Podcasts about dast

Christian Espinosa, founder of Blue Goat Cyber and leading voice in medical device cybersecurity, joins Etienne Nichols to unpack the urgent and often misunderstood topic of cybersecurity in MedTech. From FDA's 2023 regulatory overhaul to real-world hacking scenarios that could harm patients, Christian provides practical advice for innovators, RA/QA professionals, and software teams. He also shares why waiting until the last minute on cybersecurity could cost startups millions—or even kill a project entirely.Whether you're a quality professional trying to build compliant systems or an innovator racing toward FDA submission, this episode lays out exactly what you need to know to stay ahead of cyber threats and within regulatory guardrails.Key Timestamps:00:01 – Intro to guest Christian Espinosa and Blue Goat Cyber06:28 – Why medical device cybersecurity is different from traditional IT security11:49 – Real-world hacking example: acne laser device turned skin-burner13:57 – FDA expectations post-September 2023: what changed17:12 – Secure boot: a microcontroller mistake that derailed a launch20:35 – Common cybersecurity vendor mistake MedTech companies make23:40 – SBOM: Software Bill of Materials and why it's legally critical27:58 – Cyberattacks in hospitals: assuming a hostile network35:44 – AI in medical devices: data bias and cybersecurity challenges41:10 – Developers ≠ cybersecurity experts: the training gap nobody talks about45:20 – What RA/QA professionals need to know now49:30 – Why cybersecurity must be iterative, not a final-phase add-on55:20 – Espinosa's final advice for MedTech professionals57:52 – The story behind “Blue Goat Cyber”Standout Quotes:“Cybersecurity for medical devices isn't about data breaches—it's about patient harm. You could paralyze someone or misdiagnose sepsis. This isn't theoretical.”— Christian Espinosa, on the real risks of insecure devices“Most developers don't understand cybersecurity. We assume they do—but that's like expecting an architect to be a locksmith.”— Christian Espinosa, on why so many devices fail security assessmentsTop Takeaways:Cybersecurity isn't just about data—it's about patient safety. From burning skin to missed sepsis diagnoses, vulnerabilities in devices have real-world harm potential.FDA now requires more than just a basic security plan. Post-September 2023 rules mandate testing (SAST, DAST, fuzzing), SBOMs, and risk assessments tied to patient harm.Start cybersecurity planning during the requirements phase. Hardware like microcontrollers must support secure boot and other protections—retrofits can cripple product plans.Iterate cybersecurity like any core development activity. One-time testing near submission is too late; build security into your pipeline just like QA or usability.Traditional cybersecurity vendors aren't enough. Many fail to meet FDA's nuanced expectations for medical devices, causing costly submission rejections.References & Resources:Christian Espinosa on LinkedInBlue Goat CyberEtienne Nichols on LinkedInMedTech 101 – Understanding SBOM (Software Bill of...

Guest: Diana Kelley, CSO at Protect AI  Topics: Can you explain the concept of "MLSecOps" as an analogy with DevSecOps, with 'Dev' replaced by 'ML'? This has nothing to do with SecOps, right? What are the most critical steps a CISO should prioritize when implementing MLSecOps within their organization? What gets better  when you do it? How do we adapt traditional security testing, like vulnerability scanning, SAST, and DAST, to effectively assess the security of machine learning models? Can we? In the context of AI supply chain security, what is the essential role of third-party assessments, particularly regarding data provenance? How can organizations balance the need for security logging in AI systems with the imperative to protect privacy and sensitive data? Do we need to decouple security from safety or privacy? What are the primary security risks associated with overprivileged AI agents, and how can organizations mitigate these risks?  Top differences between LLM/chatbot AI security vs AI agent security?  Resources: “Airline held liable for its chatbot giving passenger bad advice - what this means for travellers” “ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem' Forever” Secure by Design for AI by Protect AI “Securing AI Supply Chain: Like Software, Only Not” OWASP Top 10 for Large Language Model Applications OWASP Top 10 for AI Agents  (draft) MITRE ATLAS “Demystifying AI Security: New Paper on Real-World SAIF Applications” (and paper) LinkedIn Course: Security Risks in AI and ML: Categorizing Attacks and Failure Modes

Dive deep into the key takeaways from RSA Conference 2025 with our expert panel! Join Ashish Rajan, James Berthoty, Chris Hughes, Tanya Janca, and Francis Odum as they dissect the biggest trends, surprises, and "hot takes" from one of the world's largest cybersecurity events.In this episode, we cover:Initial reactions and the sheer scale of RSA Conference 2025.Major themes: AI's impact on cybersecurity, especially AppSec, vendor consolidation, the evolution of runtime security, and more.The rise of AI-native applications and how they're reshaping the landscape.Deep dives into Application Security (AppSec), secure coding with AI, and the future of vulnerability management.Understanding runtime security beyond DAST and its critical role.Unexpected insights and surprising takeaways from the conference floor.Guests include:⁠Chris Hughes ⁠– CEO at Aquia & host of ⁠Resilient Cyber⁠⁠James Berthoty⁠ – Cloud and AppSec engineer, known for sharp vendor analysis and engineering-first content and ⁠Latio Tech⁠⁠Tanya Janca ⁠– Founder of ⁠ She Hacks Purple⁠Francis Odum⁠ – Founder of S⁠oftware Analyst Cyber ResearchPodcast Twitter - ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠@CloudSecPod⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you want to watch videos of this LIVE STREAMED episode and past episodes - Check out our other Cloud Security Social Channels:-⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Podcast- Youtube⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security Newsletter ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠- ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Cloud Security BootCamp⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠If you are interested in AI Cybersecurity, you can check out our sister podcast -⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ AI Cybersecurity PodcastQuestions asked:(00:00) Introduction: Unpacking the RSA Conference 2025(02:20) Meet the Experts: Panelist Introductions(03:39) RSAC First Impressions: Scale, Excitement & Attendee Numbers(07:52) Top Themes from RSA Conference 2025(16:01) AI's Evolution: Native Applications & AppSec's Transformation(33:30) Demystifying Runtime Security (Beyond DAST)(40:23) RSA Surprises & Unexpected Takeaways

Neste episódio recebemos a convidada Dra Norma Allemann que realizou Residência Médica, mestrado e doutorado em Oftalmologia pela Universidade Federal de São Paulo (UNIFESP). Atualmente é Chefe do setor de Ultrassom Ocular da UNIFESP e também possui experiência como visiting professor e adjunct professor no Department of Ophthalmology & Visual Sciences na University of Illinois em Chicago (EUA).Neste episódio conversamos sobre exames de imagem oftalmológicos como ultrassom, biometria ultrassônica (UBM), OCT de câmara anterior, biometria óptica e como estes exames podem ser usados na propedêutica e diagnóstico de patologias de doenças oculares na infância.Anexos: Tabela de comprimento axialMateriais complementares:Artigo: Agarwal K, Vinekar A, Chandra P, Padhi TR, Nayak S, Jayanna S, Panchal B, Jalali S, Das T. Imaging the pediatric retina: An overview. Indian J Ophthalmol. 2021 Apr;69(4):812-823. doi: 10.4103/ijo.IJO_1917_20. PMID: 33727440; PMCID: PMC8012979.Gostou deste episódio? Talvez você também goste dos seguintes episódios:Ep 21 Desmistificando a Eletrofisiologia Pediátrica Ep 45 Inteligência Artificial e Oftalmologia: Como se preparar para o futuro? 

Das Tübinger Boxenstop-Museum will hoch hinaus. Mithilfe einer Brücke über die Brunnenstraße will das Museum in erster Linie mehr Platz für die eigenen Ausstellungsstücke schaffen. Aus eigener Tasche soll das Projekt finanziert werden. Wie die Pläne genau aussehen? Das haben wir Museumsbetreiber Rainer Klink am Mittwoch persönlich gefragt. | Videos in der RTF1 Mediathek: www.rtf1.tv | RTF1 - Wissen was hier los ist! |

No episódio 163 do Kubicast, conversamos com o especialista em segurança Robson, que compartilha experiência prática sobre como integrar segurança desde o início do ciclo de desenvolvimento. Abordamos temas essenciais como DevOps, DevSecOps, desenvolvimento seguro, segurança na nuvem, e as melhores práticas para ambientes  Kubernetes e Cloud Native.Confira os principais temas abordados neste episódio:  Desafios e Certificações em SegurançaIntegração entre Desenvolvimento, Operações e SegurançaSAST, DAST e Ferramentas Open SourceModelagem de Ameaças e Estratégias de MitigaçãoSegmentação de Rede e Políticas de Segurança no KubernetesRecomendações Práticas e Cultura de ResiliênciaEncerramento e Convite para a ComunidadeComente abaixo suas dúvidas e experiências, curta e compartilhe este vídeo para ajudar nossa comunidade a crescer. Para saber mais, confira os links dos recursos e certificações mencionados no vídeo.**Links Úteis:**  https://linkedin.com/company/getupcloudhttps://www.linkedin.com/in/juniorjbn/https://www.linkedin.com/in/medrobson80/Inscreva-se para mais conteúdos sobre #DevOps, #DevSecOps, #Kubernetes, #CloudNative, #Containers e #Segurança!O Kubicast é uma produção da Getup, empresa especialista em Kubernetes e projetos open source para Kubernetes. Os episódios do podcast estão nas principais plataformas de áudio digital e no YouTube.com/@getupcloud.

Am Mittwochabend wurden im Länggassquartier in Bern mehrere Schüsse auf ein Auto abgegeben. Der Fahrer wurde schwer verletzt und ins Krankenhaus gebracht. Das Täterfahrzeug flüchtete in unbekannte Richtung. Die Polizei sucht Zeugen. Weiter in der Sendung: · Weiterer Grosseinsatz der Kantonspolizei Bern: Mehrere Reisecarinsassen hatten Vergiftungserscheinungen. · Das Internationale Filmfestival in Freiburg FIFF kämpft mit Mangel an Hotelbetten. · SCL Tigers fühlen dem Qualifikationssieger Lausanne auf den Zahn – und gleichen die Viertelfinalserie wieder aus.

Tanya Janca, author of Alice and Bob Learn Secure Coding, discusses secure coding and secure software development life cycle with SE Radio host Brijesh Ammanath. This session explores how integrating security into every phase of the SDLC helps prevent vulnerabilities from slipping into production. Tanya strongly recommends defining security requirements early, and discusses the importance of threat modeling during design, secure coding practices, testing strategies such as static, dynamic, and interactive application security testing (SAST, DAST and IAST), and the need for continuous monitoring and improvement after deployment. This episode is sponsored by Codegate.ai

Wusstest du, dass Vorhofflimmern die häufigste Herzrhythmusstörung ist und Millionen von Menschen betrifft – viele davon, ohne es zu wissen? Das Tückische daran: Die Symptome können kaum spürbar sein, aber das Risiko für einen Schlaganfall steigt drastisch an. Häufig beginnt Vorhofflimmern anfallsartig, das Herz schlägt unregelmäßig und oft schneller als gewohnt. Doch genau dann, wenn man beim Arzt ist, scheint alles wieder normal – ein klassischer Vorführeffekt. Zum Glück können moderne Smartwatches helfen, das Problem frühzeitig zu erkennen. Aber was passiert eigentlich im Herzen während eines Vorhofflimmerns? Welche Faktoren begünstigen es, und wie kann man das eigene Risiko minimieren? Dr. Anand Roy, Kardiologe und Experte für Herzgesundheit, erklärt in dieser Folge von Eat Science Health, warum Vorhofflimmern kein harmloses Stolpern des Herzens ist, welche modernen Therapiemöglichkeiten es gibt und wie du durch Lebensstiländerungen selbst aktiv werden kannst. Denn: Das beste Antiarrhythmikum ist ein gesunder Lebensstil! Lass uns gemeinsam herausfinden, wie du dein Herz bestmöglich schützen kannst! ▶️

Das Täuferreich von Münster strebte 1534 in Erwartung der Apokalypse nach einer radikal neuen Ordnung. Doch was als heilige Stadt Gottes begann, verwandelte sich in ein diktatorisches Regime. 1535 fand der Spuk ein Ende. Doch was führte zum Chaos? Wember, Heiner www.deutschlandfunk.de, Aus Religion und Gesellschaft

Vom Einzelhändler bis zum Großkonzern - alle suchen händeringend gut ausgebildeten Nachwuchs. Das gilt auch für den Maschinen- und Anlagenbau, dem größten industriellen Arbeitgeber in Deutschland. Die Unternehmen tun sich immer schwerer damit, ausreichend junge Menschen für eine Berufsausbildung zu gewinnen. Ihnen steht eine wachsende Zahl von Jungen und Mädchen gegenüber, die nach ihrer Schulzeit im sogenannten Übergangsbereich einen Weg in den Arbeitsmarkt finden sollen. Das Tübinger Institut für Angewandte Wirtschaftsforschung, IAW, hat sich im Auftrag der IMPULS-Stiftung des VDMA in einer aktuellen Studie mit diesem Bildungssektor befasst. Professor Dr. Bernhard Boockmann, Wissenschaftlicher Direktor des IAW und Dr. Jörg Friedrich, Leiter der VDMA-Abteilung Bildung diskutieren die Erfolgsbilanz des Übergangsbereichs und welche Konzepte sich bewährt haben. Da Berufsbilder immer komplexer werden, wird es auch schwieriger, dass Unternehmen und junge Menschen passend zueinander finden. Dennoch darf der Übergangsbereich nicht zum Wartesaal mit langer Verweildauer werden, mahnen die Experten. Produktion: New Media Art Pictures

In this episode of The BlueHat Podcast, hosts Nic Fillingham and Wendy Zenone are joined by Jason Geffner, Principal Security Architect at Microsoft, to discuss his groundbreaking work on scaling and automating Dynamic Application Security Testing (DAST). Following on from his BlueHat 2024 session, and outlined in this MSRC blog post, Jason explains the key differences between DAST, SAST, and IAST, and dives into the challenges of scaling DAST at Microsoft's enterprise level, detailing how automation eliminates manual configuration and improves efficiency for web service testing.     In This Episode You Will Learn:     Overcoming the challenges of authenticated requests for DAST tools  The importance of API specs for DAST and how automation streamlines the process  Insights into how Microsoft uses DAST to protect its vast array of web services    Some Questions We Ask:    What's a lesson from this work that you can share with those without Microsoft's resources?  Can you explain what the transparent auth protocol is that you mentioned in the blog post?  How is your work reducing the manual effort needed to configure DAST system services?     Resources:       View Jason Geffner on LinkedIn    View Wendy Zenone on LinkedIn    View Nic Fillingham on LinkedIn     Related Blog Post: Scaling Dynamic Application Security Testing (DAST) | MSRC Blog  Related BlueHat Session Recording: BlueHat 2024: S10: How Microsoft is Scaling DAST     Related Microsoft Podcasts:       Microsoft Threat Intelligence Podcast    Afternoon Cyber Tea with Ann Johnson    Uncovering Hidden Risks          Discover and follow other Microsoft podcasts at microsoft.com/podcasts   

In this episode, we interview Dylan Thomas, senior director of product engineering at OpenText Cybersecurity, about the evolution from shift left to shift everywhere.At the end of 2024, he predicted: "In 2025, DevSecOps will continue evolving beyond the ‘shift-left' paradigm, embracing a more mature ‘shift everywhere' approach. This shift calls on organizations to apply the right tools at the right stages of the DevSecOps cycle, improving efficiency and effectiveness in security practices. Lightweight analysis in IDEs will help developers catch issues early, while automation integrated into pull requests and CI/CD pipelines will ensure a cohesive ‘integrate once' approach for core functions such as SAST, SCA, and increasingly DAST, particularly for API security testing."We interviewed him about his predictions, and talked about: What shift everywhere isWhy people are wanting to transition to this new approachHow to get started with shift everywhere

Joni Klippert has spent many years in startups. Post getting her MBA, she built her early career in Boulder, CO, and became very technical learning new technologies throughout the businesses she worked for, liked VictorOps and Splunk. Outside of tech, she is married with 2 dogs. Her favorite thing to do is travel with her husband to visit Michelin star restaurants. One of her favorites was called Azuermendi in Spain, as it was not only delicious, but an immersive experience.Joni had been building software for engineers for a long time, as a product person. At one point, she started researching the last mile of DevOps, and was surprised how far this particular group was behind, in regard to tooling. She dreamt of automating the pen-testing remediation process, and stumbled upon an opportunity as it relates to DAST - dynamic application security testing.This is the creation story of Stackhawk.SponsorsSpeakeasyQA WolfSnapTradeLinkshttps://www.stackhawk.com/https://www.linkedin.com/in/joniklippert/Our Sponsors:* Check out Kinsta: https://kinsta.com* Check out Vanta: https://vanta.com/CODESTORYSupport this podcast at — https://redcircle.com/code-story/donationsAdvertising Inquiries: https://redcircle.com/brandsPrivacy & Opt-Out: https://redcircle.com/privacy

Digitale Jobs befinden sich in einem tiefgreifenden Wandel, und Google Ads zeigt, wie komplex und vielfältig die Anforderungen geworden sind. Gemeinsam mit Oliver Zenglein diskutieren Alexander und Patrick in Episode 140 des 121WATT Podcasts, welche neuen Skills gefragt sind, wie sich die Rolle klassischer SEA-Manager:innen verändert hat und warum Automatisierung und KI nicht die ganze Lösung sind, sondern neue Herausforderungen mit sich bringen.

Forud for FCKs møde med Rapid Wien d. 19. december 2024 mødtes vi med FCKs topledelse på spillerhotellet i Wien. Her mødtes vi med de tre nøglepersoner, der tegner FCK, nemlig bestyrelsesformand Henrik Møgelmose, direktør Jacob Lauesen og sportschef Sune Smith-Nielsen.Her fik vi blandt andet mulighed for at høre dem om mange aspekter i FC København:- Bliver klubben solgt og til hvem?- Mangler der fodboldfaglighed i bestyrelsen?- Er FCK truet af andre klubber?- Investerer ejerkredsen nok i fodbold?-Hvordan opgraderer man træningsanlægget?Det og meget mere kan du høre i lidt over en times helt unik podcast.Værter: Kasper Haugaard og Kasper LarsenPartner: Pluto TV - 100% gratis streaming af film og serier.Du kan se Kvart i bolds 24 timers kanal på Pluto TV her: https://pluto.tv/da/on-demand/series/kvart-i-bold-indersiden-daStøt os og meld dig ind i Kvart i bold her: https://kvartibold.memberful.com/join Hosted on Acast. See acast.com/privacy for more information.

Forud for FCKs møde med Rapid Wien d. 19. december 2024 mødtes vi med FCKs topledelse på spillerhotellet i Wien. Her mødtes vi med de tre nøglepersoner, der tegner FCK, nemlig bestyrelsesformand Henrik Møgelmose, direktør Jacob Lauesen og sportschef Sune Smith-Nielsen.Her fik vi blandt andet mulighed for at høre dem om mange aspekter i FC København:- Bliver klubben solgt og til hvem?- Mangler der fodboldfaglighed i bestyrelsen?- Er FCK truet af andre klubber?- Investerer ejerkredsen nok i fodbold?-Hvordan opgraderer man træningsanlægget?Det og meget mere kan du høre i lidt over en times helt unik podcast.Værter: Kasper Haugaard og Kasper LarsenPartner: Pluto TV - 100% gratis streaming af film og serier.Du kan se Kvart i bolds 24 timers kanal på Pluto TV her: https://pluto.tv/da/on-demand/series/kvart-i-bold-indersiden-daStøt os og meld dig ind i Kvart i bold her: https://kvartibold.memberful.com/join Hosted on Acast. See acast.com/privacy for more information.

Im Winter können wintergrüne Mittelmeerkräuter, wie Thymian, Rosmarin, Lorbeer, Berg-Bohnenkraut und Salbei weiterhin geerntet werden. Verschiedene Kräuter werden zu einem Kräutersträusschen zusammengebunden und verleihen Schmorgerichten eine würzige Note. Für die winterliche Kräuterernte, nur die oberen, jungen Triebe abschneiden. Sie enthalten am meisten Geschmack. Es gilt: Mediterrane Kräuter erst im April / Mai setzen. Das Tüpfelchen auf dem i: Die Kombination der Kräuter Rindfleisch: Thymian, Bohnenkraut, Majoran, wenig Ysop Poulet: Majoran, Rosmarin und Bohnenkraut Fisch: Zitronenthymian, Lorbeer Gemüse: Lorbeer, Rosmarin und Majoran Besondere Thymiansorten Feldthymian: einheimisch, herber Geschmack Garten-Thymian: aufrecht wachsend, aromatisch Kaskaden-Thymian: mit langen Trieben, sehr aromatisch Orangen-Thymian: zarter Orangenduft, graues Laub Kümmel-Thymian: niedrig wachsend, nach Kümmel schmeckend Besondere Rosmarinsorten Rosmarin `Arp`: besonders winterhart, sehr gutes Aroma Kriechender Rosmarin: über Mauern hinab wachsend, leichtes Aroma Besondere Bohnenkrautsorten Zitronen-Bergbohnenkraut: fruchtiger Zitronengeschmack Zwerg-Bohnenkraut: niedrig wachsend, Bodendeckend, feiner Geschmack

▬ Die Themen im Überblick▬▬▬▬▬▬▬▬▬▬▬▬ 00:00 Einleitung 04:54 Wurde die Familie Salomon Opfer eines Serienkillers? 11:14 Würdest du freiwillig in einer Simulation weiterleben wollen? 16:52 Befindet sich Walt Disney im Kryoschlaf? 19:40 Der heftigste Glückspilz der Menschheitsgeschichte: Frane Selak 23:59 Das Türklopfen, das ihm das Leben kostete: Der tragische Mord von Yoshihiro Hattori 32:09 Eine Geschichte, die nicht besser unseren Alltag beschreiben könnte! In dieser Episode nehmen wir euch mit auf eine Reise durch rätselhafte Mordfälle, tiefgründige philosophische Fragen und faszinierende Geschichten, die den Alltag und das Außergewöhnliche aufeinandertreffen lassen. Wir starten mit der tragischen Frage: Wurde die Familie Salomon Opfer eines Serienkillers? Ein rätselhafter Fall, der bis heute ungelöst bleibt. Die Spuren sind verstörend und werfen die Frage auf, ob ein skrupelloser Täter im Verborgenen agierte. Anschließend diskutieren wir eine provokante Idee: Würdest du freiwillig in einer Simulation weiterleben wollen? Was, wenn unser Leben nur eine Illusion ist, und wir die Möglichkeit hätten, darin bewusst weiterzuexistieren? Eine Reise in die Tiefen der Philosophie und Ethik. Danach tauchen wir in eine der bekanntesten urbanen Legenden ein: Befindet sich Walt Disney im Kryoschlaf? Diese Theorie hält sich hartnäckig – aber was ist dran an der Idee, dass der visionäre Filmemacher auf seine Wiederauferstehung wartet? Weiter geht es mit einer unglaublichen Lebensgeschichte: Frane Selak, der als „der heftigste Glückspilz der Menschheitsgeschichte“ gilt. Von Flugzeugabstürzen bis zu Zugunfällen überlebte er jede Katastrophe und gewann am Ende sogar im Lotto. Ist das Glück oder Schicksal? Daraufhin beleuchten wir einen tragischen Vorfall: Das Türklopfen, das ihm das Leben kostete – der Mord an Yoshihiro Hattori. Wie eine harmlose Situation zu einem schrecklichen Ende führte und warum dieser Fall weltweit für Entsetzen sorgte. Zum Abschluss gibt es eine Geschichte, die nicht besser unseren Alltag beschreiben könnte. Was macht unser Leben wirklich aus, und wie prägen kleine Momente die großen Bilder unseres Alltags? Eine Erzählung, die zum Nachdenken anregt. Diese Episode steckt voller Rätsel, Fragen und bewegender Geschichten – lasst euch inspirieren! ▬ Social Media ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬ ►TikTok: https://www.tiktok.com/@cankerltv ►Instagram: https://instagram.com/cankerltv ►Patreon: https://patreon.com/CankerlTV ►Homepage: https://cankerltv.com ▬ Unser Equipment ▬▬▬▬▬▬▬▬▬▬▬▬▬ ►Kamera: Iphone 15 Pro Max https://amzn.to/3NNLgTI ►*Mikrofon: https://amzn.to/3NO8066 ►*Audio-Interface: https://amzn.to/3RIB67X ►*Kamerastativ: https://amzn.to/3tAPA1B ►*Mikrofonständer: https://amzn.to/47i6hNd ►Behringer Kopfhörer Amplifier https://amzn.to/3RFNTIm ►*Shock Mount: https://amzn.to/3tAqlfU ►*Popschutzfilter: https://amzn.to/3H1pKXH ►*Laptop: https://amzn.to/4aIrxhV ►*Hintergrundsystem: https://amzn.to/47d2Nvm ►*Externe SSD Festplatte: https://amzn.to/3vfoEVH ►*Heizlüfter (eines unserer wichtigsten Geräte): https://amzn.to/48j6JMs Bei den mit “*” gekennzeichneten Links handelt es sich um Werbe- oder Affiliate-Links. Wenn du diesen Link nutzt indem du auf ihn klickst, etwas kaufst oder abschließt, erhalten wir ggf. eine Provision. Dir entstehen dadurch selbstverständlich keine Zusatz- oder Mehrkosten - damit unterstützt du lediglich unseren Kanal. ▬ Website, Datenschutz, Impressum ▬▬▬▬▬▬ Website: https://cankerltv.com/ Impressum: https://cankerltv.com/impressum/ Datenschutz: https://cankerltv.com/datenschutz/ ✉️Kontakt: kontakt@cankerltv.com

▬ Die Themen im Überblick▬▬▬▬▬▬▬▬▬▬▬▬00:00 Einleitung04:54 Wurde die Familie Salomon Opfer eines Serienkillers?11:14 Würdest du freiwillig in einer Simulation weiterleben wollen?16:52 Befindet sich Walt Disney im Kryoschlaf?19:40 Der heftigste Glückspilz der Menschheitsgeschichte: Frane Selak23:59 Das Türklopfen, das ihm das Leben kostete: Der tragische Mord von Yoshihiro Hattori 32:09 Eine Geschichte, die nicht besser unseren Alltag beschreiben könnte!In dieser Episode nehmen wir euch mit auf eine Reise durch rätselhafte Mordfälle, tiefgründige philosophische Fragen und faszinierende Geschichten, die den Alltag und das Außergewöhnliche aufeinandertreffen lassen.Wir starten mit der tragischen Frage: Wurde die Familie Salomon Opfer eines Serienkillers? Ein rätselhafter Fall, der bis heute ungelöst bleibt. Die Spuren sind verstörend und werfen die Frage auf, ob ein skrupelloser Täter im Verborgenen agierte.Anschließend diskutieren wir eine provokante Idee: Würdest du freiwillig in einer Simulation weiterleben wollen? Was, wenn unser Leben nur eine Illusion ist, und wir die Möglichkeit hätten, darin bewusst weiterzuexistieren? Eine Reise in die Tiefen der Philosophie und Ethik.Danach tauchen wir in eine der bekanntesten urbanen Legenden ein: Befindet sich Walt Disney im Kryoschlaf? Diese Theorie hält sich hartnäckig – aber was ist dran an der Idee, dass der visionäre Filmemacher auf seine Wiederauferstehung wartet?Weiter geht es mit einer unglaublichen Lebensgeschichte: Frane Selak, der als „der heftigste Glückspilz der Menschheitsgeschichte“ gilt. Von Flugzeugabstürzen bis zu Zugunfällen überlebte er jede Katastrophe und gewann am Ende sogar im Lotto. Ist das Glück oder Schicksal?Daraufhin beleuchten wir einen tragischen Vorfall: Das Türklopfen, das ihm das Leben kostete – der Mord an Yoshihiro Hattori. Wie eine harmlose Situation zu einem schrecklichen Ende führte und warum dieser Fall weltweit für Entsetzen sorgte.Zum Abschluss gibt es eine Geschichte, die nicht besser unseren Alltag beschreiben könnte. Was macht unser Leben wirklich aus, und wie prägen kleine Momente die großen Bilder unseres Alltags? Eine Erzählung, die zum Nachdenken anregt.Diese Episode steckt voller Rätsel, Fragen und bewegender Geschichten – lasst euch inspirieren!▬ Social Media ▬▬▬▬▬▬▬▬▬▬▬▬▬▬▬►TikTok: https://www.tiktok.com/@cankerltv►Instagram: https://instagram.com/cankerltv►Patreon: https://patreon.com/CankerlTV►Homepage: https://cankerltv.com ▬ Unser Equipment ▬▬▬▬▬▬▬▬▬▬▬▬▬►Kamera: Iphone 15 Pro Maxhttps://amzn.to/3NNLgTI►*Mikrofon:https://amzn.to/3NO8066►*Audio-Interface:https://amzn.to/3RIB67X►*Kamerastativ:https://amzn.to/3tAPA1B►*Mikrofonständer:https://amzn.to/47i6hNd►Behringer Kopfhörer Amplifierhttps://amzn.to/3RFNTIm►*Shock Mount:https://amzn.to/3tAqlfU►*Popschutzfilter:https://amzn.to/3H1pKXH►*Laptop:https://amzn.to/4aIrxhV►*Hintergrundsystem:https://amzn.to/47d2Nvm►*Externe SSD Festplatte:https://amzn.to/3vfoEVH►*Heizlüfter (eines unserer wichtigsten Geräte):https://amzn.to/48j6JMsBei den mit “*” gekennzeichneten Links handelt es sich um Werbe- oder Affiliate-Links. Wenn du diesen Link nutzt indem du auf ihn klickst, etwas kaufst oder abschließt, erhalten wir ggf. eine Provision. Dir entstehen dadurch selbstverständlich keine Zusatz- oder Mehrkosten - damit unterstützt du lediglich unseren Kanal. ▬ Website, Datenschutz, Impressum ▬▬▬▬▬▬Website: https://cankerltv.com/ Impressum: https://cankerltv.com/impressum/ Datenschutz: https://cankerltv.com/datenschutz/ ✉️Kontakt: kontakt@cankerltv.com

Join us for an episode of Absolute AppSec with Kinnaird McQuade, founder and CTO of NightVision. Kinnaird developed NightVision as a security testing tool that combines codebase analysis with DAST features. Before NightVision, Kinnaird worked as lead security engineer at both Square and Salesforce. Additionally he worked at Synopsys as Cloud Security Consulting Practice Lead. Be sure to tune into the episode as Ken Johnson and Seth Law interview Kinnaird McQuade to gain insights from his experiences and thoughts on improving security for applications and developers.

This is Draw The Line Radio Show with Jacki-E, presenting the best music from female producers and DJs. Helping me Draw The Line this week it's Kate Hex from Budapest, Hungary. She's a relative newcomer to the scene but in a very short space of time she's made quite an impact, signing her tracks to Mainground Music, Set About, Nova Collective, Pure Black and many more. Her entry in the recent Drumcode Mha Iri remix contest was runner up and her tracks have been played by artists like Kevin de Vries, Juliet Fox, Teenage Mutants and many others. Her DJ sets are a combination of old school sounds and modern elements creating dynamic driving techno sets. The mix you're about to hear includes five of her own tracks, two of which are unreleased. Links for Kate Hex:- Soundcloud:- https://soundcloud.com/kate-hex-official Instagram:- https://www.instagram.com/katehexofficial/ Beatport:- https://www.beatport.com/artist/kate-hex/1101839 Spotify:- https://open.spotify.com/artist/5jeRWqe3aZfPrtbEQbo0KU In my all female mix in the first hour I'm playing tracks by Mha Iri, Kasia, Alys LF, Shio Tian, Hannah Laing and lots more. If you like the tracks we play, please support the artists by buying their music. It's time to say NO to gender imbalance in dance music. It's time to Draw The Line!! Draw The Line Radio Show is produced for radio by Sergio Erridge and is A Darker Wave production. Track list 1st hour mixed by Jacki-E 1. Sylvie Miles – Wanna Dance (original mix) Neophilia. 2. Shio Tian – Out of my Mind (Tony Romanello remix) Red Channel Records. 3. Caitlin, Thomas Schumacher – You Belong Here (original mix) Electric Ballroom. 4. Mari Ferrari – Code (original mix) Set About. 5. Hannah Laing – I Need It More (original mix) WUGD. 6. Serge Trad, Khatune – Mixed Feelings (Shio Tian remix) Infekted Records. 7. Marie Vaunt, Tao Andra – Out of Your Mind (original mix) Kural Records. 8. Mha Iri - 3am (original mix) Filth on Acid. 9. Shay de Castro – Saints of Sunset Blvd (original mix) mau5trap. 10. Zinna DJ – Pure Evil (original mix) Absinthe. 11. Nuria (DE) – Loss (original mix) Architech Records. 12. Anna Grey – Belka (Gerrit X Bootleg) Free Download https://soundcloud.com/gerrit_x/noon-x-anna-grey-belka-gerrit-x-bootleg 13. Alice DiMar – Can't Sleep (Heerhorst remix) Moonbootique Records. 14. Kasia – Black Sun (original mix) Truesoul. 15. Miss Dre – Nasty (original mix) Free Download https://soundcloud.com/miss_dre/nasty 16. Alys LF – Solar Tree (original mix) Skryptom Records promo to be released 18th October 2024. 17. Anna Reusch – Raya (original mix) Electric Ballroom. 18. Sylvie Miles, Luna Lucci – Girls Can't Produce (original mix) Neophilia. 19. Anika Kunst – Detox (original mix) Symbolism.ß 20 Alys LF – Tiger Eye (original mix) Skryptom Records promo to be released 18th October 2024. 2nd hour Kate Hex - An exclusive guest mix for Draw The Line Radio Show. 1. Luis M - Pressure (Kate Hex remix) Extima. 2. Liquid Soul - Crazy People (Victor Ruiz remix) Volta. 3. Kate Hex - Astral Body (original mix) Extima 4. Hanubis - I see you (Dast remix) Etruria Beat 5. Julian Jeweil – Hyoid (original mix) Drumcode. 6. Rangel Coelho - Dish Raw Now (original mix) Mazzinga Records 7. Monika Kruse - Latin Lovers (Joyhauser remix) Terminal M. 8. Kate Hex – Concentrate (original mix) Pure Black. 9. Kate Hex - Pluto Transit (original mix) Poetic Pulses. 10. Timmo – Fantasy (original mix) Hypnostate. 11. Daniel Weirdo, Kate Hex - ID 12. Kate Hex - ID 13. Kate Hex - About People (original mix) Extima. 14. The Doors - Riders on the Storm (original mix) Elektra Records. 15. Volgin – Lullaby (original mix) Replicate Black.

Støt Kvart I bold og bliv medlem:https://kvartibold.memberful.com/joinPluto TV:https://pluto.tv/da/on-demand/series/kvart-i-bold-indersiden-daStøt Kvart i bold: Køb merchandise:https://www.kvartibold.dk/Din mening betyder noget:Hvad synes du om Kvart i bold? Vi har brug for din mening for at kunne lave bedre indhold. Den kan du fortælle os i dette spørgeskema:https://surveys.hotjar.com/3b5e5cb4-e98b-43e5-809f-e0fab49e9e9aFølg Kvart i bold på:Facebook: https://www.facebook.com/Kvart-i-bold-116131853845876Facebook-gruppen: https://www.facebook.com/groups/462533425118037Twitter: https://twitter.com/kasperlarsen11Instagram: https://www.instagram.com/kvartibold/?hl=da Hosted on Acast. See acast.com/privacy for more information.

Back to work! Die Sommerpause ist vorbei und frischer denn je ist der Dauergast der Herzen wieder da: Karo Kauer. Wie geht´s Karo? Eigentlich weiß Paul es schon – zumindest was das Sportliche angeht. Denn er sieht ihre whoop Daten. Irgendwie ein bisschen komisch? Apropos komisch – Paul hat eine neue Leidenschaft für sich entdeckt: Das Töpfern. Und auch wenn er in der Entwicklung vom Aschenbecher bis hin zur edlen großen Vase eher bei ersterem ist, macht es ihm große Freude. Und eine Banane war er auch! Aber jetzt überschlagen sich mal wieder die Themen. Eine Rolle Rückwärts… Karo war mit dem Karo Kauer Label auf Tour. Und das war ein großer Erfolg! Drei Wochen und bei jedem Stopp gab es eine Schlange an Leuten, die Lust hatten vorbeizukommen. Karo konnte die Zeit sehr genießen. Und auch Paul war beim ein oder anderen Stopp dabei und hat ein bisschen Marktforschung betrieben: Warum kommen die Leute? Weil sie Karo meist schon lange folgen, mit ihr eine gemeinsame Reise und up´s and down´s hinter sich haben und eine tiefe Beziehung zu Karo haben – ohne sie jemals in echt getroffen zu haben. Und das ändert sich bei einem solchen Tour-Stopp. Ist sie so wie im Internet? Paul hat jedoch auch eine Sache beobachtet, die ihn ein bisschen nachdenklich macht: Viele Menschen kommen, um mal Karo´s Kinder zu sehen. Und das kann für diese ja ggfls. auch ein bisschen komisch sein. Wie ist das für Karo´s Kinder, dass ihre Mutter keine typische Eislinger Mutter ist, sondern eine hocherfolgreiche, bekannte Frau? Karo findet eine gesunde Mitte: Zwischen dasein für die Follower:innen und dasein für die Kids. Und die Tour war nicht nur für die Community erfolgreich, sondern auch unternehmerisch. Der Influencer der Herzen war dabei und hat das meistverkaufteste Shirt beigesteuert. Kudos an Marco - der Mutmacher. Paul ist inspiriert und vielleicht auch ein bisschen eifersüchtig und will nächstes Jahr unbedingt auch dabei sein. Eine Sache hat er in den paar Tagen Tour-Praktikum aber schon über sich gelernt: Fremde Produkte kann er super gut verkaufen. Bei seinen eigenen Sachen bekommt er es nicht hin - er muss sich dazu zwingen, überhaupt etwas zu berechnen. Eigentlich will er immer alles verschenken und schafft es nicht, auch mal stolzer Brust etwas zum Vollpreis zu verkaufen. Er ist halt eher der Verkäufer der Herzen. Die Tour hat ihn aber auch euphorisch gemacht für alles, was bei PARI kommt. Und zwar kommt da was ganz bald. Stay tuned! Karo berichtet von Ibiza – und zwar in der Granny-Version. Mit einem leichten Kater sind die House-Beats am Hotel-Pool viel zu laut, die Partys viel zu voll und sowieso viel zu spät ;) Aber Spaß beiseite, den Ibiza-Vibe hat Karo sehr gefühlt und hatte eine tolle Zeit. Paul war wiederum in Karo´s Hood: Südwestdeutschland. Und die Geschichte, die er dabei hat, ist leider ein bisschen eklig. In Schweinfurt hat Paul sich leider ein bisschen sehr spät um ein Hotel gekümmert. Was dazu geführt hat, dass Paul sich das allerletzte Zimmer von Schweinfurt buchen musste – leider mit dramatischen Folgen: Denn auch dieses Zimmer war eigentlich schon bewohnt, und zwar von Bettwanzen. Von kleinen Stichen überzogen ging es für Paul aber dennoch durch eine tolle Woche der Deutschlandtour und er durfte sogar im Bananenkostüm bei Start und Zieleinfahrt eine Fahne schwingen: Lifegoals! Was bringen die kommenden Tage? Karo will wieder in ihre Sport-Routine kommen und Paul will kochen. Denn auch da gibts bald was Neues - stay tuned! Außerdem ist der September die schönste Zeit in Kalifornien, denn die Touristen verlassen so langsam Newport Beach und die Locals bekommen ihre Stadt zurück. Wer also spontan noch einen (recht Du möchtest mehr über unsere Werbepartner erfahren? Hier findest du alle Infos & Rabatte: https://linktr.ee/AWFNR Du möchtest Werbung in diesem Podcast schalten? Dann erfahre hier mehr über die Werbemöglichkeiten bei Seven.One Audio: https://www.seven.one/portfolio/sevenone-audio

In this conversation, Liz Rohr and Shelby Pope discuss the importance of taking a comprehensive history of substance use, and how to assess and treat stimulant use disorder. They cover the challenges healthcare providers face in asking the right questions, and emphasize the need for open conversations and non-judgmental approaches.They cover screening for addiction, how to elicit a substance use history, including types and routes of substance use. Shelby covers the mechanism of action of cocaine and methamphetamine in the brain, the withdrawal symptoms associated with stimulant use disorder, and the next steps for primary care providers in managing patients with stimulant use disorder. They also explore the use of psychosocial interventions and off-label pharmacologic treatments for stimulant use disorder.TakeawaysOpen and non-judgmental conversations are essential when discussing substance use with patients.Screening practices, such as using screeners like PHQ-2, SBIRT, and DAST, can help identify substance misuse or struggles.Taking a comprehensive history of substance use, including the type, amount, frequency, and motivation, is crucial for providing appropriate care.Healthcare providers should be aware of the different routes of administration and the potential risks associated with each.Stimulant use disorder, particularly cocaine and methamphetamine use, can have significant adverse effects and poor outcomes. Cocaine and methamphetamine are both monoamine neurotransmitter reuptake inhibitors, increasing serotonin, norepinephrine, and dopamine levels in the brain.There is a withdrawal syndrome associated with stimulant use disorder, characterized by depression, fatigue, and sleep disturbances.In managing patients with stimulant use disorder, primary care providers should consider triage based on severity and acuity, and refer patients to appropriate resources such as rehab or the ER.Psychosocial interventions, such as cognitive behavioral therapy and contingency management, are the mainstay of treatment for stimulant use disorder.Off-label pharmacologic treatments for stimulant use disorder include mirtazapine, bupropion, injectable naltrexone, topiramate, and psychostimulants.It is important for healthcare providers to be aware of state regulations and their own comfort level in prescribing off-label medications for stimulant use disorder.For a full transcript and conversation chapters, visit the blog: https://www.realworldnp.com/blog/treating-substance-use-disorder ______________________________© 2024 Real World NP. For educational and informational purposes only, see realworldnp.com/disclaimer for full details. Hosted on Acast. See acast.com/privacy for more information.

Kolumbiens Präsident Petro hat das Gesetz “No más olé” zum Verbot von Stierkämpfen unterzeichnet. Das Töten von Lebewesen zur Unterhaltung sei keine Kultur. Die Stierkampfarenen in Kolumbien sollen in den kommenden drei Jahren in Kunst- und Kulturzentren umgewandelt werden.

"Es sind 350 Millionen Waffen in den USA im privaten Besitz. Das Tötungspotenzial ist riesig." Der führende Extremismusforscher Peter Neumann warnt in diesem "Tagesanbruch Amerika-Update", vor einem gestiegenen Gewaltpotenzial in den USA nach dem Attentat auf Trump. Im Gespräch mit t-online-Chefredakteur Florian Harms erklärt er, warum und zu welchem Zeitpunkt die Gefahr für eine Eskalation am höchsten ist. Im Anschluss berichtet der US-Korrespondent von t-online, Bastian Brauns, über den Parteitag der Republikaner in Milwaukee und was ein Rückzug der Kandidatur durch Biden für den weiteren Wahlkampf bedeuten würde. Könnte es ein “fresh start” für die Demokraten sein oder ihnen weiter schaden? Transkript: https://tagesanbruch.podigee.io/1969-us-wahl-8/transcript Anmerkungen, Lob und Kritik gern an podcasts@t-online.de Produktion und Schnitt: Lisa Raphael Das Sonderformat zur Wahlschlacht in Amerika gibt es zirka alle drei Wochen hier im „Tagesanbruch“-Podcast. Hier können Sie das Interview mit Bundeskanzler Scholz auf t-online nachlesen: https://www.t-online.de/nachrichten/deutschland/innenpolitik/id_100450642/olaf-scholz-im-interview-meine-ganze-politik-dient-dem-ziel-das-zu-verhindern-.html Den „Tagesanbruch“-Podcast gibt es immer montags bis samstags gegen 6 Uhr zum Start in den Tag, am Wochenende mit einer tiefgründigeren Diskussion. Verpassen Sie keine Folge und abonnieren Sie uns bei Spotify (https://open.spotify.com/show/3v1HFmv3V3Zvp1R4BT3jlO?si=klrETGehSj2OZQ_dmB5Q9g), Apple Podcasts (https://itunes.apple.com/de/podcast/t-online-tagesanbruch/id1374882499?mt=2), Pocket Casts (https://pca.st/4jMw) oder überall sonst, wo es Podcasts gibt. Wenn Ihnen der Podcast gefällt, lassen Sie gern eine Bewertung da.

Check out the BrakeSecEd Twitch at https://twitch.tv/brakesec Join the Discord! https://discord.gg/brakesec #youtube VOD (in 1440p): https://www.youtube.com/watch?v=axQWGyd79NM  Questions and topics: Bsides Vancouver discussion Semgrep Community and Academy Building communities What are ‘secure guardrails' Reducing barriers between security and developers How to sell security to devs: “hey, if you want to see us less, buy/use this?” “Security is your barrier, but we have goals that we can't reach without your help.” https://wehackpurple.com/devsecops-worst-practices-artificial-gates/  How are you seeing things like AI being used to help with DevOps or is it just making things more complicated? Not just helping write code, but infrastructure Ops, software inventories, code repo hygiene, etc? OWASP PNW https://www.appsecpnw.org/ Alice and Bob coming next year! Additional information / pertinent LInks (Would you like to know more?): shehackpurple.ca  Semgrep (https://semgrep.dev/) https://aliceandboblearn.com/ https://academy.semgrep.dev/ (free training) Netflix ‘paved roads': https://netflixtechblog.com/how-we-build-code-at-netflix-c5d9bd727f15 https://en.wikipedia.org/wiki/Nudge_theory  https://www.perforce.com/blog/qac/what-is-linting  https://www.youtube.com/watch?v=FSPTiw8gSEU  https://techhq.com/2024/02/air-canada-refund-for-customer-who-used-chatbot/  Show points of Contact: Amanda Berlin: @infosystir @hackershealth  Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb  Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@BrakeSecEd Twitch Channel: https://twitch.tv/brakesec  

In this episode of the Application Security Podcast, host Chris Romeo welcomes James Berthoty, a cloud security engineer with a diverse IT background, to discuss his journey into application and product security. The conversation spans James's career trajectory from IT operations to cloud security, his experiences with security tools like Snyk and StackHawk, and the evolving landscape of Dynamic Application Security Testing (DAST) and API security. They delve into the practical challenges of CVEs, reachability analysis, and the complexities of patching in mid-sized companies. James shares his views on the often misunderstood role of WAF and the importance of fixing issues over merely identifying them. The discussion concludes with insights into James's initiative, Latio Tech, which aims to help security professionals evaluate and understand application security products better. James Berthoty's LinkedIn post: AppSec Kool-Aid Statements I Disagree Withhttps://www.linkedin.com/posts/james-berthoty_appsec-kool-aid-statements-i-disagree-with-activity-7166084208686256128-tb1U?utm_source=share&utm_medium=member_desktopWhat is Art by Leo Tolstoyhttps://www.gutenberg.org/files/64908/64908-h/64908-h.htmFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Ready to conquer the CISSP exam with flying colors? This week, we've zeroed in on Domain 8 – the soul of software development security! I'm Sean Gerber, your cybersecurity compatriot, and I'm here to guide you through the labyrinth of securing software right from its architectural blueprint to its final lines of code. We kick things off with a bang, dissecting the crucial role of design and architecture in embedding security into your SDLC. It's not just about building software; it's about fortifying it from the foundations!As we navigate through this treasure trove of knowledge, we'll demystify the enigmatic world of application security testing. You'll learn to distinguish your SAST from your DAST, and why a meticulous code review can be your best defense against hidden vulnerabilities. Plus, we decode the wisdom of OWASP, ensuring you're armed with the latest strategies to safeguard your applications against cyber threats. And for those exhilarating runtime challenges? We shine a spotlight on vulnerability scanning – your dynamic sentinel in the ever-evolving battleground of cybersecurity. Join me for an episode that's not just informative, but a strategic playbook for your CISSP triumph!Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. Gain access to 60 FREE CISSP Practice Questions each and every month for the next 6 months by going to FreeCISSPQuestions.com and sign-up to join the team for Free. That is 360 FREE questions to help you study and pass the CISSP Certification. Join Today!

Episode SummaryAre you curious about the ever-changing landscape of data security? In this episode, we are joined by Danny Allan, the newly appointed Chief Technology Officer at Snyk, to delve into the evolving landscape of data security. In our conversation, we discussed his professional background and how he went from hacking security systems at university to becoming a security expert at Snyk. Hear about his experience in dynamic application security testing and the challenges and opportunities of working for large companies. We unpack how controlling human actions can reduce security vulnerabilities, the nuances of running cloud-hosted services, and how the techniques used for static application security testing have changed. Danny explains the importance of considering security aspects during the early stages of software development and how governance has integrated into data security measures. Gain valuable insights into the ever-changing landscape of data security, AI's potential role in revolutionizing security practices, and much more.Show NotesIn this episode, Guy Podjarny is joined by Danny Allan, the new CTO at Snyk. Danny shares his fascinating career journey that has taken him in and out of the application security space over the past 20+ years.They discuss how application security practices like static analysis (SAST) and dynamic scanning (DAST) have evolved, with SAST becoming much faster and easier to integrate earlier in the development cycle. Danny reflects on what has changed and what has surprisingly stayed the same since his earlier days in AppSec.The conversation digs into the intersections between application security, data security, cloud security, and how these domains are becoming more interconnected as the same teams take on responsibilities across these areas. Danny draws insights from his recent experience at Veeam, highlighting how practices like data immutability and multi-person authorization grew in importance to combat ransomware threats.Looking ahead, Danny and Guy explore the potential impact of AI/ML on application security. From automating threat modeling to personalizing vulnerability findings based on developer interests to generating rules and fixes, Danny sees AI unlocking many opportunities to transform AppSec practices.Overall, this episode provides a unique perspective spanning Danny's 20+ year career in security. His experiences illustrate the evolution of AppSec tooling and processes, the blurring of domains like app/data/cloud security, and how AI could radically reshape the future of application security.LinksVMwareVeeamSnyk - The Developer Security CompanyFollow UsOur WebsiteOur LinkedIn

Are you aware that plagiarism is not just about copying text word for word? Listen in to uncover the different forms of plagiarism and how to spot them. Plagiarism can have significant consequences in CME content development, affecting the credibility of education materials and the reputation of education providers. By understanding the different types of plagiarism and how to detect them, you can ensure the integrity and originality of your CME content. Discover the various forms of plagiarism beyond direct word-for-word copying. Learn practical techniques for detecting and avoiding plagiarism in your CME content development. Understand the drivers of plagiarism and gain insights into CME content integrity. Tune in to episode 98 to equip yourself with the knowledge and tools to identify and prevent plagiarism in your CME content, and take steps to ensure the originality and quality of your work. Resources Das N, Panjabi M. Plagiarism: Why is it such a big issue for medical writers?Perspect Clin Res. 2011;2(2);67-71. Harting D, Bowser A. Worst Practices for Writing CME Needs Assessments: Results From a Survey of Practitioners. AMWA Journal. 2019;34(2):51-55. Radike M, Fielder Camm C. Plagiarism in medical publishing: each of us can do something about it. Eur Heart J case Rep. 2022;6(4):ytac137. See the AMA Style Guide graphic. Retraction Watch Sandford-Cooke J. Ten signs of possible plagiarism. The blog of the Chartered Institute of Editing and Proofreading Weber-Wulff D. Plagiarism detectors are a crutch, and a problem. Nature. 2019;567;435. World Association of Medical Editors (WAME). Recommendations on publication ethics policies for medical journals. WAME. Englewood. Howson A. Should you go down the rabbit hole? Write Medicine, episode 48. Time Stamps (00:00) - Plagiarism takes different forms, including paraphrasing. (03:06) - AMA 11th Manual of Style addresses plagiarism. (04:45) - Plagiarism drivers. (06:40) - How to detect plagiarism. (08:51) - Tricks to avoid plagiarism. (09:31) - Use original words - read, digest, rewrite. (Dast, N. et al. 2016) (10:53) - Storytelling, retelling content. Subscribe to the Write Medicine podcast! Don't forget to subscribe to the Write Medicine podcast for more valuable insights on continuing medical education content for health professionals. Click the Follow button and subscribe on your favorite platform.

- Let's start off by discussing everyone's favorite topic, vulnerability management. When it comes to AppSec, obviously there's been a big push to "shift security left" which comes with CI/CD pipelines, SAST, DAST, Secrets Scanning, IaC scanning etc. How have you handled scaling AppSec effectively without burdening Dev teams with massive vulnerability lists and being a blocker for production and delivery? - There's a lot of tools to choose from, across a lot of various categories, from source, build and runtime. How have you navigated selecting the right tools for the job? What about actually integrating, tuning and optimizing them when the team is often already stretched thing?- On the tooling front, what has been your experience between vendor tools, vs. OSS options? What are some of the pros and cons you have seen from each?- Behind all the technology is people. How have you approached building your AppSec teams?- There's some nuances between existing team members and building the team. When you begin a new role, how have you approached building rapport among the team, getting trust, understanding historical team and org context and so on?- You seem to continue to find yourself in various leadership roles in AppSec, event after a recent move back to an IC role. Why do you think that is, and what skills have helped you stand out as someone others want to work with, and even for in some cases, as a leader?- What are some of your go-to resources for learning more about AppSec and keeping up to date on such a fast moving and dynamic space?

Das Tübinger Antiquariat Heckenhauer existiert seit rund 200 Jahren, es ist eines der ältesten in Deutschland. Im historischen Stammsitz am Tübinger Marktplatz werden schon seit dem 16. Jahrhundert Drucksachen gehandelt, und auch der junge Hermann Hesse hat hier Spuren hinterlassen.

Auf grausame Weise wird in den Straßen New Yorks eine junge Frau ermordet: Ihr Gesicht ist wie von Tierkrallen zerfetzt. Das Täterprofil deutet auf einen männlichen Psychopathen hin. Doch dann meldet sich eine seltsame Unbekannte. // Von Fran Dorf / Regie: Thomas Werner / WDR 2000 // Der Nebel ist zurück - hört jetzt die zweite Staffel vom Mystery-Podcast Mia Insomnia: https://1.ard.de/miainsomnia-knallhart Von Fran Dorf.

We take a quick look at the verse in Daniel wherein the Angel describes the Antichrist as one who will not regard the desire of women (Dan 11:37). We look at this description in its context and compare it with 2 Thessalonians. We take a look at the "queen of heaven" spoken of in scripture and offer a possibility in light of the description given us by the Angel in Daniel. Does this verse teach that the Antichrist will be a homosexual or is it something very different altogether?Tammuz, Semiramus, and other ancient gods and goddesses are briefly discussed and we follow them into Christendom to this day.More details:www.contextorconfusion.com

50% von "Die Ratsherren" wünschen euch erstmal ein frohes neues Jahr! Hoffentlich seid ihr alle gut gestartet, für uns waren die Wochen vor dem Jahreswechsel sehr durchwachsen. Aber das soll gar kein Grund sein, nur in schlechter Laune zu schwelgen, denn es gibt auch sehr gute Neuigkeiten, die wir euch in Podcastform natürlich nicht vorenthalten wollen! Los geht die wilde Fahrt! 00:00 - Intro 2:55 - Frohes Neues! 5:21 - Es waren unschöne Wochen… 5:58 - Update zum Kater Kurti 16:14 - Robin & Corona 26:04 - Mats & Corona 45:28 - Das Töpfler-Rätsel ist gelöst! 52:34 - News Gelnhausen! 57:48 - Robin ist ein Lebensretter! 1:06:43 - Eine Topliste 1:21:19 - Beamter im Homeoffice vergessen!? Ihr habt Fragen/Anmerkungen/Hinweise? Schickt uns alles an: Eine Mail an frage@dieratsherren.de oder artikel@dieratsherren.de Eine PM bei X/Twitter an @dieratsherren ► Zur Hompage - http://www.dieratsherren.de ► RSS-Feed - https://www.dieratsherren.de/feed/podcast/dieratsherren ► Spotify - https://open.spotify.com/show/0z0PSH2ahZvJr7lm2vPcqB ► iTunes - https://itunes.apple.com/de/podcast/die-ratsherren/id1104290546?l=en&mt=2 ► Zur YT-Playlist - https://www.youtube.com/playlist?list=PLk1edVCoRiNRn92if8pcl5bOaDsFmwuX- ► Der Hooked-Discord - https://discord.gg/uSD8ftjyGK

In this insightful episode of "Reimagining Cyber," hosts Rob Aragao and Stan Wisseman underscore the criticality of deploying diverse testing methods, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), for a comprehensive assessment and effective mitigation of vulnerabilities in the cyber landscape.The hosts meticulously explore the nuances differentiating SAST and DAST, highlighting that SAST involves meticulous inside-out analysis through source code examination, while DAST employs a strategic outside-in analysis by rigorously testing running applications. Delving into the intricacies, they address challenges related to false positives in static analysis and illuminate coverage issues within dynamic testing methodologies.The conversation seamlessly extends to emphasize the paramount importance of seamlessly integrating security testing into the development workflow, thereby minimizing friction for developers. The hosts delve into the evolving role of developers in the realm of security testing, showcasing a notable shift towards early integration of dynamic tests within the software development lifecycle.Introducing the pivotal concept of Software Composition Analysis (SCA), the hosts accentuate its indispensable role in the identification and management of vulnerabilities stemming from open-source components. They underscore the significance of comprehensive awareness about the components utilized in applications, enabling swift responses to zero-day vulnerabilities and adeptly addressing licensing concerns.Conclusively, the discussion advocates for a holistic approach to application security, encompassing SAST, DAST, and SCA methodologies. The hosts ardently stress the necessity of striking an optimal balance between development velocity and rigorous testing to proactively avert the potential high costs and repercussions associated with security breaches. Stay tuned for actionable insights that empower your cybersecurity strategy!Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Plunge into the thrilling world of application security with Kyle Hankins, a seasoned expert in the field. In a riveting conversation, Kyle delves into the intricate dance between red team offense and blue team defense strategies, unraveling how they shape the backbone of robust app security. But here's where it gets even more fascinating – AI's emerging role in this high-stakes domain. With AI being a hotly debated topic in both application and network security, Kyle sheds light on its potential pitfalls and promises. Join us for this deep dive with Kyle Hankins, where we peel back the layers of this complex, ever-evolving landscape.   0:00 Intro 1:09 Kyle's background 6:28 Differences in security testing 8:11 Mobile app testing and SAST 13:02 SAST vs DAST 19:33 Culture change in infosec 21:06 Shifting to the left 23:44 Security an AI 29:25 Reducing time to the X 36:25 AI to estimate more accurate time to fix 39:42 Faster detection rates 40:47 The good and bad with AI predictions 55:22 AI without metacognition and laziness 1:04:28 OWASP LLM Top 10 1:05:53 Whitehouse executive order on AI 1:09:26 Speaking like an LLM 1:14:24 Reducing dwell time 1:19:24 SAST and LLMs 1:22:57 Threat modeling and IAST 1:38:58 Non-determinism and static rules 1:44:56 Outro

Sind Sie ein gläubiger Mensch? Vielleicht sagen Sie, ach nein, ich bin nicht religiös. Ich habe keinen Glauben. Gibt es Menschen, die an gar nichts glauben? Ich beobachte, wir Menschen können gar nicht ohne Glauben leben. Das Tätigkeitswort „glauben“ bedeutet ursprünglich, mir ist etwas lieb und wert, ich vertraue mich einer Sache oder Person an. Was uns Menschen in Wahrheit unterscheidet, sind nicht Glaube und Unglaube. Was uns Menschen hinsichtlich des Glaubens unterscheidet, ist, woran oder wem wir glauben.

John & Josh give the quick version of DAST that was supposed to be last segment. Grand Brands & CFB

Dan Küykendall visits The Application Security Podcast to discuss his series "Why All AppSec Products Suck" and explain why software companies should understand the uses and limitations of any security tool. The series aims to highlight the limitations of each tool and to help users make informed decisions when selecting the right tools for their needs. In this field, there is no such thing as an expert; there is always something new to learn.Dan, Chris, and Robert remember the late Kevin Mitnick, a well-known figure in the cybersecurity community. They share their personal experiences with Mitnick, highlighting his curiosity, humility, and the importance of remembering that everyone in the cybersecurity community is a regular person with feelings and concerns.The hosts discuss the challenges of dealing with heavy client-side applications, such as those built with React, and the difficulties faced by Dynamic Application Security Testing (DAST) scanners in handling different data formats and client-side complexities. They share their experiences in redesigning DAST scanners to handle various data formats and the importance of separating data formats from attack payloads. Dan helps Chris see the usefulness of DAST in certain situations, such as a large enterprise, without hiding some of the limitations inherent in DAST.The podcast also touches on the importance of training engineers in web security and the need for a collection of tools that address different security concerns. The hosts emphasize the value of designing security into applications from the beginning and the role of training in achieving this goal. Learning the basics, such as understanding TCP/IP, is still important for security and developers.To gain more valuable insights and resources from Dan KuykendallThe Dan On Dev website - https://danondev.comSocial Media- https://twitter.com/dan_kuykendall- https://twitter.com/Dan_On_Dev- https://instagram.com/dan_on_dev- https://facebook.com/danondevFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

In this captivating episode of R2DSO hosts Ken and Mike embark on an exploration of security automation in the realms of application and cloud security. With a a keen understanding of the pitfalls, they emphasize the need for precision, consistency, and repeatability. Stepping beyond the traditional confines of scanning, and automation techniques destined for failure, they offer insightful analogies and practical advice, empowering listeners to harness the true power of secure automation. Join this engaging conversation tailored for technical application security enthusiasts and discover the keys to unlock a new era of efficiency and effectiveness.

Simon Bennetts, a distinguished engineer at Jit, discusses one of the flagship projects of OWASP: the Zed Attack Proxy (ZAP) open source security testing tool. As ZAP's primary maintainer, Simon traces the tool's origins and shares some anecdotes with SE Radio host Priyanka Raghavan on why there was a need for it. They take a deep dive into ZAP's features and its ability to integrate with CI/CD, as well as shift security left. Bennetts also considers what it takes to build a successful open source project before spending time on ZAP's ability to script to provide richer results. Finally, the conversation ends with some questions on ZAP's future in this AI-powered world of bots.

In episode 76 of the We Hack Purple Podcast host Tanya Janca brings Anshu Bansal, the CEO of CloudDefense.ai, back onto the show for a second time to discuss “solving problems in application security”. Tanya and Anshu have worked together quite a while, as Tanya has been an advisor at Cloud Defense since it was a drawing on the back of a napkin!We choose this topic because Anshu recently spoke at the OWASP Bay Area meetup chapter, and he told Tanya his talk was about "solving the AppSec problems”. Obviously, she had to hear more about this. They dove into Anshu's definition of false positives (the traditional meaning, plus legit vulnerabilities that aren't reachable or otherwise do not cause business risk), as well as how to prioritize issues in way that makes more sense for the business. He simplified a lot of ideas that sometimes technical folks struggle with, such as how to get your message across to the business so that they agree to fix what matters most.More Anshu!Anshu generously offered to connect with any of our listeners on LinkedIn: https://www.linkedin.com/in/anshubansal/He's part of the Cloud Defense blog https://www.clouddefense.ai/blogThey also have a Newsletter https://www.clouddefense.ai/contactVery special thanks to our sponsor: Semgrep!Semgrep Supply Chain's reachability analysis lets you ignore the 98% of false positives in open source vulnerabilities and quickly find and fix the 2% of issues that are actually reachable. Get Your Free Trial Here! Semgrep also makes a ludicrously fast static analysis tool They have a free and paid version of this tool, which uses an open-source engine, and offers a community-created rule set! Check out Semgrep Code HERE Join We Hack Purple!Check out our brand new courses in We Hack Purple Academy. Join us in the We Hack Purple Community: A fun and safe place to learn and share your knowledge with other professionals in the field. Subscribe to our newsletter for even more free knowledge! You can find us, in audio format, on Podcast Addict, Apple Podcast, Overcast, Pod, Amazon Music, Spotify, and more!

For this week's episode of the podcast, we're joined by Patrick Vandenberg, director of product marketing at Invicti Security. Patrick helps us unpack the reasons behind why 70% of security incidents start from web applications and talks us through the importance of application security and dynamic application security testing (DAST). Patrick also touches on where the future of application security testing may be heading and how scanning varies across industries. Patrick Vandenberg, Director of Product Marketing at Invicti A seasoned cybersecurity leader, Patrick Vandenberg is the Director of Product Marketing at Invicti Security. He works closely with security and DevSecOps stakeholders to understand today's cybersecurity pain points so we can continue to help our customers solve their application security challenges. As an alumnus of several cybersecurity companies, including Hunters, Snyk, and IBM Security, Patrick brings over 20 years of experience in cybersecurity across product marketing and product management roles. Patrick holds a degree in Systems & Computer Engineering from Carleton University and, in his free time, continues a longtime passion for coaching and playing hockey. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e234

Show Topic Summary (less than 300 words) Dish Network is still busted due to ransomware, your Pixel phone baseband RCE, Nothing runs like a Deere (away from OSS requests, anyway), and “Are we past DAST?”   Questions and potential sub-topics (5 minimum): https://techcrunch.com/2023/03/15/dish-customers-kept-in-the-dark-as-ransomware-fallout-continues/  https://medium.com/@cmanojshrestha/hack-any-social-media-account-using-cookie-stealing-attack-a6cdc4caafc1  https://boringappsec.substack.com/p/edition-18-the-diminishing-returns  https://www.theregister.com/2023/03/17/john_deere_sfc_gpl/  https://www.bleepingcomputer.com/news/security/alleged-breachforums-owner-pompompurin-arrested-on-cybercrime-charges/ (thanks D Mathews!) https://www.bleepingcomputer.com/news/security/microsoft-support-cracks-windows-for-customer-after-activation-fails/  https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html    Additional information / pertinent Links (would you like to know more?): https://www.shopbiscoff.com/lotus-biscoff-xl-two-pack-case-bulk-size https://twitter.com/InfoSystir/status/1636847843683041280?s=20            Show Points of Contact: Amanda Berlin: @infosystir @hackershealth  Brian Boettcher: @boettcherpwned Bryan Brake: @bryanbrake @bryanbrake@mastodon.social Website: https://www.brakeingsecurity.com Twitch: https://twitch.tv/brakesec Youtube: https://www.youtube.com/c/BDSPodcast  Email: bds.podcast@gmail.com

Nikki: I have to start with an article you wrote a couple of years ago, about how we explain and provide context around vulnerabilities. I love the analogy of a 'vulnerability recipe' and how we can step through an explanation of vulnerabilities. Can you talk a little bit about the process and what compelled you to explore this topic? Nikki: I saw you spoke to Ron Ross recently, we had him on the show last year talking about cyber resiliency and of course software supply chain. Can you talk a little bit about security assurance and what that means to both developers and security practitioners? Chris: You've been a leader in the AppSec space for some time, particularly focusing on capabilities and tooling such as IAST. For folks not familiar with IAST, can you explain what it is and the value it adds over say SAST and DAST?Chris: I know you and I have exchanged messages and comments about Software Supply Chain Security and SBOM. What are your thoughts about where were headed on this front as an industry?Chris: With the release of the National Cyber Strategy yesterday I of course have to ask your initial thoughts. First more broadly, about the overall sentiment of the strategy and also about specific areas, such as increased requirements on software vendors and technology providers to produce secure products and the potential for increased liability.Nikki: It looks like you had a pretty lengthy time with OWASP - can you talk about some of the work you did there and the work that OWASP does? I think people typically equate OWASP with the OWASP top ten, but there are so many free resources and tools available for developers and security professionals. Chris: Given your past involvement of a decade with OWASP in its early growth, any thoughts on the recent open letter we saw sent to the OWASP leadership?Nikki: Can you talk a little bit more about Contrast security and the type of work you all do? Would like to hear more about what the company has going on and anything else you may have coming up.Chris: Continuing on with Contrast, I am interested in the founders journey a bit. Contrast has been around for nearly a decade and is now up to several hundreds of employees. What has that journey been like and what are some of the major ways the industry has, or hasn't changed during that time?

We're aren't recording this holiday week, so enjoy this ASW throwback episode! Main host Mike Shema selected this episode to share as it's still relevant to the AppSec community today.    This week, we welcome Nuno Loureiro, CEO at Probely, and Tiago Mendo, CTO at Probely, to talk about Dev(Sec)Ops Scanning Challenges & Tips! There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier.   In the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance!   Show Notes: https://securityweekly.com/asw170   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly