Player FM - Internet Radio Done Right
28 subscribers
Checked 8d ago
Lagt till ten år sedan
תוכן מסופק על ידי Jardine Software Inc.. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jardine Software Inc. או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
פודקאסטים ששווה להאזין
בחסות
C
Curated Questions: Conversations Celebrating the Power of Questions!
![Curated Questions: Conversations Celebrating the Power of Questions! podcast artwork](https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/32.jpg 32w, https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/64.jpg 64w, https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/128.jpg 128w, https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/256.jpg 256w, https://cdn.player.fm/images/55643642/series/AYrVRyvMkRPcJ4cC/512.jpg 512w)
![Curated Questions: Conversations Celebrating the Power of Questions! podcast artwork](/static/images/64pixel.png)
Episode Notes [03:47] Seth's Early Understanding of Questions [04:33] The Power of Questions [05:25] Building Relationships Through Questions [06:41] This is Strategy: Focus on Questions [10:21] Gamifying Questions [11:34] Conversations as Infinite Games [15:32] Creating Tension with Questions [20:46] Effective Questioning Techniques [23:21] Empathy and Engagement [34:33] Strategy and Culture [35:22] Microsoft's Transformation [36:00] Global Perspectives on Questions [39:39] Caring in a Challenging World Resources Mentioned The Dip by Seth Godin Linchpin by Seth Godin Purple Cow by Seth Godin Tribes by Seth Godin This Is Marketing by Seth Godin The Carbon Almanac This is Strategy by Seth Godin Seth's Blog What Does it Sound Like When You Change Your Mind? by Seth Godin Value Creation Masterclass by Seth Godin on Udemy The Strategy Deck by Seth Godin Taylor Swift Jimmy Smith Jimmy Smith Curated Questions Episode Supercuts Priya Parker Techstars Satya Nadella Microsoft Steve Ballmer Acumen Jerry Colonna Unleashing the Idea Virus by Seth Godin Tim Ferriss podcast with Seth Godin Seth Godin website Beauty Pill Producer Ben Ford Questions Asked When did you first understand the power of questions? What do you do to get under the layer to really get down to those lower levels? Is it just follow-up questions, mindset, worldview, and how that works for you? How'd you get this job anyway? What are things like around here? What did your boss do before they were your boss? Wow did you end up with this job? Why are questions such a big part of This is Strategy? If you had to charge ten times as much as you charge now, what would you do differently? If it had to be free, what would you do differently? Who's it for, and what's it for? What is the change we seek to make? How did you choose the questions for The Strategy Deck? How big is our circle of us? How many people do I care about? Is the change we're making contagious? Are there other ways to gamify the use of questions? Any other thoughts on how questions might be gamified? How do we play games with other people where we're aware of what it would be for them to win and for us to win? What is it that you're challenged by? What is it that you want to share? What is it that you're afraid of? If there isn't a change, then why are we wasting our time? Can you define tension? What kind of haircut do you want? How long has it been since your last haircut? How might one think about intentionally creating that question? What factors should someone think about as they use questions to create tension? How was school today? What is the kind of interaction I'm hoping for over time? How do I ask a different sort of question that over time will be answered with how was school today? Were there any easy questions on your math homework? Did anything good happen at school today? What tension am I here to create? What wrong questions continue to be asked? What temperature is it outside? When the person you could have been meets the person you are becoming, is it going to be a cause for celebration or heartbreak? What are the questions we're going to ask each other? What was life like at the dinner table when you were growing up? What are we really trying to accomplish? How do you have this cogent two sentence explanation of what you do? How many clicks can we get per visit? What would happen if there was a webpage that was designed to get you to leave? What were the questions that were being asked by people in authority at Yahoo in 1999? How did the stock do today? Is anything broken? What can you do today that will make the stock go up tomorrow? What are risks worth taking? What are we doing that might not work but that supports our mission? What was the last thing you did that didn't work, and what did we learn from it? What have we done to so delight our core customers that they're telling other people? How has your international circle informed your life of questions? What do I believe that other people don't believe? What do I see that other people don't see? What do I take for granted that other people don't take for granted? What would blank do? What would Bob do? What would Jill do? What would Susan do? What happened to them? What system are they in that made them decide that that was the right thing to do? And then how do we change the system? How given the state of the world, do you manage to continue to care as much as you do? Do you walk to school or take your lunch? If you all can only care if things are going well, then what does that mean about caring? Should I have spent the last 50 years curled up in a ball? How do we go to the foundation and create community action?…
DevelopSec: Developing Security Awareness
סמן הכל כלא נצפה...
Manage series 72536
תוכן מסופק על ידי Jardine Software Inc.. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jardine Software Inc. או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.
…
continue reading
126 פרקים
סמן הכל כלא נצפה...
Manage series 72536
תוכן מסופק על ידי Jardine Software Inc.. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jardine Software Inc. או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.
…
continue reading
126 פרקים
כל הפרקים
×D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 122: Integrating Security Responsibilities into Development 18:04
18:04
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי18:04![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
In this episode I talk about assigning responsibility for secure development and how the dev and security teams should be working together to accomplish a common goal. I also discuss the importance of updating developer job descriptions and creating an expectation around developers having secure development experience. For more info go to https://www.developsec.com or follow us on X (@developsec).…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 121 - Evolving Ransomware: Unique Tactics for Payment 17:44
17:44
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי17:44![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
In this episode I talk about the evolving world of ransomware. I discuss a few examples of unique tactics the malicious actors are using to put pressure on organizations to pay the ransom. Referenced Articles: https://www.theregister.com/AMP/2024/04/30/finnish_psychotherapy_center_crook_sentenced/ https://www.darkreading.com/cyber-risk/hackers-weaponize-sec-disclosure-rules-against-corporate-targets https://www.theregister.com/2024/01/05/swatting_extorion_tactics/ For more info go to https://www.developsec.com or follow us on X (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 120: Addressing Root Cause - Vulnerable Components 16:30
16:30
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי16:30![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Transcript: In this episode, James talks about root cause analysis versus treating the symptoms. Tackling the challenge to integrate security into the development process, looking for insights, answers and practical solutions to avoid getting overwhelmed. Welcome to the develop SEC podcast where our focus is your success in securing and improving development processes. And here's your host, James Jardine. Hey, everyone, welcome back to the show. Today, I want to talk about addressing the symptoms versus addressing the root problem. And I think in application security, or when we talk about secure development, this is something where a lot of times we address the symptoms, but we never really take the step back to address the actual root cause of what's causing those symptoms. And today, I want to actually talk about vulnerable third party components. This is something that has been kind of brought to the attention a lot more in the past few years, made it into the OWASP, top 10. And it's something I think everybody struggles with, we never know when we'll have a vulnerable third party component, because until somebody actually identifies a vulnerability, we just assume that we're good. And then on top of that, if there is a vulnerability identified, then we also run the chances that we're probably not even using that feature. So vulnerable third party components are a really interesting aspect, when we think about secure development. Because there is a lot of unknowns, we may know that there's a vulnerability there. But the actual knowledge of do we use that piece and are we vulnerable, can be difficult, which, in the end, ends up adding a whole bunch of extra work and a whole lot of time for us to try to figure this out and address this stuff. And so this is where I talk about addressing the symptoms. In this case, in a lot of places, what we do is we address that symptom, we know that there's an issue of vulnerable third party components, right, that's the symptom, we have a vulnerable third party component. And so most places have some sort of process in place where we're going to identify these right, we're going to scan them all the time, whether using some of the common commercial tools, maybe you're using a free open source tool. But basically, the way it goes is I'm going to scan my repos or I'm going to scan my packages, and I'm going to look for all the dependencies, and then I'll look at their dependencies, and we'll see if there's any known vulnerable components within these right. And that requires having some sort of CVE out there that says, hey, somebody has found this, they've reported it, I remember requiring this to be a rep…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
In this episode we talk about the spell check feature of the browser and how it could present a risk to sensitive data. Link to article referenced: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 118: Log4J Sparking Thought on Vulnerable Components 24:27
24:27
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי24:27![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vulnerable? If so, what needs to be done? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 117: How Browsers are Helping with Security 13:49
13:49
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי13:49![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Chrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is coming up fast. I wrote about this here: https://www.jardinesoftware.net/2019/10/28/samesite-by-default-in-2020/ Also, they are getting ready to start blocking mixed content downloads: https://blog.chromium.org/2020/02/protecting-users-from-insecure.html For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 116: Chrome Retires XSS Auditor 14:07
14:07
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי14:07![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
It was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a developer? https://www.chromium.org/developers/design-documents/xss-auditor For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 114: Investing in People for Better Application Security 24:37
24:37
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי24:37![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
In this episode, James talks about investing in the development teams to increase application security priorities. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 113: What is your mother's maiden name? 21:00
21:00
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי21:00![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
In this episode, James talks about some of the risks and recommendations around security questions and their implementation. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 112: Application Fingerprinting 21:04
21:04
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי21:04![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
Does your application give away details about it server, framework, or other components? How is this information used by an attacker? Check out this episode to learn more. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
Would you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credential stuffing, there must be a way to be alerted to account access. James talks about authentication alerts, what they are, and why you may want to use them. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
James discusses how implementation matters with security controls and how it changes priorities. This came about after reading the following story: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
I talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previous year and goals. I also talk about some new training I am providing. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.…
D
DevelopSec: Developing Security Awareness
![DevelopSec: Developing Security Awareness podcast artwork](/static/images/64pixel.png)
1 Ep. 108: Dunkin Donuts Breach, Maybe?? 18:25
18:25
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתי18:25![icon](https://imagehost.player.fm/icons/general/red-pin.svg)
In this episode James talk about the Dunkin Donuts Perks breach. This is an interesting situation as the accounts were access using the victim's username and password found from another data breach. The issue: Password Reuse. Could D&D have prevented this? Listen in to hear my thoughts. Please feel free to share your thoughts as well. Article from Today: https://www.today.com/food/dunkin-reveals-security-breach-here-s-what-it-may-mean-t144139 Dunkin Donuts Release: https://www.dunkindonuts.com/content/dam/dd/pdf/Security_Update.pdf For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.…
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.