POPULARITY
A We Hack Purple Live Stream with Matt Tesauro of Defect Dojo Inc (https://www.defectdojo.com/). Join We Hack Purple Community to be invited to awesome events like one! https://community.wehackpurple.com Description: You're tasked with ‘doing DevSecOps' for your company and you've got more apps and issues than you know how to deal with. How do you make sense of the different tools outputs for all your different apps? DefectDojo is an open source platform that can be your single pane of glass by aggregating, distilling, and automating your AppSec and DevSecOps tools. DefectDojo was created by DevSecOps people for DevSecOps people. In this talk, you'll learn about DefectDojo and how to make the most of the many features it offers including its REST-based API. DefectDojo can be your single pane of glass for discovered security vulnerabilities, report generation, aggregation of over 150+ different security tools, inventory of applications, tracking testing efforts / metrics on your AppSec program. DefectDojo was the heart of an AppSec automation effort that saw an increase in assessments from 44 to 414 in two years. Don't you want 9.4 times more output from your AppSec program? It's time to ditch spreadsheets and get DefectDojo. About Matt: Matt Tesauro is a DevSecOps and application security (AppSec) guru with specialization in creating security programs, leveraging automation to maximize team velocity and training emerging and senior professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via his involvement in open-source projects, presentations, trainings and new technology innovation. Matt thrives on tackling technical problems, but his economics background gives him a unique understanding of business constraints and incentives around security initiatives. As a versatile engineer, Matt's background spans software development (primarily web development), Linux system administration, penetration testing and application / cloud security. Additionally, he offers more than 13 years of experience with the internationally recognized AppSec and open-source nonprofit OWASP Foundation. At OWASP, Matt has served on the global board of directors and conducted several highly successful open-source projects, including a web testing environment with 300,000+ downloads in a single year and the OWASP DefectDojo vulnerability management platform with 10 million+ downloads. As a recognized thought leader, Matt has presented at conferences multiple times per year since 2009 and has facilitated training around the world. Some of his noteworthy speaking engagements include a DHS Software Assurance Workshop; OpenStack Summit; SANS AppSec Summit; and AppSec US, EU and LATAM. He has also taught computer security courses at Texas A&M and the University of Texas at the undergraduate and graduate level. Matt leads by example and rolls up his sleeves to help teams reach their goals. He is a supportive and collaborative leader who mentors and motivates others to realize their potential. Colleagues note that Matt is fiendishly clever when solving problems and refreshingly honest in his work. In 2021, Matt was recruited for the role of Distinguished Engineer at Noname Security. His priority is to evangelize Noname's ground-breaking API security platform and API security in general. He works closely with the product team to ensure that Noname's platform addresses the application and product security issues that impact customers. Before joining Noname, Matt rolled out AppSec automation at USAA and founded 10Security. His early career includes tenures as Director of Community and Operations at the OWASP Foundation, Senior AppSec Engineer at Duo Security, Senior Software Security Engineer at Pearson and Senior Product Security Engineer at Rackspace. Matt received a master's degree in management information systems and a bachelor's degree in economics from Texas A&M Univers
In this episode of the RH-ISAC podcast, Matt Tesauro, distinguished engineer at Noname Security, discusses API vulnerabilities and how API testing is shifting left. Then, Kelsey Helms, principal analyst, and Ryan Miller, senior director, cybersecurity, at Target share how they're taking ransomware resiliency beyond the basics and collaborating across their organization. Thank you to Fortinet for their sponsorship of the RH-ISAC podcast.
In this episode Brad is joined by Matt Tesauro to talk all things OWASP, API Hacking and DevSec. Matt Tesauro is a Distinguished Engineer at NoName Labs, a member of the OWASP Global Board of Directors and Founder of 10Security, the creators of DefectDojo.Matt Tesauro is a DevSecOps and AppSec guru with specialization in creating security programs, leveraging automation to maximize team velocity and training emerging and senior professionals. When not writing automation code in Go, Matt is pushing for DevSecOps everywhere via his involvement in open-source projects, presentations, trainings and new technology innovation.Twitter: https://twitter.com/matt_tesauroLinkedIn: https://www.linkedin.com/in/matttesauro/DefectDojo: https://www.defectdojo.org/DefectDojo on Github: https://github.com/DefectDojo/django-DefectDojoDefectDojo commercial support: https://www.defectdojo.com/API Security: https://www.slideshare.net/mtesauro/hacking-and-defending-apis-red-and-blue-make-purplepdfAPI Security Tools: https://owasp.org/www-community/api_security_tools (always looking for additions!)OWASP:Become an OWASP Member: https://owasp.org/membership/Find a local chapter: https://owasp.org/chapters/Find a cool project: https://owasp.org/projects/OWASP Cheat Sheets: https://cheatsheetseries.owasp.org/OWASP Web Security Testing Guide: https://owasp.org/www-project-web-security-testing-guide/OWASP Mobile Application Security: https://owasp.org/www-project-mobile-app-security/OWASP API Security Top 10: https://owasp.org/www-project-api-security/OWASP Dependency-Check: https://jeremylong.github.io/DependencyCheck/OWASP Dependency-Track: https://dependencytrack.org/Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In this episode, Matt Tesauro hosts wirefall to talk about creating and growing a security community and his 26 years of pen testing experience. In wirefall's case, it's the Dallas Hackers Association or DHA. Our conversation includes what motivated him to create DHA, the lessons he's learned, challenges faced and what success looks like today. He provides some advice for those wanting to get into cybersecurity or be a part of the broader security community. Enjoy. Show Links: - DHA Meetup: https://www.meetup.com/dallas-hackers-association/ - DHA Twitter: https://twitter.com/dallas_hackers - wirefall on Twitter: https://twitter.com/DHAhole
In this episode, Matt Tesauro hosts Neil Matatall to talk about going beyond 2FA as he relates lessons learned from Twitter and Github on account security. This is another episode with some good nuggets of wisdom and some sound advice for those writing or maintaining APIs. It's obvious that Neil has not only spent time doing solid engineering work but he's learned a few things that he's willing to share. Enjoy. Show Links: - OWASP DevSlop Episode: https://www.youtube.com/watch?v=hrAKE6LaizE&ab_channel=OWASPDevSlop - Slide Deck: https://bit.ly/35dcTm0 - Neil on Twitter: https://twitter.com/ndm
In this episode, Matt Tesauro hosts Greg Anderson and Cody Maffucci to talk about OWASP DefectDojo. DefectDojo is an OWASP flagship project that aims to be the single source of truth for AppSec or Product Security teams. It provides a single pane of glass for security programs and can import and normalize over 150 different security tools. I thought that the OWASP podcast might just cover an OWASP project now and then so here we go. Show Links: - https://www.defectdojo.org/ - Github organization: https://github.com/defectdojo - Github main repo: https://github.com/DefectDojo/django-DefectDojo - Pubic Demo info: https://github.com/DefectDojo/django-DefectDojo#demo - Data models (part of the project docs) https://defectdojo.github.io/django-DefectDojo/usage/models/
In this episode, Matt Tesauro hosts David Gillman about JWT Patterns and Anti-Patterns. I first met David at LASCON in the fall of 2021 when I sat in on his conference talk. Based on David's experiences with JWTs we discuss where JSON Web Tokens can help and harm developers who use them. It seems like JWTs can be a mixed bag mostly determined by how you use them. Hopefully this episode will help you avoid any JWT sharp edges if or, more likely, when you work with them. Show Links: - Video of David's presentation at LASCON - https://www.youtube.com/watch?v=xTk4ff0eAUg&list=PLLWzQe8KOh5nv8OBs3j39DNYULfxwv_6V&index=29&ab_channel=LASCON - David Gillman on Twitter - https://twitter.com/primed_mover
In this episode, Matt Tesauro hosts Adam Shostack to talk about threat modeling - not only what it is but what Adam has learned from teaching numerous teams how to do threat modeling. Learn what makes a good threat model and some news about a new book from Adam to help further the spread of threat modeling with the end goal of more threat modeling and fewer security surprises. Enjoy! Show Links: - Threats Book site: https://threatsbook.com/ - Resources on Adam's website: https://shostack.org/resources
Hello, it's Matt Tesauro. Welcome back to my take on the OWASP Podcast. It seems as if I'm turning my episodes into the equivalent of a conference hall track, those wonderful interactions you have at conferences, running between rooms at conferences, meeting up with smart minds you don't see all the time. I have the pleasure of reuniting with Wendy Nather, CISO Advisor Extraordinaire, for this episode. We had a very interesting conversation about Software Bill of Materials (SBOMs). Like many of my interactions with Wendy, I learned from our conversation. She threw out some really good nuggets. I highly recommend looking up Wendy on Twitter (@wendynather). Besides the security wisdom she's going to drop, she's got a hell of a sense of humor. I think it will be worth the follow. Enjoy the episode.
Hello, I'm Matt Tesauro, one of the OWASP Podcast co-hosts. I had the opportunity to interview Tanya Janca for this podcast. To be honest, I kind of wish it was a video recording because you'd be able to see the big smiles and vigorous head nodding during the recording. Tanya and I are in violent agreement about all things appsec, and it shows. There's a nice mix of general advice, war stories, and some good nuggets in this interview. I hope you enjoy it.
8 years ago I took over the OWASP Podcast from Jim Manico, originator of the project. In that time over 160 episodes have been published, with over 500,000 downloads. It has been a fun project, but it's time to change things up a bit. There is a lot going on at OWASP, even more going on with the technology industry when it comes to cybersecurity. It's too much for one person to keep up with. Enter the idea of multiple co-hosts for the podcast. Many of you listening already know of Vandana Verma and Matt Tesauro from their work with OWASP. I called to ask if they'd like to share the platform, producing their own episodes around a chosen concept. In today's episode, Vandana, Matt and I talk about thoughts of an expanded concept for the podcast. We'll each explain what we will be covering in our shows, and what you can expect to hear in the coming year. Our plan is to have three shows, (kind of like NPR programming when I think of it), under one umbrella: The OWASP Podcast Series. Come along with us and we talk through the new series and what it will me to you, as a listener.
Matt Tesauro (@matt_tesauro) talks OWASP, community involvement, Defect Dojo, and the AppSec Pipeline toolbox with Ken and Seth.
Matt Tesauro (@matt_tesauro) talks OWASP, community involvement, Defect Dojo, and the AppSec Pipeline toolbox with Ken and Seth.
This week, we're joined by Matt Tesauro, a co-lead for the AppSec Pipeline Project. He explains how they began building this project and some ways for you to start using this in your organization. You can find Matt on Twitter @matt_tesauro The post #AppSec Pipeline as Toolbox (S04E05) appeared first on Security Journey Podcasts.
When I was at AppSecUSA 2015 in San Francisco, I was standing in the hallway talking with Matt Tesauro, Shannon Lietz and Jez Humble. We decide that our discussion was interesting enough to continue, so we grab a room and just started talking. Heads up: There are basic audio problems with the recording, such as some background hiss and some high frequency whining (not from us, from the lights overhead!). It was an interesting discussion about real world scenarios that the three have seen in different environments, with solutions for those issues. There's an important summary that starts at 34 minutes where each of them specifies the most important things they'd like you to take away from the discussion.
I was able to get a quick update from Damon, Matt, Eoin and Martin this week at AppSec USA 2014 Denver. They each have a different perspective on what is going with OWASP in different parts of the world. Have a listen...
It's become a regular thing at AppSec: test the experts on their knowledge of current software security news events. This session was recorded at AppSec Europe 2014 with panelists Chris Eng, Matt Tesauro and Josh Corman. If you'd like to play along, you can view the gameshow slide deck. Looking forward to seeing you at our next AppSec session of "Wait Wait! Don't pwn me!"