Izar Tarandach is a threat modeling pioneer, seen as one of the movers and shakers in the threat modeling world. Izar leads a small team that develops the pytm tool, which is self-described as a “A Pythonic framework for threat modeling”. The GitHub page goes on to say define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram (DFD), a Sequence Diagram and most important of all, threats to your system.
Simon Bennetts is the project leader for OWASP ZAP. Simon joined Robert at CodeMash to talk about the origin of ZAP, the new heads up display, and ZAP API.
ZAP is an OWASP FlagShip Project and is available here: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
Robert meets up with Bill Sempf at the CodeMash conference and discusses how to grow AppSec people. Developers can transform into application security people. They also cover how to inspire the next generation of cybersecurity people (kids) through the example of KidzMash.
Georgia Weidman (@georgiaweidman) met with Robert at CodeMash to discuss her origin story, mobile, IoT, penetration testing, and details about her various companies.
If you’ve never seen Georgia’s book on penetration testing, we recommend you grab a copy. http://www.nostarch.com/pentesting
To sign up for the <Hi/5> newsletter mentioned at the start of this week’s show, visit https://podcast.securityjourney.com/hi5
On this episode, Chris is joined by Josh Grossman, Avi Douglen, and Ofer Maor at AppSec USA. They discuss the AppSec group in Israel and a few important talks you should watch from AppSec USA this year.
You can find Josh on Twitter @JoshCGrossman
You can find Avi on Twitter @sec_tigger
You can find Ofer on Twitter @OferMaor
On this week, we listen in on the #AppSecUSA talk by Chris about Security Culture Hacking.
You can find Chris on Twitter @edgeroute
On this episode, Jim Manico joins again to talk about the ways that AppSec has changed over the years and give us an in-depth look at the history of SQL Injection and XSS.
You can find Jim on Twitter @manicode
On this episode, Chris and Robert talk with Adam and John from HackerOne about Bug Bounty. They dive into bug bounty from the programming side and the security researcher side to show how you can put these pieces together to be successful with bug bounty.
Ready to Discover the Latest in AppSec?
The Best Part? It’s Free to Listen!
Or subscribe with your favorite app by using the address below: