DevelopSec: Developing Security Awareness

DevelopSec: Developing Security Awareness
By James Jardine
About this podcast
Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.
Latest episodes
yesterday
In this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not. Links: OWASP Dependancy Check - https://www.owasp.org/index.php/OWASP_Dependency_Check GitHub Blog - https://github.com/blog/2470-introducing-security-alerts-on-github RetireJS - https://retirejs.github.io/retire.js/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Nov. 17, 2017
In this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this information can be used in your personal technology use, not just in development.   For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel.  Email [email protected] for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Oct. 31, 2017
You know your development language and platform, but do you really know the ins and outs of web application technology? How well do you know HTTP, HTML, etc? James talks about a few scenarios where really understanding how the technologies works helps better understand vulnerability risks. For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel.  Email [email protected] for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Oct. 18, 2017
In this episode, James talks about authorization and some common areas where it poses a risk. He also goes over some techniques to help test authorization.   For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel.  Email [email protected] for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Sept. 29, 2017
The Equifax breach was a major news story. James talks about some of the security controls mentioned and how to start a conversation within your organization about them.  Want to listen on YouTube?  Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Sept. 18, 2017
We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags.  James talks about this unique ability and how to protect your applications from it.  The related blog post for this can be found at https://www.developsec.com/2017/09/06/javascript-in-an-href-or-src-attribute/ Want to listen on YouTube?  Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
Aug. 23, 2017
We use a lot of platforms and frameworks when we develop an application. These platforms may provide security features, but do you know which ones? James talks about the importance of understanding your platforms and what to consider. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.  
July 31, 2017
James talks about the risk of USB thumb drives and their risk using the recent BCBS marketing campaign as an example. (http://www.fiercehealthcare.com/privacy-security/bcbs-alabama-re-evaluates-usb-marketing-campaign-amid-security-concerns).   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact ustoday to see how we can help.  
July 24, 2017
James talks about a recent vulnerability report regarding MySpace's Account Recovery system (https://www.wired.com/story/myspace-security-account-takeover/).  He talks about considerations around account recovery and the need to revisit this type of functionality on a regular basis. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact ustoday to see how we can help.
July 7, 2017
In this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach that is similar to both dynamic and static analysis. Listen in to learn more about it. The video version of this can be found at https://youtu.be/KHSlDletm9I For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email [email protected] for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
About Listen Notes
Podcast search engine with 407,969 podcasts and 23,799,013 episodes. Built by a one-person team. Learn more.
Want to support Listen Notes?
Follow us
Monthly updates via email (past issues)