is bringing back season 1 in a newly remastered version. This is part 2 of the interview with Tanya Janca. In this episode, Tanya shares her passion for WoSec, her decision to leave Microsoft, giving back to the community, encouraging women to get involved in cyber security, and defines DevSecOps. Tanya Janca is an application security evangel…
 
Minimum Viable Secure Product Minimum Viable Secure Product is a minimalistic security checklist for B2B software and business process outsourcing suppliers. How to Secure Python Web App Using Bandit Bandit is a tool developed to locate and correct security problems in Python code. To do that Bandit analyzes every file, builds an AST from it, and r…
 
When building a DevSecOps program from the ground up, you need to lead with the “why”. While there is no one size fits all solution, starting with understanding a company’s culture will put you on the right track for success. This was one of the many insights pulled from our discussion with Rohit Parchuri, CISO of Yext on In episode 104 of The Secu…
 
Ochaun Marshall is an Application Security Consultant. In his roles of secure ideas, he works on on-going development projects utilizing Amazon web services and breaks other people's web applications. Ochaun joins us to talk about SAST and IaC, static application security testing and infrastructure as code. We talk about what they are, how they wor…
 
CSCP is bringing back season 1 in a newly remastered version. This is part 1 of the interview with Chani. Chani Simms is the Managing Director and Co-Founder of Meta Defense Labs LTD, a consultant, the Founder of SHe CISO, a TEDx Speaker, and an Award-winning Cybersecurity Leader. Chani shares how she prepared for her TedX talk and her thoughts on …
 
In today's episode, lets talk about password and the future of password for that matter. We will recap the top trending security news which includes: -www.bbc.co.uk: UK proposed to ban default passwords -www.apple.com: Apple sues the NSO Group - www.nytimes.com: The secret life of passwords -https://fidoalliance.org: What is FIDO? -https://www.cisc…
 
CSCP is bringing back season 1 in a newly remastered version. This is part two with Kevin Fielder, a CISO, NED, start-up and board advisor, researcher, and speaker based in the UK. Kevin is a CrossFit athlete who values a healthy work-life balance that allows him time for fitness and family. He answers questions about diversity in the workplace, re…
 
https://twitter.com/Esquiring - Fred Jennings Vulnerabilities Equity program (VEP), vuln disclosure program (VDP), and what is the best way for disclosure of 0day? (‘proper’ is different and dependent) This show was inspired by this Tweet thread from @k8em0 and @_MG_https://twitter.com/k8em0/status/1459715464691535877 https://twitter.com/_MG_/statu…
 
In this sponsored BDS episode, Bryan Brake and Amanda Berlin interview Emily Eubanks, a Security Operations Analyst for #Blumira. We discuss common business risks like IT staff turnover, a lack of Incident Response procedures, choosing not to follow PowerShell best practices, and MFA use for critical or sensitive applications. We also discuss ways …
 
Ahem, Seth and Ken return with a live code review of a recently seen authentication routine. A discussion of software interdependence and the issues it creates (such as SSRF). In other words, 151 and not even the rum... sigh. Well somehow these clowns are still allowed on YouTube so stay tuned for another episode I guess or whatever. Or don't, who …
 
https://www.bleepingcomputer.com/news/security/us-education-dept-urged-to-boost-k-12-schools-ransomware-defenses/ https://securityaffairs.co/wordpress/124570/cyber-crime/fbi-hacked-email-server.html https://www.zdnet.com/article/security-company-faces-backlash-for-waiting-12-months-to-disclose-palo-alto-0-day/ https://www.randori.com/blog/why-zero-…
 
CSCP is bringing back season 1 in a newly remastered version. This is part 1 of the interview with Kevin. Kevin Fielder is a CISO, NED, start-up and board advisor, researcher, and speaker based in the UK. In part one of the interviews, Kevin discusses his approach to recurring and hiring new talent for junior cyber security roles, managing and lead…
 
In today's episode, I am discussing endpoint security with Information Security Media Group better known as ISMG. In particular we will delve into How the shift to remote work changed security imperatives when it comes to endpoint; The evolving role of endpoint security; Best practices your organization can implement now to maximize visibility and …
 
News stories covered this week, as well as links of note: https://www.wired.co.uk/article/sweden-stockholm-school-app-open-source https://curtbraz.medium.com/a-konami-code-for-vuln-chaining-combos-1a29d0a27c2a https://docs.google.com/presentation/d/17gISafUZzEyjV7wkdHaTQZmtxstBqECa/edit#slide=id.p4 https://www.securityweek.com/braktooth-new-bluetoo…
 
It is time for Yusuf On Security, I am your host Ibrahim YUSUF. Welcome again! In today’s episode we will dive into the most widely adopted framework, The NIST Cybersecurity Framework. -www.vice.com:The booming underground market for bots that steal 2FA codes - www.zdnet.com: Commerce Dept sanctions NSO Group, Positive Technologies and more for sel…
 
https://securityaffairs.co/wordpress/123948/security/2021-list-of-most-common-hardware-weaknesses.html? https://www.whitehouse.gov/wp-content/uploads/2021/08/M-21-31-Improving-the-Federal-Governments-Investigative-and-Remediation-Capabilities-Related-to-Cybersecurity-Incidents.pdf https://www.darkreading.com/application-security/tech-companies-crea…
 
From Nato’s email:Hi Bryan, Discussing the challenges that come with not having good logging in place could be a great topic! We could make it partly about how security maturity works, in the idea that security generally starts with awareness and visibility. The topic sort of gets into the idea that knowing is half the battle, so logging can be tra…
 
Loading …

Quick Reference Guide

Copyright 2021 | Sitemap | Privacy Policy | Terms of Service
Google login Twitter login Classic login