Podcasts about appsec

Share on
Share on Facebook
Share on Twitter
Share on Reddit
Copy link to clipboard
  • 101PODCASTS
  • 730EPISODES
  • 41mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Dec 31, 2021LATEST

POPULARITY

20122013201420152016201720182019202020212022


Best podcasts about appsec

Show all podcasts related to appsec

Latest podcast episodes about appsec

The Hacker Factory
A Conversation With Security Consultant And Streamer Derek Scheller Jr. | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Dec 31, 2021 35:35


Derek Scheller Jr. security consultant discusses his story and his streaming and community efforts. Derek's journey to security was preceded by his career in the US Army. Derek has worked as a red teamer, blue teamer, and a content creator and founder of Cyber Warrior Studios._______________________GuestDerek Scheller Jr.On YouTube | https://www.youtube.com/c/CyberWarriorStudiosOn LinkedIn | https://www.linkedin.com/in/dschellerjr/On Twitter | https://twitter.com/CyberWarriorSt1______________________HostPhillip WylieOn ITSPmagazine  

Paul's Security Weekly TV
Bringing Autonomy to AppSec - Dr. David Brumley - ESW #255

Paul's Security Weekly TV

Play Episode Listen Later Dec 24, 2021 37:16


Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren't going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven't solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy.   Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

The Hacker Factory
From Esports To Ethical Hacker | A Conversation With Ippsec | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Dec 24, 2021 37:08


Ippsec shares his story of his journey into ethical hacking. He discusses how he used esports commentary to overcome some speaking challenges and went on to become well known streamer and content creator._______________________GuestIppsecOn YouTube | https://www.youtube.com/c/ippsecOn Twitter | https://twitter.com/ippsec______________________HostPhillip WylieOn ITSPmagazine  

Enterprise Security Weekly (Video)
Bringing Autonomy to AppSec - Dr. David Brumley - ESW #255

Enterprise Security Weekly (Video)

Play Episode Listen Later Dec 23, 2021 37:16


Log4j, solar winds, tesla hacks, and the wave of high profile appsec problems aren't going to go away with current approaches like SAST and SCA. Why? They are: -40 years old, with little innovation -Haven't solved the problem. In this segment, we talk about fully autonomous application security. Vetted by DARPA in the Cyber Grand Challenge, the approach is different: -Prove bugs, rather than trying to list all of them. -Zero false positives, which leads to better autonomy.   Segment Resources: Article on competition: https://www.darpa.mil/about-us/timeline/cyber-grand-challenge Technical article on approach: https://spectrum.ieee.org/mayhem-the-machine-that-finds-software-vulnerabilities-then-patches-them Example vulns discovered: https://forallsecure.com/blog/forallsecure-uncovers-critical-vulnerabilities-in-das-u-boot https://github.com/forallsecure/vulnerabilitieslab Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw255

Security Architecture Podcast
Garantir(AppSec) - Season 03/07 - Episode #35

Security Architecture Podcast

Play Episode Listen Later Dec 23, 2021 28:08


We are airing our sixth episode in Season 3, this season is dedicated to application security, our guest for the show is Kieran Miller is the Chief Architect at Garantir, before joining Garantir, Kieran spent more than 10 years working in cybersecurity, including 8 years with Leidos, a major defense contractor, and several years with Gemalto. To promote our work and support the podcast, please review us here https://www.podchaser.com/podcasts/security-architecture-podcast-1313281 Season 3 KickOff episode with Tanya Janca Season 3 kickoff Episode - Application Security - Tanya Janca - YouTube Demo: https://garantir.io/contact/ WhitePaper: https://garantir.io/wp-content/uploads/2021/04/Garantir-Deploying-A-Fast-Secure-Code-Signing-System.pdf Kieran: https://www.linkedin.com/in/kieran-miller-0776136/ Kieran Miller is the Chief Architect at Garantir, a cybersecurity company based in San Diego, California. Before joining Garantir, Kieran spent more than 10 years working in cybersecurity, including 8 years with Leidos, a major defense contractor, and several years with Gemalto, which was later acquired by Thales, followed by multiple years as a senior security consultant. With over a decade of cybersecurity experience, Kieran has expertise in multiple dimensions of enterprise security, from data security and identity access management to secure software development. Garantir overview: Garantir is a cybersecurity company that provides advanced cryptographic solutions to the enterprise. The Garantir team has worked on the security needs of businesses of all sizes, from startups to Fortune 500 companies. At the core of Garantir's philosophy is the belief that securing business infrastructure and data should not hinder performance or interrupt day-to-day operations. With GaraSign, Garantir's flagship product, private keys remain secured at all times, while a client-side hashing architecture ensures high performance for all cryptographic operations, including code signing, SSH, S/MIME, document signing, TLS, secure backup, and more.

IT Visionaries
Providing Visibility and Context to Software Development Security with Idan Plotnik, the CEO of Apiiro

IT Visionaries

Play Episode Listen Later Dec 23, 2021 32:03


Running fast is good but not headfirst into a brick wall. Similarly, software development needs to move fast, but moving too fast typically is not secure and can cause headaches. Furthermore, old security protocols are insufficient and inefficient. Idan Plotnik, the Co-Founder & CEO of Apiiro, makes the case for a platform that quickly provides contextualized information concerning codingMain TakeawaysContextualized Info: An old way of checking code often involved the coders themselves answering a long list of questions. This was inefficient and ineffective. A more helpful approach is to have a platform that quickly provides contextualized information concerning the coding, the process, and potential breaks in the chain. With this type of info, security risks can much more efficiently be discovered and addressed. Establishing Trust: A platform that provides contextualized information can assist in communication between AppSec teams and developers. If an AppSec team is able to approach the developers with helpful information, then that can establish trust between all parties. With trust established, everybody can work together to reduce the security risk.   Mission-oriented: An entrepreneur, or a company, should have passion for their mission, whether that's in securing software development or otherwise. In Israel, there is certainly a connection between innovation and the lessons that many entrepreneurs have learned during their military service. Mission-oriented values seem to translate to successful business outcomes.IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform 

The Hacker Factory
From Marine, to Geek Squad, to Red Team - A Conversation with Jeremiah Roe | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Dec 17, 2021 39:13


Jeremiah like a lot of others worked in various other areas before finding his home in red teaming. He was a Marine, a mall cop, a Geek Squad tech, and found what he was meant be, a red teamer. Join us as Jeremiah shares his story, knowledge, and advice._______________________GuestJeremiah RoeOn Linkedin | https://www.linkedin.com/in/jeremiahroe/On Twitter | https://twitter.com/c1ph3rflux______________________HostPhillip WylieOn ITSPmagazine  

Absolute AppSec
Episode Ep. 155 - Log4Hell, Boring AppSec, Crocs and SOCs

Absolute AppSec

Play Episode Listen Later Dec 17, 2021


Tis the season... for 0 days. Discussions on the ever-present Log4j issue that the whole industry is dealing with. Kernelcon training announcements, dealing with varying expectations of clients and developers on industry terms, further appsec resources, and why crocs and socks matter.

Technado from ITProTV
Technado, Ep. 234: Coalfire's Jason Hicks

Technado from ITProTV

Play Episode Listen Later Dec 16, 2021 53:33


Jason Hicks, who recently joined Coalfire as a Field CISO and cybersecurity executive advisor, sat down with the Technado team to talk about his new role. He also shared his predictions for the AppSec industry in 2022. Then, the guys discussed last week's AWS US-EAST-1 outage, mouse movers for sneaky remote workers, SIP phones adding Microsoft Teams support, and the Log4j Log4Shell zero-day. Finally, in WTF, they talked about the racist blockchain record tied to 'McDonalds McRib NFT.

Technado from ITProTV (Audio)
Technado, Ep. 234: Coalfire's Jason Hicks

Technado from ITProTV (Audio)

Play Episode Listen Later Dec 16, 2021 53:29


Jason Hicks, who recently joined Coalfire as a Field CISO and cybersecurity executive advisor, sat down with the Technado team to talk about his new role. He also shared his predictions for the AppSec industry in 2022. Then, the guys discussed last week's AWS US-EAST-1 outage, mouse movers for sneaky remote workers, SIP phones adding Microsoft Teams support, and the Log4j Log4Shell zero-day. Finally, in WTF, they talked about the racist blockchain record tied to McDonald's McRib NFT.

We Hack Purple Podcast
AppSec Tools - Contrast Security Serverless Scanner

We Hack Purple Podcast

Play Episode Listen Later Dec 13, 2021 23:12


 Jeff Williams from Contrast Security takes our questions about their new Serverless Scanning Tool and gives a demo to show just how easy it is.  Video demo can be found here: https://youtu.be/R4NkfbNw5YsLearn more here: https://www.contrastsecurity.com/contrast-serverless-application-security Join our online community here: community.wehackpurple.com Our online courses in #AppSec and Secure Coding: academy.wehackpurple.com 

The Hacker Factory
LEO Turned Pentester | A Conversation With John Marrin | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Dec 10, 2021 36:20


LEO is not John Marrin's astrological sign, John was a former LA law enforcement officer. John shares his story of how he became a pentester.John shares his story of how he became a pentester. John spent long hours and dedicated over two years to learn the skill of pentesting. He went from zero experience to working as a consultant performing pentests including ATMs._______________________GuestJohn MarrinOn Linkedin | https://www.linkedin.com/in/johnmarrin/On Twitter | https://twitter.com/jtmarrin______________________HostPhillip WylieOn ITSPmagazine  

Security Architecture Podcast
Checmarkx(AppSec) - Season 03/06 - Episode #34

Security Architecture Podcast

Play Episode Listen Later Dec 9, 2021 17:44


This Season is dedicated to Application security, our guest for the show is James Brotsos Developer Advocate and Product Manager, James leads all strategic and product integrations for Checkmarx To promote our work and support the podcast, please review us here https://www.podchaser.com/podcasts/security-architecture-podcast-1313281 Season 3 KickOff episode with Tanya Janca Season 3 kickoff Episode - Application Security - Tanya Janca - YouTube Demo/POC: https://checkmarx.com/product/software-security-platform/ Whitepaper: https://checkmarx.com/resources/ebooks-and-whitepapers Checmarx: Checkmarx is constantly pushing the boundaries of Application Security Testing to make security seamless and simple for the world's developers while giving CISOs the confidence and control they need. As the AppSec testing leader, we provide the industry's most comprehensive solutions, giving development and security teams unparalleled accuracy, coverage, visibility, and guidance to reduce risk across all components of modern software—including proprietary code, open-source, APIs, and infrastructure as code. Over 1,600 customers, including half of the Fortune 50, trust our security technology, expert research, and global services to securely optimize development at speed and scale. James Brotsos | Product Manager – Developer Experience | https://www.linkedin.com/in/jbrotsos/ Developer Advocate and Product Manager, James leads all strategic and product integrations for Checkmarx – a leader in Application Security Testing Solutions. He comes with fifteen years of software engineering experience in network protocol and kernel development. In his spare time, he volunteers mentoring Computer Science high school students in the Bay Area. He is an active “maker”, and his main hobby is following IoT technology and trends.

Relating to DevSecOps
Episode #036: Trending Topics from Terraform to Testing

Relating to DevSecOps

Play Episode Listen Later Dec 7, 2021 38:04


In this alliterative episode we bring back Mike McCabe to wrap up a security year in consulting with common trends and successes in security. On the back of Ken and Mike's talk at LASCON 2021, these two break down some of the common security themes from clients and scenarios that highlight just how we've progressed in an almost fully remote year of work. AppSec programs, maturity, compliance, transferring risk, and infrastructure as code are just a few of the topics we chat through We know it's been a while since we've laid down some content, but we are excited to bring Mike on for more and more as we get into 2022 content.

Dev Interrupted
Automating AppSec with Contrast Security

Dev Interrupted

Play Episode Listen Later Dec 4, 2021 42:15


Everything we do is online. We bank online, access healthcare, pay our taxes, build our businesses -  and along the way we put trust in companies to keep us protected. Unfortunately, companies aren't great at writing secure software. Contrast Security wants to change that. Jeff Williams, Co-founder & CTO of Contrast Security, and Steve Wilson, CPO, join the Dev Interrupted podcast to discuss the future of application security (AppSec), the importance of security automation and why the traditional way of doing security - where you scan app after app a few times a year - is over.Contrast Security is hiring: Check out their open positions.Join our Discord Community ►► discord.gg/devinterruptedOur Website ►► devinterrupted.com/Want to try LinearB?  Book a LinearB Demo and use the "Dev Interrupted Podcast" discount code.Have 60 seconds? Review the show on Apple Podcasts

The Hacker Factory
A Conversation With John Hammond, Cybersecurity Researcher And Hacking Content Creator | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Dec 3, 2021 43:43


John Hammond is well known for his content creation and contributions to the cybersecurity community. His YouTube videos are enjoyed by many and are especially helpful to aspiring pentesters.John holds multiple offensive security certifications and was the first to earn the new OSCE(3) certifications. John is a highly skilled CTF expert and security researcher and talented content creator. Listen as he shares his valuable advice._______________________GuestJohn HammondOn Linkedin | https://www.linkedin.com/in/johnhammond010/On Twitter | https://twitter.com/_JohnHammondOn YouTube | https://www.youtube.com/johnhammond010______________________HostPhillip WylieOn ITSPmagazine  

The Hacker Factory
A Conversation With Pentesting And Bug Bounty Expert Jason Haddix | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Nov 26, 2021 36:56


Jason Haddix, world renowned bug bounty researcher, shares his story and valuable advice that has helped many aspiring pentesters and bug hunters.Jason shares his story of starting in IT, becoming a pentester, to helping a top bug bounty company in the beginning stages. Jason's advice includes learning resources, and career advice that he has shared with many aspiring cybersecurity professionals over the years. Jason being a top ranked bug hunter is well known for his bug bounty methodology which he has presented at numerous conferences and events to help others learning bug bounty._______________________GuestJason HaddixOn Linkedin | https://www.linkedin.com/in/jhaddix/On Twitter | https://twitter.com/Jhaddix______________________HostPhillip WylieOn ITSPmagazine  

Cyber Security Sauna
061| AppSec, According to Two Guys Named Antti

Cyber Security Sauna

Play Episode Listen Later Nov 24, 2021 42:57


The topic of application security has never been more important. So how are companies approaching appsec? What should companies do to ensure appsec gets the attention it needs? Antti Tuomi, who works in Japan, and Antti Vaha-Sipila (known as AVS), from Finland, join the show to share their thoughts on changes in application security, shifting left, supporting developers, "level boss testing," and much more. Links: Episode 61 transcript

Paul's Security Weekly TV
CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175

Paul's Security Weekly TV

Play Episode Listen Later Nov 23, 2021 35:16


This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw175

Application Security Weekly (Video)
CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175

Application Security Weekly (Video)

Play Episode Listen Later Nov 23, 2021 35:16


This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw175

Paul's Security Weekly
Max Headroom - ASW #175

Paul's Security Weekly

Play Episode Listen Later Nov 23, 2021 69:32


This week, we welcome Liam Randall, CEO at Cosmonic, to talk about wasmCloud - Distributed Computing With WebAssembly! CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely! In the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!   Show Notes: https://securityweekly.com/asw175 Segment Resources: https://webassembly.org/ https://wasmcloud.com/   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Application Security Weekly (Audio)
Max Headroom - ASW #175

Application Security Weekly (Audio)

Play Episode Listen Later Nov 23, 2021 69:32


This week, we welcome Liam Randall, CEO at Cosmonic, to talk about wasmCloud - Distributed Computing With WebAssembly! CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely! In the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!   Show Notes: https://securityweekly.com/asw175 Segment Resources: https://webassembly.org/ https://wasmcloud.com/   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

The Hacker Factory
Overcoming Obstacles To Become A Pentester | A Conversation With Joe "The Blind Hacker" Brinkley | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Nov 19, 2021 42:24


Joe Brinkley—or The Blind Hacker as he is most commonly known in the InfoSec community—shares his story of overcoming a disability to achieve his dream job in cybersecurity.Joe is not only a very talented pentester, but a community contributor, speaker, mentor, and Innocent Lives Foundation Ambassador. Joe shares his story and advice on getting started in cybersecurity._______________________GuestJoe "The Blind Hacker" BrinkleyOn Linkedin | https://www.linkedin.com/in/brinkleyjoseph/On Twitter | https://twitter.com/TheBlindHackerOn YouTube | https://www.youtube.com/user/brinkleyjm______________________HostPhillip WylieOn ITSPmagazine  

Application Security Weekly (Video)
PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174

Application Security Weekly (Video)

Play Episode Listen Later Nov 16, 2021 38:32


In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw174

Paul's Security Weekly
Eyes Open - ASW #174

Paul's Security Weekly

Play Episode Listen Later Nov 16, 2021 70:42


This week, we welcome Ryan Lloyd, Chief Product Officer at Guardsquare, to discuss Mobile Application Security! Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats. In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!   Show Notes: https://securityweekly.com/asw174 Visit https://securityweekly.com/guardsquare to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Application Security Weekly (Audio)
Eyes Open - ASW #174

Application Security Weekly (Audio)

Play Episode Listen Later Nov 16, 2021 70:42


This week, we welcome Ryan Lloyd, Chief Product Officer at Guardsquare, to discuss Mobile Application Security! Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats. In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!   Show Notes: https://securityweekly.com/asw174 Visit https://securityweekly.com/guardsquare to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly TV
PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174

Paul's Security Weekly TV

Play Episode Listen Later Nov 16, 2021 38:32


In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw174

The Hacker Factory
Social Engineer Expert Unmasking Child Predators | A Conversation with Chris Hadnagy | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Nov 12, 2021 40:50


Social Engineering expert Chris Hadnagy entrepreneur, DEFCON Social Engineering Village, and Innocent Lives Foundation founder shares his story.Chris shares story of being recruited by Offensive Security, discovering his talent and interest for social engineering. Chris has authored multiple books on social engineer, founded the DEFCON Social Engineering Village, and the Innocent Lives Foundation. Chris runs his own business as well as hosts a social engineering conference. Listen as Chris shares his intriguing story._______________________GuestChris HadnagyOn Linkedin | https://www.linkedin.com/in/christopherhadnagy/On Twitter | https://twitter.com/humanhacker______________________HostPhillip WylieOn ITSPmagazine  

Security Architecture Podcast
MoneyBall(AppSec) - Season 03/05 - Episode #33

Security Architecture Podcast

Play Episode Listen Later Nov 11, 2021 23:56


This Season is dedicated to Application security, our guests for the show are Dino Boukouris and Setu Kulkarni. They are joining us to talk about the Application Security market. To promote our work and support the podcast, please review us here https://www.podchaser.com/podcasts/security-architecture-podcast-1313281 Season 3 KickOff episode with Tanya Janca Season 3 kickoff Episode - Application Security - Tanya Janca - YouTube About Dino: https://www.linkedin.com/in/konstantinosboukouris/ Dino Boukouris is a Founding & Managing Director at Momentum Cyber, the premier strategic advisor to the Cybersecurity industry. Dino has spent over 16 years in the technology industry with expertise in cybersecurity, finance, strategy, operations, and venture capital & private equity. Dino has been a speaker at Cybersecurity conferences across the country including the RSA Conference, Cybertech Tel Aviv, Structure Security, Global Cyberspace Coop Summit, IoT Security Panel, M&A East, as well as at numerous private events and corporate gatherings. Dino was also professional faculty at the University of California, Berkeley – Haas School of Business, where he taught a top ranked Venture Capital & Private Equity course for the MBA program. About Setu https://www.linkedin.com/in/setu-kulkarni-6552251/ Setu is a Corporate Strategy & Product Management executive with feet on the ground experience in NAM, Europe & APAC. Currently, he leads product management at Venafi, the leader in Machine Identity Management. At the time of this recording, Setu led product strategy at NTT Security. Prior to NTT Security, he established and led the corporate strategy & PM functions during critical growth years at WhiteHat Security, resulting in its acquisition by NTT Security. Earlier in his career, Setu led platform product strategy & management at TIBCO for Operation Intelligence, Cloud, SOA & BPM products. Setu is a company spokesperson, a speaker at industry & investor events, a podcast host and thought-leader in the Application Security space.

Brakeing Down Security Podcast
2021-040-Sweden's parents rebel over poor App design, US government forcing patching of systems, and Vuln chaining

Brakeing Down Security Podcast

Play Episode Listen Later Nov 8, 2021 36:55


News stories covered this week, as well as links of note: https://www.wired.co.uk/article/sweden-stockholm-school-app-open-source https://curtbraz.medium.com/a-konami-code-for-vuln-chaining-combos-1a29d0a27c2a    https://docs.google.com/presentation/d/17gISafUZzEyjV7wkdHaTQZmtxstBqECa/edit#slide=id.p4   https://www.securityweek.com/braktooth-new-bluetooth-vulnerabilities-could-affect-millions-devices   https://offsec.almond.consulting/intro-to-file-operation-abuse-on-Windows.html   https://searchsecurity.techtarget.com/news/252509040/CISA-cracks-the-whip-on-patching-vulnerabilities https://cyber.dhs.gov/bod/22-01/   https://www.cisa.gov/known-exploited-vulnerabilities-catalog  

The Hacker Factory
Former Developer Turned Security Advocate | A Conversation With Rey Bango | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Nov 5, 2021 51:10


Rey Bango goes from a long-time developer to security advocate and freelance pentester.Rey shares his story, his path to security, and his vast experience with numerous cybersecurity training providers making him a subject matter expert in offensive cybersecurity education._______________________GuestRey BangoOn Linkedin | https://www.linkedin.com/in/reybango/On Twitter | https://twitter.com/reybango______________________HostPhillip WylieOn ITSPmagazine  

We Hack Purple Podcast
How to Build Security Champions

We Hack Purple Podcast

Play Episode Listen Later Nov 4, 2021 38:36


All too often, the AppSec team or security team is a person of one. How can you add more people to the team with out a massive increase to the budget?Persuasion!This talk was given at SecTor (Toronto) Nov 2021. Scaling your Team is part of our Application Security Program at Academy.WeHackPurple.Com 

The Hacker Factory
From Marine Aircraft Rescue Fire Fighter To Red Teamer | A Conversation with Gabe Thompson | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Oct 29, 2021 47:19


Gabe's curiosity for how things work as a child is later used as a red teamer, but not leveraged until years later.Gabe shares his story and how his approach to learning and his career reflects how he prepares for 100 mile runs._______________________GuestGabe ThompsonOn Linkedin | https://www.linkedin.com/in/gabethompson1811/On Twitter | https://twitter.com/grnbeltwarrior______________________HostPhillip WylieOn ITSPmagazine  

Application Security Weekly (Video)
UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171

Application Security Weekly (Video)

Play Episode Listen Later Oct 26, 2021 38:49


This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw171

Paul's Security Weekly TV
UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171

Paul's Security Weekly TV

Play Episode Listen Later Oct 26, 2021 38:49


This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more!   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw171

Brakeing Down Security Podcast
2021-038-Liz Saling, 5 pillars of building a good team

Brakeing Down Security Podcast

Play Episode Listen Later Oct 25, 2021 67:18


Blog post that inspired this episode: https://lizsaling.com/SWE-team-five-pillars/   Liz Saling  (@lizsaling) https://www.mindtools.com/pages/article/newLDR_86.htm http://www.mspguide.org/tool/tuckman-forming-norming-storming-performing https://michaelhyatt.com/3-roadblocks-to-avoid-for-optimal-team-performance Erin meyer is the one who did the netflix study! https://bigthink.com/the-present/high-performing-teams/ https://alicedartnell.com/blog/why-smart-goals-are-stupid/   NEWS: Unlocking ‘god' mode on windows 11: https://www.bleepingcomputer.com/news/microsoft/how-to-unlock-windows-11s-god-mode-to-access-advanced-settings/ https://www.reddit.com/r/netsec/comments/q9f63y/creating_a_basic_python_reverse_shell_listener/ NFT malware (NFTs that empty wallets): https://www.theregister.com/2021/10/17/in_brief_security/

The Hacker Factory
Software Developer Turned Web App Pentester And Content Creator | A Conversation With Rana Khalil | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Oct 22, 2021 43:45


Rana discovered application security as a software developer which inspired her interest in web app pentesting.During her studies and journey to prepare for the OSCP certification, Rana started sharing what she learned in blogs and went on to create video learning content for aspiring pentesters and security professionals._______________________GuestRana KhalilOn Linkedin | https://www.linkedin.com/in/ranakhalil1/On Twitter | https://twitter.com/rana__khalilOn YouTube | https://www.youtube.com/channel/UCKaK-XPQAbznwIISC46b1oAOn Medium | https://ranakhalil101.medium.com/______________________HostPhillip WylieOn ITSPmagazine  

Absolute AppSec
Episode Ep. 149 - Burnout, AppSec News Sources

Absolute AppSec

Play Episode Listen Later Oct 19, 2021


Just two old men bi***ing and moaning about App Sec and the price of a good pair of New Balances. Real discussion on dealing with burnout and imposter syndrome. How to stay engaged and interested when the excitement becomes mundane.

The Hacker Factory
From Aspiring Herbalist To Red Teamer | A Conversation With Joe Vest | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Oct 15, 2021 43:26


Joe Vest started his journey as an aspiring herbalist, then his focus turned to IT working as a sysadmin.Joe's knack for technology as a sysadmin led him to cybersecurity and then red teaming when the discipline was not very known or practiced._______________________GuestJoe VestOn Linkedin | https://www.linkedin.com/in/joe-vest/On Twitter | https://twitter.com/joevest______________________HostPhillip WylieOn ITSPmagazine  

Security Architecture Podcast
CloudDefense(AppSec) - Season 03/04 - Episode #32

Security Architecture Podcast

Play Episode Listen Later Oct 14, 2021 31:02


This Season is dedicated to Application security, our guest for the show is Abhi Veldurthy from CloudDefense. He joins us to discuss their SAST, SCA, and VA solutions. Abhi Veldurthy is VP of Engineering at CloudDefense responsible for the technical direction and strategy. To promote our work and support the podcast, please review us here https://www.podchaser.com/podcasts/security-architecture-podcast-1313281 Season 3 KickOff episode with Tanya Janca Season 3 kickoff Episode - Application Security - Tanya Janca - YouTube Demo/POC: https://www.clouddefense.ai/request-demo Whitepaper: https://www.clouddefense.ai/ CloudDefense Summary CloudDefense is an Application Security company that provides a single pane of glass view into the overall security health of an organization. It provides tools to discover open source vulnerabilities, open-source licenses, static analysis (SAST), API and Web penetration testing, as well as Cloud Native, Cloud Infra, and Container Vulnerabilities with a few clicks. CloudDefense helps you in preventing accidental slippage of critical security issues in production. Abhi Veldurthy Bio https://www.linkedin.com/in/aveldurthy/ Abhi Veldurthy is VP of Engineering at CloudDefense responsible for the technical direction and strategy, while leading the engineering efforts at the company. He has a Masters in Information Security from Carnegie Mellon and is deeply passionate about application development and is using this powerful combination to build a holistic security solution at CloudDefense. Prior to joining CloudDefense, Abhi has worked with LinkedIn, Amazon and Yahoo.

Relating to DevSecOps
Episode #034: Attack of the Git PR through K8s

Relating to DevSecOps

Play Episode Listen Later Oct 11, 2021 42:20


In this episode we squeeze one more git topic out with an attack through a PR. Based on a recent article posted on https://cloudseclist.com/ we thought it fit the series pretty well and put a nice capstone on everything.  You can read the article we reference yourself at https://goteleport.com/blog/hack-via-pull-request/ This episode is full of hot takes and rambling, but we thought we ended in a good place even if we went through a few roundabout analogies to get there. Learn more about how security relates to building a house, robbing a bank, and fixing your kitchen sink.

The Hacker Factory
From Pentesting Applications To Educating The Masses | A Conversation With Louis Nyffenegger | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Oct 8, 2021 41:44


During Louis Nyffenegger's education at a university, he discovered his interest in information security.Louis went on to create a globally popular web app pentesting learning platform used by aspiring pentesters and bug hunters. Louis is passionate about educating and helping others, which is more obvious the more you learn about him._______________________GuestLouis NyffeneggerOn Linkedin | https://www.linkedin.com/in/nyffeneggerlouis/On Twitter | https://twitter.com/snyff______________________HostPhillip WylieOn ITSPmagazine  

AppSec Stats Flash: A Monthly Podcast on the State of Application Security

The Alice and Bob characters were invented by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper "A Method for Obtaining Digital Signatures and Public-key Cryptosystems". Alice and Bob were also joined by an additional cast of characters as needed to keep the explanation of cryptographic systems lively and relatable. The famous Cryptographic couple have now ventured into Application Security. In her book, "Alice and Bob Learn Application Security", my guest today Tanya Janca, has done a fantastic job of discussing 10 topics across 3 sections to address the subject of AppSec. Tune in to the podcast as we discuss the practitioner aspects of being a security minded developer.Special Guest: Tanya Janca, CEO and Founder of We Hack PurpleTanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security'. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.community.wehackpurple.comacademy.wehackpurple.comaliceandboblearn.comChecklists:Secure Design Conceptshttps://newsletter.wehackpurple.com/foundational-security-conceptsPCI-DSS for Devs!https://newsletter.wehackpurple.com/pci-dss-for-devsAPI Security Best Practiceshttps://newsletter.wehackpurple.com/api-securityApplication Security Activitieshttps://newsletter.wehackpurple.com/appsec-activitiesAzure Hardening Best Practicehttps://newsletter.wehackpurple.com/azure-hardeningError Handling and Logginghttps://newsletter.wehackpurple.com/errors-and-loggingSecure Coding Guidelineshttps://newsletter.wehackpurple.com/secure-coding-guidelinesTips For Getting Into InfoSechttps://newsletter.wehackpurple.com/getting-into-infosecWeb App Security Requirementshttps://newsletter.wehackpurple.com/web-app-security-requirementsMore Links!Check out other episodes of Security in the Fast Lane: https://www.whitehatsec.com/security-in-the-fastlane/Check out our other podcast, AppSec Stats Flash: https://www.whitehatsec.com/appsec-stats-flash/To learn more about NTT Application Security, visit us at www.whitehatsec.com

Cloud Security Podcast by Google
EP34 Instrumenting Modern Application Stack for Detection and Response

Cloud Security Podcast by Google

Play Episode Listen Later Oct 4, 2021 25:01


Guest: Matt Svensson, Senior Security Engineer @ BetterCloud Topics: What are the approaches for monitoring serverless and other modern application architectures? What are the challenges with these new environments? What approaches don't work? What can go wrong with modern stack security monitoring? What should we watch for in a modern application stack? Most new architecture setups are predicated on identities so is identity the center of threat detection here or not?

The Hacker Factory
From Pawning To Pwning | A Conversation With Cory Billington | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Oct 1, 2021 30:48


Cory Billington a former member of the US Navy, worked with car racing, and in pawn shops before he found his passion.Cory found his passion in pentesting and red teaming and now works for a large national insurance company. He shares his story and recommendations on becoming an ethical hacker._______________________GuestCory BillingtonOn Linkedin | https://www.linkedin.com/in/mcorybillington/On Twitter | https://twitter.com/_th3y______________________HostPhillip WylieOn ITSPmagazine  

Paul's Security Weekly TV
AppSec Orchestration/Correlation & DevSecOps Efficiency - Anita D'Amico, Patrick Carey - ASW #167

Paul's Security Weekly TV

Play Episode Listen Later Sep 28, 2021 37:59


In its 2019 Hype Cycle for Application Security report, Gartner revealed a new, “high-priority” category called Application Security Orchestration and Correlation (ASOC). ASOC delivers three primary benefits to the AppSec process within organizations: efficiency, scalability, and accountability. We will take a closer look at these benefits and discuss it can help your DevSecOps team function better.   This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!   Visit https://www.securityweekly.com/asw for all the latest episodes!   Show Notes: https://securityweekly.com/asw167

The Hacker Factory
From US Air Force Network Engineer To Adversary Emulation | A Conversation With Cody Winkler | The Hacker Factory With Phillip Wylie

The Hacker Factory

Play Episode Listen Later Sep 24, 2021 34:43


Through selfstudy, hard work, and persistence Cody Winkler went from an Air Force network engineer into red teaming becoming an adversary emulation expert.Cody shares his story and advice on starting a career in red teaming. With his unique perspective and to the point style he gives helpful advice for aspiring offensive security professionals._______________________GuestCody WinklerOn Linkedin | https://www.linkedin.com/in/cody-winkler/On Twitter | https://twitter.com/cwinfosecOn YouTube | https://www.youtube.com/cwinfosec______________________HostPhillip WylieOn ITSPmagazine  

Paul's Security Weekly TV
Scaling Application Security - Joe Gillespie, Nuno Loureiro - ESW #243

Paul's Security Weekly TV

Play Episode Listen Later Sep 23, 2021 31:14


A common ratio between Appsec and development teams is 1:100 (1 Security Engineer for every 100 developers). Scaling Appsec teams, especially when it comes to security testing, becomes challenging. We would like to have a discussion around this topic, highlighting things that are definitely part of the solution.   Show Notes: https://securityweekly.com/esw243 This segment is sponsored by Probely. Visit https://securityweekly.com/probelyto learn more about them! Visit https://www.securityweekly.com/eswfor all the latest episodes! 

Relating to DevSecOps
Episode #033: Getting out of git by branching out with branching strategies

Relating to DevSecOps

Play Episode Listen Later Sep 21, 2021 32:32


Bad puns end this series with branching strategies and git. We start with Simon's preferred approach from a product engineering strategy for branching and why it works for him. Then we talk about some of the common issues that occur due to strategies that are not optimized for the organization running them. Some of these include over engineering, cultural frustrations, re-work, and security bugs! Join us for the capstone of the git series in 2021, hope you enjoy the listen

CISO-Security Vendor Relationship Podcast
Are You Asking "How Secure Are We?" or "How Insecure Am I?"

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Aug 31, 2021 33:53


All links and images for this episode can be found on CISO Series We've heard the question "How secure are we?" many times, and we know what it really means. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Kevin Morrison, CISO, Alaska Air. Thanks to our podcast sponsor, Enso Enso, an Application Security Posture Management platform, helps security teams scale and gain control over their AppSec programs. Enso discovers application inventory, ownership and risk to easily build and enforce security policies and transform AppSec into an automated, systematic discipline. In this episode: Red flag-level bad security: run away or offer to help? How necessary is it to know patterns of where and how criminals are going to attack? How to manage the risk of onboarding entry level cybersecurity personnel who lack prior job experience? How do you answer the question, "Are we secure?"