12 subscribers
התחל במצב לא מקוון עם האפליקציה Player FM !
פודקאסטים ששווה להאזין
בחסות


1 You Are Your Longest Relationship: Artist DaQuane Cherry on Psoriasis, Art, and Self-Care 32:12
Ep. 102: Intro to Web Security Policies
Manage episode 210353457 series 1304632
In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation.
Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03
Link to form to create the file: https://securitytxt.org/
Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/
For more info go to https://www.developsec.com or follow us on twitter (@developsec).
Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
For more info go to https://www.developsec.com or follow us on X (@developsec).
The DevelopSec podcast is brought to you by Jardine Software Inc.
128 פרקים
Manage episode 210353457 series 1304632
In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation.
Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03
Link to form to create the file: https://securitytxt.org/
Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/
For more info go to https://www.developsec.com or follow us on twitter (@developsec).
Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
For more info go to https://www.developsec.com or follow us on X (@developsec).
The DevelopSec podcast is brought to you by Jardine Software Inc.
128 פרקים
כל הפרקים
×

1 Ep. 122: Integrating Security Responsibilities into Development 18:04

1 Ep. 121 - Evolving Ransomware: Unique Tactics for Payment 17:44

1 Ep. 120: Addressing Root Cause - Vulnerable Components 16:30


1 Ep. 118: Log4J Sparking Thought on Vulnerable Components 24:27

1 Ep. 117: How Browsers are Helping with Security 13:49

1 Ep. 116: Chrome Retires XSS Auditor 14:07


1 Ep. 114: Investing in People for Better Application Security 24:37

1 Ep. 113: What is your mother's maiden name? 21:00

1 Ep. 112: Application Fingerprinting 21:04




1 Ep. 108: Dunkin Donuts Breach, Maybe?? 18:25


1 Ep. 106: Facebook Breach Take-aways and Insights 31:18

1 Ep. 105: Interview with Eric Johnson 57:11

1 Ep. 104: Securing Devops with Julien Vehent 45:07

1 Ep. 103: Is 3rd Party Authentication Right For Your Application? 18:16

1 Ep. 102: Intro to Web Security Policies 16:41

1 Ep. 101: You're not always right and that is ok 20:58

1 Ep. 100: Choosing Security Tools 26:36

1 Ep. 99: Shifting Left in the SDLC 19:56


1 EP. 97: Gmail / Netflix Potential Scam 18:27

1 Ep. 96: Security Flaws as Defects 27:35

1 Ep. 95: MyFitnessPal Breach Take-Aways 18:24




1 DevelopSec Podcast #91 - OWASP Top 10 2017 Thoughts 28:45

1 Ep. 90: 5 Steps to Help Secure Your Database 44:12


1 Ep. 88: Meteor Security with Tim Medin 42:33

1 Ep. 87: Apple Sign-in Bug Take-Aways 24:20

1 Ep. 86: Vulnerable 3rd Party Components 18:34


1 Ep. 84: Understanding the Technology 23:30



1 Ep. 81: JavaScript in HREF and SRC (XSS) 20:20

1 Ep. 80: Understanding Security of Your Platforms 19:35

1 Ep. 79: Marketing with USB Drives 15:40

1 Ep. 78: MySpace Lessons - Looking At Account Recovery 19:14

1 Ep. 77: Interactive Application Security Testing 14:47

1 Ep. 76: Validation - Client vs. Server 13:09


1 Ep. 74: Audio Driver Key Logger Lessons Learned 16:25

1 Ep. 73: Identity with Vittorio Bertocci 30:26

1 Ep. 72: Where to Perform Output Encoding 13:37


1 Ep. 70: Considering security when selecting an application platform 21:02

1 Ep. 69: Concurrent User Sessions 21:23

1 Ep. 68: How the AWS disruption can help us 15:22



1 Ep. 65: Security Questions: Good or Bad? 18:07

1 Ep. 64: Using Stolen Passwords to Protect User Accounts 14:27

1 Ep. 63: Remember Me Feature: Security Considerations 15:06

1 Ep. 62: MongoDB Ransomware Attacks 13:53

1 Ep. 61: Multi-factor Authentication 17:24


1 Ep. 59: All About Cookie Protection 23:06




1 Ep. 55: Scoping an application security assessment (Applications) 12:03


1 Ep. 53: Chrome Changing Secure Notifications 17:09


1 Ep. 52: Importance of UI to Security 11:37


1 Ep. 50: How Serious is Username Enumeration 23:06

1 Ep. 49: Should Password Change Invalidate Access Tokens? 16:13

1 Ep. 48: Pokemon Go Security Discussions 18:58

1 Ep. 47: Account Lockouts and auto-unlock 10:54




1 Ep. 43: Reflecting on Current AppSec Training 22:01

1 Ep. 42: The Need for Better Secure Code Examples 21:38

1 Ep. 41: Why You Need an Application Inventory 18:21

1 Ep. 40: Getting More Value from Pen Tests 16:48


1 Ep. 38: Static Analysis: Tips for Successful Program 39:14


1 Ep. 36: Intro to Cross Site Request Forgery (CSRF) 23:46

1 Ep. 35: An Introduction to Open Redirects 17:05


1 Ep. 33: Holiday Gift Security Considerations 18:38

1 Ep. 32: Dynamic Analysis: An Overview 22:27

1 Ep. 31: Response Splitting and Header Injection 18:40




1 Ep. 30: HTTP Strict Transport Security (HSTS): Intro 14:41

1 Ep. 29: FTC Start with Security Guidelines 24:58

1 Ep. 28: What is Penetration Testing 20:45

1 Ep. 27: Importance of Security for BA and PM 15:54

1 Ep. 26: The Importance of Security for QA 22:20

1 Ep. 25: Static Analysis: Analyzing the Options 17:09

1 Ep. 24: The Importance of Baselines 14:44

1 Ep. 23: 3rd Party CMS Security Thoughts 21:35

1 Ep. 22: Black lists vs. White Lists 16:35

1 Ep. 21: Sensitive Data and Storage 19:59



1 Ep. 18: Planning for an Assessment 18:56



1 Ep. 15: Security Testing - QA can do this!! 23:36

1 Ep. 14: Input Validation and Output Encoding 13:22

1 Ep. 13: Introduction to Cross Site Scripting 14:57

1 DS: Ep 12: Ebay hacked. All about Cookies 19:56

1 Ep. 11: Not your Grandpa's Phishing 14:57


1 Ep. 9: Windows XP and HeartBleed 12:05








1 Ep. 1: Introduction to the Podcast 20:03
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.