Podcasts about owasp proactive controls

The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model for modern appsec awareness? What if we put that attention and effort elsewhere? Maybe we could have secure defaults instead. Or linters and build tools that point out these flaws. We'll talk about top 10 lists, what we like about them, what we don't like, and what we'd like to see replace them. We'll also test our hosts' knowledge of just how many top 10 lists are out there.   Segment resources: [OWASP Top 10:2021](https://owasp.org/Top10/)  [OWASP API Security Project](https://owasp.org/www-project-api-security/) [OWASP Top 10 Mobile Risks](https://github.com/OWASP/www-project-mobile-top-10/blob/master/2016-risks/index.md) [OWASP Top 10 CI/CD Security Risks](https://owasp.org/www-project-top-10-ci-cd-security-risks/) and [ASW #220](https://www.scmagazine.com/podcast-episode/asw-220-daniel-krivelevich) [OWASP Low-Code/No-Code Top 10](https://owasp.org/www-project-top-10-low-code-no-code-security-risks/) [OWASP Top 10 Privacy Risks](https://owasp.org/www-project-top-10-privacy-risks/) [OWASP Proactive Controls](https://owasp.org/www-project-proactive-controls/) [OWASP AI Security and Privacy Guide](https://owasp.org/www-project-ai-security-and-privacy-guide/) [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org) [OWASP Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/) and [ASW #232](https://www.scmagazine.com/podcast-episode/asw-232-josh-grossman) [Moving on from the OWASP Top 10](https://deadliestwebattacks.com/appsec/2023/03/30/reflecting-on-the-owasp-top-10)   New TLDs are already old news, fuzzing eBPF validators, Microsoft sets to kill bug classes, draft RFC to track location trackers, a top ten list with directory traversal on it, conference videos from Real World Crypto and BSidesSF, and an attack tree generator from markdown.   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw242 

The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model for modern appsec awareness? What if we put that attention and effort elsewhere? Maybe we could have secure defaults instead. Or linters and build tools that point out these flaws. We'll talk about top 10 lists, what we like about them, what we don't like, and what we'd like to see replace them. We'll also test our hosts' knowledge of just how many top 10 lists are out there. Segment resources: [OWASP Top 10:2021](https://owasp.org/Top10/)  [OWASP API Security Project](https://owasp.org/www-project-api-security/) [OWASP Top 10 Mobile Risks](https://github.com/OWASP/www-project-mobile-top-10/blob/master/2016-risks/index.md) [OWASP Top 10 CI/CD Security Risks](https://owasp.org/www-project-top-10-ci-cd-security-risks/) and [ASW #220](https://www.scmagazine.com/podcast-episode/asw-220-daniel-krivelevich)    [OWASP Low-Code/No-Code Top 10](https://owasp.org/www-project-top-10-low-code-no-code-security-risks/) [OWASP Top 10 Privacy Risks](https://owasp.org/www-project-top-10-privacy-risks/) [OWASP Proactive Controls](https://owasp.org/www-project-proactive-controls/) [OWASP AI Security and Privacy Guide](https://owasp.org/www-project-ai-security-and-privacy-guide/) [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org) [OWASP Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/) and [ASW #232](https://www.scmagazine.com/podcast-episode/asw-232-josh-grossman) [Moving on from the OWASP Top 10](https://deadliestwebattacks.com/appsec/2023/03/30/reflecting-on-the-owasp-top-10)   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw242

The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model for modern appsec awareness? What if we put that attention and effort elsewhere? Maybe we could have secure defaults instead. Or linters and build tools that point out these flaws. We'll talk about top 10 lists, what we like about them, what we don't like, and what we'd like to see replace them. We'll also test our hosts' knowledge of just how many top 10 lists are out there.   Segment resources: [OWASP Top 10:2021](https://owasp.org/Top10/)  [OWASP API Security Project](https://owasp.org/www-project-api-security/) [OWASP Top 10 Mobile Risks](https://github.com/OWASP/www-project-mobile-top-10/blob/master/2016-risks/index.md) [OWASP Top 10 CI/CD Security Risks](https://owasp.org/www-project-top-10-ci-cd-security-risks/) and [ASW #220](https://www.scmagazine.com/podcast-episode/asw-220-daniel-krivelevich) [OWASP Low-Code/No-Code Top 10](https://owasp.org/www-project-top-10-low-code-no-code-security-risks/) [OWASP Top 10 Privacy Risks](https://owasp.org/www-project-top-10-privacy-risks/) [OWASP Proactive Controls](https://owasp.org/www-project-proactive-controls/) [OWASP AI Security and Privacy Guide](https://owasp.org/www-project-ai-security-and-privacy-guide/) [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org) [OWASP Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/) and [ASW #232](https://www.scmagazine.com/podcast-episode/asw-232-josh-grossman) [Moving on from the OWASP Top 10](https://deadliestwebattacks.com/appsec/2023/03/30/reflecting-on-the-owasp-top-10)   New TLDs are already old news, fuzzing eBPF validators, Microsoft sets to kill bug classes, draft RFC to track location trackers, a top ten list with directory traversal on it, conference videos from Real World Crypto and BSidesSF, and an attack tree generator from markdown.   Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/asw242 

The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model for modern appsec awareness? What if we put that attention and effort elsewhere? Maybe we could have secure defaults instead. Or linters and build tools that point out these flaws. We'll talk about top 10 lists, what we like about them, what we don't like, and what we'd like to see replace them. We'll also test our hosts' knowledge of just how many top 10 lists are out there. Segment resources: [OWASP Top 10:2021](https://owasp.org/Top10/)  [OWASP API Security Project](https://owasp.org/www-project-api-security/) [OWASP Top 10 Mobile Risks](https://github.com/OWASP/www-project-mobile-top-10/blob/master/2016-risks/index.md) [OWASP Top 10 CI/CD Security Risks](https://owasp.org/www-project-top-10-ci-cd-security-risks/) and [ASW #220](https://www.scmagazine.com/podcast-episode/asw-220-daniel-krivelevich)    [OWASP Low-Code/No-Code Top 10](https://owasp.org/www-project-top-10-low-code-no-code-security-risks/) [OWASP Top 10 Privacy Risks](https://owasp.org/www-project-top-10-privacy-risks/) [OWASP Proactive Controls](https://owasp.org/www-project-proactive-controls/) [OWASP AI Security and Privacy Guide](https://owasp.org/www-project-ai-security-and-privacy-guide/) [OWASP Cheat Sheet Series](https://cheatsheetseries.owasp.org) [OWASP Application Security Verification Standard](https://owasp.org/www-project-application-security-verification-standard/) and [ASW #232](https://www.scmagazine.com/podcast-episode/asw-232-josh-grossman) [Moving on from the OWASP Top 10](https://deadliestwebattacks.com/appsec/2023/03/30/reflecting-on-the-owasp-top-10)   Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw242

Jednorożce rozgrzewają wyobraźnię jeżeli chodzi o swoje finansowanie – a jak wygląda ich codzienność? W tym odcinku rozmawiam z Marcinem Hoppe, engineering manager w Auth0, firmie określanej jako “unicorn”. Dowiesz się z niego nie tylko o tym, jak się ujeżdża jednorożce w codziennej pracy, ale też:• O tym jak wygląda praca w unicorn, czyli firmie wartej według wyceny ponad 1 MLD dolarów• O trzech powodach dla programisty, dlaczego nie powinien sam tworzyć rozwiązania do bezpieczeństwa• O pracy zdalnej w środowisku międzynarodowym w wielu strefach czasowych i kulturowych i jak wygląda proces rekrutacyjny dla jednorożców• O roli engineering manager w organizacji inżynierskiej• O tym jak można działać w Open Source i co daje aktywność w społecznościach Open Source• Dlaczego dziura bezpieczeństwa może kosztować 100 milionów dolarów i gdzie tak może się stać?Pamiętaj, jeżeli masz jakieś pytanie, nagraj je i wyślij na podcast@onyszko.com. Możesz też wysłać je jako e-mail, ale fajnie by było gdybyś je nagrał(a) i stał się częścią tego podcastu. Główne punkty z odcinka:Niektóre rzeczy są trudne, tak jak uwierzytelnienie i autoryzacja. Trudno i często kompletnie niepotrzebnie, jest budować to samemy, lepiej i szybciej skorzysta.W karierze warto się nauczyć kiedy delegować, komu i jak. To pozwala Wam zająć się innymi rzeczami, które bardziej Was rozwijają.Warto zainteresować się tematem bezpieczeństwa, w szczególności w chmurze - to rosnący i ciekawy obszar rynku. Jako architekt czy developer zajmujący się aplikacjami warto abyś zainteresował sie otoczeniem bezpieczeństwa dookoła aplikacji. To może być dobry ruch w karierze.Zaangażownie w projekty Open Source to super okazja aby poszerzyć swoją sieć kontaktów zawodowychPodziel się! Bezpośredni link do odcinka, gotowy do udostępnienia niezależnie od platformy: https://share.transistor.fm/s/35ee0c7aGdzie możesz znaleźć Marcina w sieci:Twitter: https://twitter.com/marcin_hoppeLIN: https://www.linkedin.com/in/marcinhoppe/Blog: https://marcinhoppe.com/Linki do źródeł, osób, miejsc i książek wymienionych w odcinku:  Auth0 (obecnie część Okta) - https://auth0.com/Vittorio Berttocci: https://twitter.com/vibronetRemote work at Auth0: https://twitter.com/vibronet/status/1016476271046418432?s=20OWASP:OWASP TOP 10: https://owasp.org/www-project-top-ten/OWASP Proactive Controls: https://owasp.org/www-project-proactive-controls/OWASP TOP 10 Serverless: https://owasp.org/www-project-serverless-top-10/Open Source Security Foundation (OpenSSF): https://openssf.org/Daniel Stenbert, autor Curl: https://daniel.haxx.se/blog/Curl: https://curl.se/NTP: http://www.ntp.org/Linux Foundation: https://www.linuxfoundation.org/Dynamic Reteaming: The Art and Wisdom of Changing Teams: https://www.amazon.com/Dynamic-Reteaming-Wisdom-Changing-Teams/dp/1733567216Team Topologies: https://www.amazon.com/Team-Topologies-Organizing-Business-Technology-ebook/dp/B07NSF94PC/Python: https://www.python.org/Tedee: https://tedee.com/Pozostańmy w kontakcie >> Zapisz się do mojego newsletter (EN)

We continue with the mini-series, OWASP Top 10 Proactive Controls For Developers, with number 7. This control is about enforcing Access Controls. Like most of these controls not everything about this is handle in code. Security is a practice that is all around you and developed long before you decide what framework or language you will build the application with. This episode goes through the details of this control. Be aware, be safe. ------------------------------------ Website - https://www.binaryblogger.com Podcast Page - http://securityinfive.libsyn.com Podcast RSS - http://securityinfive.libsyn.com/rss Twitter @binaryblogger - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 YouTube - https://www.youtube.com/binaryblogger TuneIn Radio - Security In Five Channel Spotify - Security In Five Podcast Page Stitcher -

We continue with the mini-series, Top 10 OWASP Proactive Controls for Developers and we are at number 6. This one talk about Identity Management or Digital Identity. This one goes beyond just the code and into the security practice of ensuring unique users are identified and authorized properly within your applications.  Be aware, be safe. ------------------------------------ Website - https://www.binaryblogger.com Podcast Page - http://securityinfive.libsyn.com Podcast RSS - http://securityinfive.libsyn.com/rss Twitter @binaryblogger - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 YouTube - https://www.youtube.com/binaryblogger TuneIn Radio - Security In Five Channel Spotify - Security In Five Podcast Page Stitcher -

Continuing with the mini-series OWASP Top 10 Proactive Controls for Developers we are at number 4. This one talk about encoding and escaping your data. This episode talks about the importance of this development practice and what types of attack it help to prevent.    Be aware, be safe. ------------------------------------ Website - https://www.binaryblogger.com Podcast Page - http://securityinfive.libsyn.com Podcast RSS - http://securityinfive.libsyn.com/rss Twitter @binaryblogger - https://www.twitter.com/binaryblogger iTunes - https://itunes.apple.com/us/podcast/security-in-five-podcast/id1247135894?mt=2 YouTube - https://www.youtube.com/binaryblogger TuneIn Radio - Security In Five Channel Spotify - Security In Five Podcast Page Email - contactme@binaryblogger.com  

On this episode of the Application Security Podcast, Chris and Robert talk to Jim Manico and Katy Anton about the OWASP Proactive Controls project. This is something we have talked about before, and they are looking for feedback on the update coming soon. Rate us on iTunes and provide a positive comment, please!   The post The Future of the OWASP Proactive Controls (S02E17) – Application Security PodCast appeared first on Security Journey Podcasts.

Robert and I try a new format talking about a few topics per episode. We talk about changes with the Proactive Controls, AppSecUSA, and the Gartner Magic Quadrant for Application Security Testing. We mentioned the link to OWASP Proactive Controls to review the draft and suggest updates. The post Proactive Controls, AppSec USA, and Gartners MQ on AppSec Testing (S02E10) – Application Security PodCast appeared first on Security Journey Podcasts.

The OWASP Top Ten Proactive Controls Project is spearheaded by Jim Bird and Jim Manico. According to Jim Bird, it is a list of security techniques that should be included in every software development project. I spoke with him about the evolution of the project and how he envisions it being used by the OWASP community, and specifically by developers. Resources for this Broadcast OWASP Top Ten Proactive Controls Project Jim Bird on LinkedIn About Jim Bird Jim Bird is a software development manager and CTO with more than 25 years of experience in software engineering, with a special focus on high-integrity and high-reliability systems. Jim is currently the co-founder and CTO of a major US-based institutional trading service, where he is responsible for managing the company’s technology group and IT security programs. Jim has worked as a consultant to IBM and to major stock exchanges and banks globally. He was also the CTO of a technology firm (now part of NASDAQ OMX) that built custom IT solutions for stock exchanges and central banks in more than 30 countries. Jim is an active contributor to OWASP, helps out as a member of the SANS Analysts program on application security, and rants about Agile software development, project management and application security topics on his blog “Building Real Software.