Episodes List

Izar Tarandach is a threat modeling pioneer, seen as one of the movers and shakers in the threat modeling world. Izar leads a small team that develops the pytm tool, which is self-described as a “A Pythonic framework for threat modeling”. The GitHub page goes on to say define your system in Python using the elements and properties described in the pytm framework. Based on your definition, pytm can generate, a Data Flow Diagram (DFD), a Sequence Diagram and most important of all, threats to your system.

Reach out to Izar on Twitter and visit the pytm GitHub page to download and try this tool out for yourself!

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Simon Bennetts is the project leader for OWASP ZAP. Simon joined Robert at CodeMash to talk about the origin of ZAP, the new heads up display, and ZAP API.

ZAP is an OWASP FlagShip Project and is available here: https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Robert meets up with Bill Sempf at the CodeMash conference and discusses how to grow AppSec people. Developers can transform into application security people. They also cover how to inspire the next generation of cybersecurity people (kids) through the example of KidzMash.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Georgia Weidman (@georgiaweidman) met with Robert at CodeMash to discuss her origin story, mobile, IoT, penetration testing, and details about her various companies.

If you’ve never seen Georgia’s book on penetration testing, we recommend you grab a copy. http://www.nostarch.com/pentesting

To sign up for the <Hi/5> newsletter mentioned at the start of this week’s show, visit https://podcast.securityjourney.com/hi5

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Here it is. The finale of season four. Thanks to everyone who listens in and remember, if there’s any people you want us to interview on the podcast, tweet at us @AppSecPodcast

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris and Robert are joined by Geoff Hill to talk about Rapid Threat Model Prototyping Process.

You can find Geoff on Twitter @Tutamantic_Sec

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris and Robert are joined by Bill Wilder to talk about Running Azure Securely.

You can find Bill on Twitter @codingoutloud

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris and Robert are joined by Matt Konda to talk about what Glue is.

You can find Matt on Twitter @mkonda

OWASP Glue

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris is joined by Josh Grossman, Avi Douglen, and Ofer Maor at AppSec USA. They discuss the AppSec group in Israel and a few important talks you should watch from AppSec USA this year.

You can find Josh on Twitter @JoshCGrossman

You can find Avi on Twitter @sec_tigger

You can find Ofer on Twitter @OferMaor

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris and Robert are joined by Daniel Miessler to talk about the upcoming Top 10 list for IoT.

You can find Daniel on Twitter @DanielMiessler

IoT Project

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris is joined by Travis McPeak to talk about SecOps and the ways it can help make a developers life easier.

You can find Travis on Twitter @travismcpeak

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this week, we listen in on the #AppSecUSA talk by Chris about Security Culture Hacking.

You can find Chris on Twitter @edgeroute

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Jim Manico joins again to talk about the ways that AppSec has changed over the years and give us an in-depth look at the history of SQL Injection and XSS.

You can find Jim on Twitter @manicode

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris talks with Jeff Williams about the History of OWASP and where it came from.

You can find Jeff on Twitter @planetlevel

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Bjorn Kimminich joins to talk about JuiceShop on this weeks episode. He dives into what JuiceShop is and some of the use cases for it.

You can find Bjorn on Twitter @bkimminich

JuiceShop’s Twitter

JuiceShop Demo

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris is at AppSec USA and is joined by Swaroop to talk about iGoat. They discuss how iGoat relates to WebGoat and how they can be used for pen testing.

You can find Swaroop on Twitter @swaroopsy

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris and Robert talk with Adam and John from HackerOne about Bug Bounty. They dive into bug bounty from the programming side and the security researcher side to show how you can put these pieces together to be successful with bug bounty.

You can find Adam on Twitter @SushiHack and Jon @jon_bottarini

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Chris talks with Erlend Oftedal about what the Norway Chapter of OWASP and continues on into what retire.js is and how it works.

You can find Erlend on Twitter @webtonull

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Abhay Bhargav joins Robert this week to talk about threat modeling as code. He dives into how this can help you in your own threat models.

You can find Abhay on Twitter @abhaybhargav

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Tony UV joins Robert on this weeks episode to discuss all things threat libraries in the cloud.

You can find Tony on Twitter @t0nyuv

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris and Robert talk to Aaron Rinehart about how the security community can embrace chaos engineering.

You can find Aaron on Twitter @aaronrinehart

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this episode, Chris is joined by Jessie and Vandana from Women in #AppSec to discuss the project! They dive in what the project is and how the numerous OWASP Chapters around the world can participate!

You can find them on Twitter @InfosecVandana and @jessrobin96

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

This week we’re joined by Karen Staley, the Executive Director of the OWASP Foundation. She dives into what’s happening on OWASP and what we can be looking forward to in the future.

You can find her on Twitter @owasped

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

Mohammed Imran joins to discuss the DevSecOps Studio and more about the wonderful world of DevOps.

You can find him on Twitter @secfigo

DevSecOps Studio

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More

On this week, Niels Tanis joins to talk about Razor and ASP.Net Core versus General.

You can find Niels on Twitter @nielstanis

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Email | Google Podcasts | Stitcher | TuneIn | Spotify | RSS | More