Rapid Threat Model Prototyping Process (S04E26)
On this episode, Chris and Robert are joined by Geoff Hill to talk about Rapid Threat Model Prototyping Process.
You can find Geoff on Twitter @Tutamantic_Sec
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Running Azure Securely (S04E25)
On this episode, Chris and Robert are joined by Bill Wilder to talk about Running Azure Securely.
You can find Bill on Twitter @codingoutloud
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
OWASP Glue (S04E24)
On this episode, Chris and Robert are joined by Matt Konda to talk about what Glue is.
You can find Matt on Twitter @mkonda
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
AppSec in Israel and Three Talks to watch from AppSec USA(S04E23)
On this episode, Chris is joined by Josh Grossman, Avi Douglen, and Ofer Maor at AppSec USA. They discuss the AppSec group in Israel and a few important talks you should watch from AppSec USA this year.
You can find Josh on Twitter @JoshCGrossman
You can find Avi on Twitter @sec_tigger
You can find Ofer on Twitter @OferMaor
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
OWASP IoT Top 10 (S04E22)
On this episode, Chris and Robert are joined by Daniel Miessler to talk about the upcoming Top 10 list for IoT.
You can find Daniel on Twitter @DanielMiessler
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
SecOps Makes Developers Lives Easier (S04E21)
On this episode, Chris is joined by Travis McPeak to talk about SecOps and the ways it can help make a developers life easier.
You can find Travis on Twitter @travismcpeak
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Security Culture Hacking: Disrupting the Security Status Quo (S04E20)
On this week, we listen in on the #AppSecUSA talk by Chris about Security Culture Hacking.
You can find Chris on Twitter @edgeroute
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
The Extremely Unabridged History of SQLi and XSS(S04E19)
On this episode, Jim Manico joins again to talk about the ways that AppSec has changed over the years and give us an in-depth look at the history of SQL Injection and XSS.
You can find Jim on Twitter @manicode
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
The History of OWASP (S04E18)
On this episode, Chris talks with Jeff Williams about the History of OWASP and where it came from.
You can find Jeff on Twitter @planetlevel
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
The Joy of the Vulnerable Web: JuiceShop(S04E17)
Bjorn Kimminich joins to talk about JuiceShop on this weeks episode. He dives into what JuiceShop is and some of the use cases for it.
You can find Bjorn on Twitter @bkimminich
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
iGoat and iOS Mobile Pen Testing (S04E16)
On this episode, Chris is at AppSec USA and is joined by Swaroop to talk about iGoat. They discuss how iGoat relates to WebGoat and how they can be used for pen testing.
You can find Swaroop on Twitter @swaroopsy
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Two Sides to a Bug Bounty: The Researcher and The Program (S04E15)
On this episode, Chris and Robert talk with Adam and John from HackerOne about Bug Bounty. They dive into bug bounty from the programming side and the security researcher side to show how you can put these pieces together to be successful with bug bounty.
You can find Adam on Twitter @SushiHack and Jon @jon_bottarini
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
What You Require, You Must Also Retire (S04E14)
Chris talks with Erlend Oftedal about what the Norway Chapter of OWASP and continues on into what retire.js is and how it works.
You can find Erlend on Twitter @webtonull
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Threat Modeling as Code (S04E13)
Abhay Bhargav joins Robert this week to talk about threat modeling as code. He dives into how this can help you in your own threat models.
You can find Abhay on Twitter @abhaybhargav
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Threat Libraries in the Cloud (S04E12)
Tony UV joins Robert on this weeks episode to discuss all things threat libraries in the cloud.
You can find Tony on Twitter @t0nyuv
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Chaos Engineering and #AppSec (S04E11)
On this episode, Chris and Robert talk to Aaron Rinehart about how the security community can embrace chaos engineering.
You can find Aaron on Twitter @aaronrinehart
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
WIA: Women in #AppSec (S04E10)
On this episode, Chris is joined by Jessie and Vandana from Women in #AppSec to discuss the project! They dive in what the project is and how the numerous OWASP Chapters around the world can participate!
You can find them on Twitter @InfosecVandana and @jessrobin96
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
A Conversation with Karen (S04E09)
This week we’re joined by Karen Staley, the Executive Director of the OWASP Foundation. She dives into what’s happening on OWASP and what we can be looking forward to in the future.
You can find her on Twitter @owasped
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Back to the Lab Again with a DevOps (S04E08)
Mohammed Imran joins to discuss the DevSecOps Studio and more about the wonderful world of DevOps.
You can find him on Twitter @secfigo
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
A Slice of the Razor with ASP.Net Core (S04E07)
On this week, Niels Tanis joins to talk about Razor and ASP.Net Core versus General.
You can find Niels on Twitter @nielstanis
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
A Pen Testers Transition to #AppSec: #VoteForOfer (S04E06)
On this week’s episode, Chris is joined by Ofer Maor to talk about his journey about transitioning into the world of #AppSec from the world of Pen Testing.
You can find him on Twitter @OferMaor
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
#AppSec Pipeline as Toolbox (S04E05)
This week, we’re joined by Matt Tesauro, a co-lead for the AppSec Pipeline Project. He explains how they began building this project and some ways for you to start using this in your organization.
You can find Matt on Twitter @matt_tesauro
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Threat Modeling with a bit of #Startup (S04E04)
Stephen de Vries joins to discuss Threat Modeling and the unique approach that he takes by using tooling. We also discuss application security and startups.
You can find Stephen on Twitter @stephendv
Stephen is the CEO of Continuum Security. You can visit them on the web to find out more about their tool based solution for threat modeling and requirements management.
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
Securing DevOps (S04E03)
On this episode, Julien Vehent joins to discuss all things DevOps + Security. We talk through Julien’s new book, Securing DevOps and go in depth as to the journey he went through building security into DevOps at his job.
You can find Julien on Twitter @jvehent
The folks over at Manning Publications have also given a 40% discount on ALL their products to anyone who uses the AppSec Podcast specific discount code.
Discount Code: appsecpodcast18
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
CRS and an Abstraction Layer (S04E02)
Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more.
You can find Christian on Twitter @ChrFolini.
OWASP ModSecurity Core Rule Set
Podcast: Play in new window | Download
Subscribe: Apple Podcasts | Google Podcasts | Spotify | iHeartRadio | Stitcher | Email | TuneIn | RSS | More
