• Summary

  • Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.
    Attribution-Noncommercial-Share Alike 2.5 Generic
    Show more Show less
Episodes
  • Sep 27 2022

    Applications are the most frequent external attack vector for companies. However, application security can improve only if developers either code securely or remediate existing security flaws — unfortunately, many don’t receive training with proper security know-how. In this session, we will talk about the state of application security education and what you can do to secure what you sell.

    Segment Resources: - https://www.forrester.com/blogs/school-is-in-session-but-appsec-is-still-on-vacation/?ref_search=3502061_1663615159889 https://www.wisporg.com/events-calendar/2022/11/8/security-amp-risk-conference-forrester https://www.veracode.com/events/hacker-games https://blogs.microsoft.com/blog/2021/10/28/america-faces-a-cybersecurity-skills-crisis-microsoft-launches-national-campaign-to-help-community-colleges-expand-the-cybersecurity-workforce/

    Wiz reveals authorization bypass in Oracle Cloud, Python 15-year old path traversal flaw, Prototype Pollution in Chrome, PS4 flaw reappears in PS5, Why security products fail

    Visit https://www.securityweekly.com/asw for all the latest episodes!

    Follow us on Twitter: https://www.twitter.com/secweekly

    Like us on Facebook: https://www.facebook.com/secweekly

    Show Notes: https://securityweekly.com/asw213

    Show more Show less
    1 hr and 23 mins
  • Sep 20 2022

    Appsec places a lot of importance on secure SDLC practices, API security, integrating security tools, and collaborating with developers. What does this look like from a developer's perspective? We'll cover API security, effective ways to test code, and what appsec teams can do to help developers create secure code.

    This segment is sponsored by ThreatX. Visit https://securityweekly.com/threatx to learn more about them!

     

    Appsec dimensions of the Uber breach, Rust creates a security team, MiraclePtr addresses C++ heap mistakes for Chrome, a critical reading of the NSA/CISA Supply Chain guidance, talking about careers

     

    Visit https://www.securityweekly.com/asw for all the latest episodes!

    Follow us on Twitter: https://www.twitter.com/secweekly

    Like us on Facebook: https://www.facebook.com/secweekly

     

    Show Notes: https://securityweekly.com/asw212

    Show more Show less
    1 hr and 22 mins
  • Sep 13 2022

    Go releases their own curated vuln management resources, OSS-Fuzz finds command injection, Microsoft gets rid of Basic Auth in Exchange, NSA provides guidance on securing SDLC practices, reflections on pentesting, comments on e2e

     

    Shifting left has been a buzzword in the application security space for several years now, and with good reason – making security an integral part of development is the only practical approach for modern agile workflows. But in their drive to build security testing into development as early as possible, many organizations are neglecting application security in later phases and losing sight of the big picture. In this talk, Invicti’s Chief Product Officer Sonali Shah discusses the challenges and misunderstandings around shifting left, and provides tips on how organizations can implement web application security program without tradeoffs throughout the whole application security lifecycle.

    This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!

     

    Visit https://www.securityweekly.com/asw for all the latest episodes!

    Follow us on Twitter: https://www.twitter.com/secweekly

    Like us on Facebook: https://www.facebook.com/secweekly

     

    Show Notes: https://securityweekly.com/asw211

    Show more Show less
    1 hr and 18 mins

What listeners say about Application Security Weekly (Audio)

Average Customer Ratings

Reviews - Please select the tabs below to change the source of reviews.

.