DevelopSec: Developing Security Awareness

DevelopSec: Developing Security Awareness
By James Jardine
About this podcast
Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.
Latest episodes
Jan. 16, 2018
James sits down with Perry Krug, from Couchbase to discuss some important steps to take to secure your database.   Perry Krug - https://twitter.com/perrykrug Couchbase - https://twitter.com/couchbase Couchbase - https://www.couchbase.com/ CouchbaseSecurity Documents - https://developer.couchbase.com/documentation/server/current/security/security-intro.html   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email [email protected] for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Jan. 4, 2018
Welcome to 2018! Another year down and time for many of us to start making promises to ourselves of things we will start doing in this new year. In this episode James talks about some lessons we should take from 2017 and ways to use them in 2018.    For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email [email protected] for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Dec. 11, 2017
In this episode, James talks with Tim Medin regarding Meteor and security. If you develop with Meteor or have to test it, there is a lot of information packed in. More about Tim Medin (@timmedin): Red Seige website - https://www.redsiege.com/  Link to Meteor Minor and other tools Tim mentioned: https://github.com/nidem Tim Medin's Bsides Orlando 2017 Presentation - Tim Medin -  Mining Meteor B-Sides Orlando 2017 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Dec. 1, 2017
You have heard about the Apple Sign-in Bug on High Sierra. Now lets talk about how we can use this example to better our current development processes to protect ourselves. Link to mentioned article: https://www.theguardian.com/technology/2017/nov/30/apple-macos-high-sierra-fix-breaks-file-sharing-password-security-flaw-emergency-patch For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.  
Nov. 23, 2017
In this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not. Links: OWASP Dependancy Check - https://www.owasp.org/index.php/OWASP_Dependency_Check GitHub Blog - https://github.com/blog/2470-introducing-security-alerts-on-github RetireJS - https://retirejs.github.io/retire.js/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Nov. 17, 2017
In this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this information can be used in your personal technology use, not just in development.   For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel.  Email [email protected] for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Oct. 31, 2017
You know your development language and platform, but do you really know the ins and outs of web application technology? How well do you know HTTP, HTML, etc? James talks about a few scenarios where really understanding how the technologies works helps better understand vulnerability risks. For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel.  Email [email protected] for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Oct. 18, 2017
In this episode, James talks about authorization and some common areas where it poses a risk. He also goes over some techniques to help test authorization.   For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel.  Email [email protected] for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Sept. 29, 2017
The Equifax breach was a major news story. James talks about some of the security controls mentioned and how to start a conversation within your organization about them.  Want to listen on YouTube?  Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Sept. 18, 2017
We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags.  James talks about this unique ability and how to protect your applications from it.  The related blog post for this can be found at https://www.developsec.com/2017/09/06/javascript-in-an-href-or-src-attribute/ Want to listen on YouTube?  Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.