Developsec: Developing Security Awareness

  • Author: Vários
  • Narrator: Vários
  • Publisher: Podcast
  • Duration: 42:36:20
  • More information

Informações:

Synopsis

A family friendly show about security awareness. Topics include developer security, and security awareness in general.

Episodes

  • Ep. 104: Securing Devops with Julien Vehent

    30/08/2018 Duration: 45min

    James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world.  Julien (@jvehent) is a security architect and engineering manager with over 15 years of experience in large organizations and web companies. He is currently responsible for the operational security of Firefox's backend infrastructure at Mozilla, and is the author of Securing DevOps. Check out the book (Securing DevOps) at https://www.manning.com/books/securing-devops Special 40% discount code for Developsec listeners: poddevelopsec18 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 103: Is 3rd Party Authentication Right For Your Application?

    16/08/2018 Duration: 18min

    The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd party to authenticate your users. While this cuts a lot of work out of your development time, it is important to understand the pros and cons to each method. James talks through some of these risks to help better understand which method might be right for you.   Links from show: Ep. 92: 2-Factor Authentication - http://podcast.developsec.com/ep-92-2-factor-authentication Ep. 61: Multi-factor Authentication - http://podcast.developsec.com/ep-61-multi-factor-authentication Ep. 39: Authentication - http://podcast.developsec.com/ep-39-authentication Ep. 2: All About Passwords - http://podcast.developsec.com/ep-1-all-about-passwords Ep. 73: Identity with Vittorio Bertocci - http://podcast.developsec.com/ep-73-identity-with-vittorio-bertocci   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our s

  • Ep. 102: Intro to Web Security Policies

    26/06/2018 Duration: 16min

    In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation. Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03 Link to form to create the file: https://securitytxt.org/ Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/ For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel.  Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 101: You're not always right and that is ok

    18/06/2018 Duration: 20min

    In this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn too. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 100: Choosing Security Tools

    07/06/2018 Duration: 26min

    In this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify security issues within our applications. The trick is to learn to identify which ones make the most sense for your environment.   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 99: Shifting Left in the SDLC

    30/05/2018 Duration: 19min

    In this episode, James talks about what it means to shift left in the SDLC.  For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 98: Efail and News Hype

    15/05/2018 Duration: 18min

    In this episode we talk about efail and the HYPE around security news.    For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is brought to you by Jardine Software Inc.

  • EP. 97: Gmail / Netflix Potential Scam

    23/04/2018 Duration: 18min

    ** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. For schedules and information check out https://www.jardinesoftware.com/fundamentals-of-application-security/ ** In this episode, James shares his thoughts on an interesting scam potential was brought up regarding Gmail and Netflix. A lot of the discussion is on a unique Gmail feature most haven't heard of. James breaks this down in this episode. The original story was shared at  https://www.theregister.co.uk/2018/04/10/gmail_netflix_phishing_vector/   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 96: Security Flaws as Defects

    16/04/2018 Duration: 27min

    In this episode we talk about treating security flaws as defects and embedded vs. built-in security. Do you treat security flaws differently? What barriers does that create?   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 95: MyFitnessPal Breach Take-Aways

    09/04/2018 Duration: 18min

    In this episode we talk about the MyFitnessPal breach and some of the key points that we as developers, security, and users can take away from it.   Tweet with Graph of Largest Breaches mentioned: https://twitter.com/EricTopol/status/979556839015661568   Link to article about the breach: https://www.cnet.com/news/millions-of-myfitnesspal-accounts-hacked-under-armour-says/   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 94: Penetration Testing

    02/04/2018 Duration: 26min

    In this episode we talk about penetration testing and what you need to know to get the most out of the activity. Tune in to hear some of our thoughts on the topic.   To take the training course survey go to https://forms.office.com/Pages/ResponsePage.aspx?id=dUTTGKfrY0SMJRLyejG00DrfDtlb8W5HpqoXHgPDektUNDgxVU9SNlVRNVhXMTY4UUxSU041MFVWTC4u   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 93: Code Review

    09/03/2018 Duration: 25min

    In this episode we talk about secure code review with a mention of static analysis. Do you know the difference? What is the issue of doing one over the other, or just outright replacing actual code review with static analysis? Tune in to hear some of our thoughts on the topic.   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 92: 2-Factor Authentication

    06/03/2018 Duration: 21min

    In this episode James talks about 2-factor authentication, why we use it, and maybe why we don't. Is your 2-factor implementation getting in your way? The DevelopSec YouTube Channel - https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • DevelopSec Podcast #91 - OWASP Top 10 2017 Thoughts

    09/02/2018 Duration: 28min

    The new OWASP Top 10 2017 is out. We look at some of the changes and how you can effectively use the list to better your security program.   We are also launching a new DevelopSec Live broadcast. To check out the first episode, go to https://www.youtube.com/watch?v=kfDuxwFScOE (The first 2 minutes are just a place holder as I was starting, feel free to skip those.  That will go away in future episodes).   The DevelopSec YouTube Channel - https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 90: 5 Steps to Help Secure Your Database

    16/01/2018 Duration: 44min

    James sits down with Perry Krug, from Couchbase to discuss some important steps to take to secure your database.   Perry Krug - https://twitter.com/perrykrug Couchbase - https://twitter.com/couchbase Couchbase - https://www.couchbase.com/ CouchbaseSecurity Documents - https://developer.couchbase.com/documentation/server/current/security/security-intro.html   For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 89: New Year's Resolutions

    04/01/2018 Duration: 18min

    Welcome to 2018! Another year down and time for many of us to start making promises to ourselves of things we will start doing in this new year. In this episode James talks about some lessons we should take from 2017 and ways to use them in 2018.    For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 88: Meteor Security with Tim Medin

    11/12/2017 Duration: 42min

    In this episode, James talks with Tim Medin regarding Meteor and security. If you develop with Meteor or have to test it, there is a lot of information packed in. More about Tim Medin (@timmedin): Red Seige website - https://www.redsiege.com/  Link to Meteor Minor and other tools Tim mentioned: https://github.com/nidem Tim Medin's Bsides Orlando 2017 Presentation - Tim Medin -  Mining Meteor B-Sides Orlando 2017 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 87: Apple Sign-in Bug Take-Aways

    01/12/2017 Duration: 24min

    You have heard about the Apple Sign-in Bug on High Sierra. Now lets talk about how we can use this example to better our current development processes to protect ourselves. Link to mentioned article: https://www.theguardian.com/technology/2017/nov/30/apple-macos-high-sierra-fix-breaks-file-sharing-password-security-flaw-emergency-patch For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.  

  • Ep. 86: Vulnerable 3rd Party Components

    23/11/2017 Duration: 18min

    In this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not. Links: OWASP Dependancy Check - https://www.owasp.org/index.php/OWASP_Dependency_Check GitHub Blog - https://github.com/blog/2470-introducing-security-alerts-on-github RetireJS - https://retirejs.github.io/retire.js/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel.  Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

  • Ep. 85: Open Redirect Revisited

    17/11/2017 Duration: 25min

    In this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this information can be used in your personal technology use, not just in development.   For more info go to https://www.developsec.com or follow us on twitter (@developsec).   Join the conversations.. join our slack channel.  Email james@developsec.com for an invitation.   DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

page 2 from 7