This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Player FM - Internet Radio Done Right
12 subscribers
Checked 3M ago
הוסף לפני nine שנים
תוכן מסופק על ידי Jardine Software Inc.. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jardine Software Inc. או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
דומה לDevelopSec: Developing Security Awareness
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k
3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A podcast about web design and development.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k342
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
Daily Deals
פודקאסטים ששווה להאזין
בחסות
T
This Is Woman's Work with Nicole Kalil
1 The Icelandic Art of Intuition with Hrund Gunnsteinsdóttir | 307 40:34
40:34 
הפעל מאוחר יותר 
הפעל מאוחר יותר 
רשימות 
לייק 
אהבתי40:34
הפעל מאוחר יותר
הפעל מאוחר יותר
רשימות
לייק
אהבתיWe’ve turned intuition into a buzzword—flattened it into a slogan, a gut feeling, or a vague whisper we don’t always know how to hear. But what if intuition is so much more? What if it's one of the most powerful tools we have—and we’ve just forgotten how to use it? In this episode, I’m joined by Hrund Gunnsteinsdóttir , Icelandic thought leader, filmmaker, and author of InnSæi: Icelandic Wisdom for Turbulent Times . Hrund has spent over 20 years studying and teaching the science and art of intuition through her TED Talk, Netflix documentary (InnSæi: The Power of Intuition), and global work on leadership, innovation, and inner knowing. Together, we explore what intuition really is (hint: not woo-woo), how to cultivate it in a culture obsessed with logic and overthinking, and why your ability to listen to yourself might be the most essential skill you can develop. In This Episode, We Cover: ✅ Why we’ve misunderstood intuition—and how to reclaim it ✅ Practical ways to strengthen your intuitive muscle ✅ What Icelandic wisdom teaches us about inner knowing ✅ How to use intuition during uncertainty and decision-making ✅ Why trusting yourself is an act of rebellion (and power) Intuition isn’t magic—it’s a deep, internal guidance system that already exists inside you. The question is: are you listening? Connect with Hrund: Website: www.hrundgunnsteinsdottir.com TedTalk: https://www.ted.com/talks/hrund_gunnsteinsdottir_listen_to_your_intuition_it_can_help_you_navigate_the_future?utm_campaign=tedspread&utm_medium=referral&utm_source=tedcomshare Newsletter: https://hrundgunnsteinsdottir.com/blog/ LI: www.linkedin.com/in/hrundgunnsteinsdottir IG: https://www.instagram.com/hrundgunnsteinsdottir/ Book: InnSæi: Icelandic Wisdom for Turbulent Times Related Podcast Episodes: How To Breathe: Breathwork, Intuition and Flow State with Francesca Sipma | 267 VI4P - Know Who You Are (Chapter 4) Gentleness: Cultivating Compassion for Yourself and Others with Courtney Carver | 282 Share the Love: If you found this episode insightful, please share it with a friend, tag us on social media, and leave a review on your favorite podcast platform! 🔗 Subscribe & Review: Apple Podcasts | Spotify | Amazon Music Learn more about your ad choices. Visit megaphone.fm/adchoices…
Ep. 104: Securing Devops with Julien Vehent
Manage episode 215909026 series 1304632
תוכן מסופק על ידי Jardine Software Inc.. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jardine Software Inc. או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world.
Julien (@jvehent) is a security architect and engineering manager with over 15 years of experience in large organizations and web companies. He is currently responsible for the operational security of Firefox's backend infrastructure at Mozilla, and is the author of Securing DevOps.
Check out the book (Securing DevOps) at https://www.manning.com/books/securing-devops
Special 40% discount code for Developsec listeners: poddevelopsec18
For more info go to https://www.developsec.com or follow us on twitter (@developsec).
Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
For more info go to https://www.developsec.com or follow us on X (@developsec).
The DevelopSec podcast is brought to you by Jardine Software Inc.
128 פרקים
שתפוManage episode 215909026 series 1304632
תוכן מסופק על ידי Jardine Software Inc.. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jardine Software Inc. או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.
James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world.
Julien (@jvehent) is a security architect and engineering manager with over 15 years of experience in large organizations and web companies. He is currently responsible for the operational security of Firefox's backend infrastructure at Mozilla, and is the author of Securing DevOps.
Check out the book (Securing DevOps) at https://www.manning.com/books/securing-devops
Special 40% discount code for Developsec listeners: poddevelopsec18
For more info go to https://www.developsec.com or follow us on twitter (@developsec).
Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.
DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.
For more info go to https://www.developsec.com or follow us on X (@developsec).
The DevelopSec podcast is brought to you by Jardine Software Inc.
128 פרקים
כל הפרקים
×
D
DevelopSec: Developing Security Awareness
In this episode, I go over what Double-ClickJacking is and what you can potentially do about it to reduce the risk to your applications. Will this be the new finding on everyone's pen tests this year? Paulos Yibelo first described Double-ClickJacking and you can read more from him at his post referenced below. References: Paulos Yibelo Blog: https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
In this episode, I talk about how security is a part of everyone's role and the labeling of "Security Culture". I share some ideas on how to improve on role based security awareness and building stronger relationships between security and the rest of the organization. For more info go to https://www.developsec.com or follow us on X (@developsec). Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 122: Integrating Security Responsibilities into Development 18:04
18:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode I talk about assigning responsibility for secure development and how the dev and security teams should be working together to accomplish a common goal. I also discuss the importance of updating developer job descriptions and creating an expectation around developers having secure development experience. For more info go to https://www.developsec.com or follow us on X (@developsec). Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 121 - Evolving Ransomware: Unique Tactics for Payment 17:44
17:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode I talk about the evolving world of ransomware. I discuss a few examples of unique tactics the malicious actors are using to put pressure on organizations to pay the ransom. Referenced Articles: https://www.theregister.com/AMP/2024/04/30/finnish_psychotherapy_center_crook_sentenced/ https://www.darkreading.com/cyber-risk/hackers-weaponize-sec-disclosure-rules-against-corporate-targets https://www.theregister.com/2024/01/05/swatting_extorion_tactics/ For more info go to https://www.developsec.com or follow us on X (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 120: Addressing Root Cause - Vulnerable Components 16:30
16:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Transcript: In this episode, James talks about root cause analysis versus treating the symptoms. Tackling the challenge to integrate security into the development process, looking for insights, answers and practical solutions to avoid getting overwhelmed. Welcome to the develop SEC podcast where our focus is your success in securing and improving development processes. And here's your host, James Jardine. Hey, everyone, welcome back to the show. Today, I want to talk about addressing the symptoms versus addressing the root problem. And I think in application security, or when we talk about secure development, this is something where a lot of times we address the symptoms, but we never really take the step back to address the actual root cause of what's causing those symptoms. And today, I want to actually talk about vulnerable third party components. This is something that has been kind of brought to the attention a lot more in the past few years, made it into the OWASP, top 10. And it's something I think everybody struggles with, we never know when we'll have a vulnerable third party component, because until somebody actually identifies a vulnerability, we just assume that we're good. And then on top of that, if there is a vulnerability identified, then we also run the chances that we're probably not even using that feature. So vulnerable third party components are a really interesting aspect, when we think about secure development. Because there is a lot of unknowns, we may know that there's a vulnerability there. But the actual knowledge of do we use that piece and are we vulnerable, can be difficult, which, in the end, ends up adding a whole bunch of extra work and a whole lot of time for us to try to figure this out and address this stuff. And so this is where I talk about addressing the symptoms. In this case, in a lot of places, what we do is we address that symptom, we know that there's an issue of vulnerable third party components, right, that's the symptom, we have a vulnerable third party component. And so most places have some sort of process in place where we're going to identify these right, we're going to scan them all the time, whether using some of the common commercial tools, maybe you're using a free open source tool. But basically, the way it goes is I'm going to scan my repos or I'm going to scan my packages, and I'm going to look for all the dependencies, and then I'll look at their dependencies, and we'll see if there's any known vulnerable components within these right. And that requires having some sort of CVE out there that says, hey, somebody has found this, they've reported it, I remember requiring this to be a rep Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode we talk about the spell check feature of the browser and how it could present a risk to sensitive data. Link to article referenced: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
1 Ep. 118: Log4J Sparking Thought on Vulnerable Components 24:27
24:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיLog4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vulnerable? If so, what needs to be done? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
1 Ep. 117: How Browsers are Helping with Security 13:49
13:49 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:49
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיChrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is coming up fast. I wrote about this here: https://www.jardinesoftware.net/2019/10/28/samesite-by-default-in-2020/ Also, they are getting ready to start blocking mixed content downloads: https://blog.chromium.org/2020/02/protecting-users-from-insecure.html For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
1 Ep. 116: Chrome Retires XSS Auditor 14:07
14:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIt was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a developer? https://www.chromium.org/developers/design-documents/xss-auditor For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
1 Ep. 114: Investing in People for Better Application Security 24:37
24:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks about investing in the development teams to increase application security priorities. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
1 Ep. 113: What is your mother's maiden name? 21:00
21:00 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:00
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks about some of the risks and recommendations around security questions and their implementation. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
1 Ep. 112: Application Fingerprinting 21:04
21:04 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:04
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDoes your application give away details about it server, framework, or other components? How is this information used by an attacker? Check out this episode to learn more. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
Would you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credential stuffing, there must be a way to be alerted to account access. James talks about authentication alerts, what they are, and why you may want to use them. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
James discusses how implementation matters with security controls and how it changes priorities. This came about after reading the following story: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
I talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previous year and goals. I also talk about some new training I am providing. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 108: Dunkin Donuts Breach, Maybe?? 18:25
18:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode James talk about the Dunkin Donuts Perks breach. This is an interesting situation as the accounts were access using the victim's username and password found from another data breach. The issue: Password Reuse. Could D&D have prevented this? Listen in to hear my thoughts. Please feel free to share your thoughts as well. Article from Today: https://www.today.com/food/dunkin-reveals-security-breach-here-s-what-it-may-mean-t144139 Dunkin Donuts Release: https://www.dunkindonuts.com/content/dam/dd/pdf/Security_Update.pdf For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode James talks about what credential stuffing is, how if affects your apps, and how you can look to defend against it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 106: Facebook Breach Take-aways and Insights 31:18
31:18 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי31:18
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames talks about the Facebook breach and shares some insights into how you can take steps to prevent this type of incident in your applications. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 105: Interview with Eric Johnson 57:11
57:11 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי57:11
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיI sit down with Eric Johnson to talk about security in the IDE and other fun topics. A bit longer than usual, but full of great information. You can reach out to Eric on twitter @emjohn20 or check out his site at https://www.pumascan.com . For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 104: Securing Devops with Julien Vehent 45:07
45:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי45:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world. Julien (@jvehent) is a security architect and engineering manager with over 15 years of experience in large organizations and web companies. He is currently responsible for the operational security of Firefox's backend infrastructure at Mozilla, and is the author of Securing DevOps. Check out the book (Securing DevOps) at https://www.manning.com/books/securing-devops Special 40% discount code for Developsec listeners: poddevelopsec18 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 103: Is 3rd Party Authentication Right For Your Application? 18:16
18:16 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:16
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd party to authenticate your users. While this cuts a lot of work out of your development time, it is important to understand the pros and cons to each method. James talks through some of these risks to help better understand which method might be right for you. Links from show: Ep. 92: 2-Factor Authentication - http://podcast.developsec.com/ep-92-2-factor-authentication Ep. 61: Multi-factor Authentication - http://podcast.developsec.com/ep-61-multi-factor-authentication Ep. 39: Authentication - http://podcast.developsec.com/ep-39-authentication Ep. 2: All About Passwords - http://podcast.developsec.com/ep-1-all-about-passwords Ep. 73: Identity with Vittorio Bertocci - http://podcast.developsec.com/ep-73-identity-with-vittorio-bertocci For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 102: Intro to Web Security Policies 16:41
16:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation. Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03 Link to form to create the file: https://securitytxt.org/ Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 101: You're not always right and that is ok 20:58
20:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn too. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 100: Choosing Security Tools 26:36
26:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי26:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify security issues within our applications. The trick is to learn to identify which ones make the most sense for your environment. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 99: Shifting Left in the SDLC 19:56
19:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks about what it means to shift left in the SDLC. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode we talk about efail and the HYPE around security news. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 EP. 97: Gmail / Netflix Potential Scam 18:27
18:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. For schedules and information check out https://www.jardinesoftware.com/fundamentals-of-application-security/ ** In this episode, James shares his thoughts on an interesting scam potential was brought up regarding Gmail and Netflix. A lot of the discussion is on a unique Gmail feature most haven't heard of. James breaks this down in this episode. The original story was shared at https://www.theregister.co.uk/2018/04/10/gmail_netflix_phishing_vector/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 96: Security Flaws as Defects 27:35
27:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי27:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode we talk about treating security flaws as defects and embedded vs. built-in security. Do you treat security flaws differently? What barriers does that create? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 95: MyFitnessPal Breach Take-Aways 18:24
18:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode we talk about the MyFitnessPal breach and some of the key points that we as developers, security, and users can take away from it. Tweet with Graph of Largest Breaches mentioned: https://twitter.com/EricTopol/status/979556839015661568 Link to article about the breach: https://www.cnet.com/news/millions-of-myfitnesspal-accounts-hacked-under-armour-says/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode we talk about penetration testing and what you need to know to get the most out of the activity. Tune in to hear some of our thoughts on the topic. To take the training course survey go to https://forms.office.com/Pages/ResponsePage.aspx?id=dUTTGKfrY0SMJRLyejG00DrfDtlb8W5HpqoXHgPDektUNDgxVU9SNlVRNVhXMTY4UUxSU041MFVWTC4u For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode we talk about secure code review with a mention of static analysis. Do you know the difference? What is the issue of doing one over the other, or just outright replacing actual code review with static analysis? Tune in to hear some of our thoughts on the topic. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode James talks about 2-factor authentication, why we use it, and maybe why we don't. Is your 2-factor implementation getting in your way? The DevelopSec YouTube Channel - https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 DevelopSec Podcast #91 - OWASP Top 10 2017 Thoughts 28:45
28:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי28:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe new OWASP Top 10 2017 is out. We look at some of the changes and how you can effectively use the list to better your security program. We are also launching a new DevelopSec Live broadcast. To check out the first episode, go to https://www.youtube.com/watch?v=kfDuxwFScOE (The first 2 minutes are just a place holder as I was starting, feel free to skip those. That will go away in future episodes). The DevelopSec YouTube Channel - https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 90: 5 Steps to Help Secure Your Database 44:12
44:12 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי44:12
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames sits down with Perry Krug, from Couchbase to discuss some important steps to take to secure your database. Perry Krug - https://twitter.com/perrykrug Couchbase - https://twitter.com/couchbase Couchbase - https://www.couchbase.com/ CouchbaseSecurity Documents - https://developer.couchbase.com/documentation/server/current/security/security-intro.html For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Welcome to 2018! Another year down and time for many of us to start making promises to ourselves of things we will start doing in this new year. In this episode James talks about some lessons we should take from 2017 and ways to use them in 2018. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 88: Meteor Security with Tim Medin 42:33
42:33 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי42:33
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks with Tim Medin regarding Meteor and security. If you develop with Meteor or have to test it, there is a lot of information packed in. More about Tim Medin (@timmedin): Red Seige website - https://www.redsiege.com/ Link to Meteor Minor and other tools Tim mentioned: https://github.com/nidem Tim Medin's Bsides Orlando 2017 Presentation - Tim Medin - Mining Meteor B-Sides Orlando 2017 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 87: Apple Sign-in Bug Take-Aways 24:20
24:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיYou have heard about the Apple Sign-in Bug on High Sierra. Now lets talk about how we can use this example to better our current development processes to protect ourselves. Link to mentioned article: https://www.theguardian.com/technology/2017/nov/30/apple-macos-high-sierra-fix-breaks-file-sharing-password-security-flaw-emergency-patch For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 86: Vulnerable 3rd Party Components 18:34
18:34 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:34
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not. Links: OWASP Dependancy Check - https://www.owasp.org/index.php/OWASP_Dependency_Check GitHub Blog - https://github.com/blog/2470-introducing-security-alerts-on-github RetireJS - https://retirejs.github.io/retire.js/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this information can be used in your personal technology use, not just in development. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 84: Understanding the Technology 23:30
23:30 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:30
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיYou know your development language and platform, but do you really know the ins and outs of web application technology? How well do you know HTTP, HTML, etc? James talks about a few scenarios where really understanding how the technologies works helps better understand vulnerability risks. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode, James talks about authorization and some common areas where it poses a risk. He also goes over some techniques to help test authorization. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
The Equifax breach was a major news story. James talks about some of the security controls mentioned and how to start a conversation within your organization about them. Want to listen on YouTube? Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 81: JavaScript in HREF and SRC (XSS) 20:20
20:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWe talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags. James talks about this unique ability and how to protect your applications from it. The related blog post for this can be found at https://www.developsec.com/2017/09/06/javascript-in-an-href-or-src-attribute/ Want to listen on YouTube? Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 80: Understanding Security of Your Platforms 19:35
19:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWe use a lot of platforms and frameworks when we develop an application. These platforms may provide security features, but do you know which ones? James talks about the importance of understanding your platforms and what to consider. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 79: Marketing with USB Drives 15:40
15:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames talks about the risk of USB thumb drives and their risk using the recent BCBS marketing campaign as an example. ( http://www.fiercehealthcare.com/privacy-security/bcbs-alabama-re-evaluates-usb-marketing-campaign-amid-security-concerns ). For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 78: MySpace Lessons - Looking At Account Recovery 19:14
19:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames talks about a recent vulnerability report regarding MySpace's Account Recovery system ( https://www.wired.com/story/myspace-security-account-takeover/ ). He talks about considerations around account recovery and the need to revisit this type of functionality on a regular basis. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 77: Interactive Application Security Testing 14:47
14:47 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:47
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach that is similar to both dynamic and static analysis. Listen in to learn more about it. The video version of this can be found at https://youtu.be/KHSlDletm9I For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 76: Validation - Client vs. Server 13:09
13:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAre you thinking about client vs. server-side input validation? Curious why each is important and when to use them? James talks about the basic concepts and how to apply them to create more secure applications. A video version of this podcast is now available at: https://youtu.be/irO1TOC6-i8 For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode I sit down with Geurt van Wijk from IDdriven to discuss IAM and IDaaS. Geurt has many years of experience around Identity and shares some great insights into considerations when working with it. If you typically think of Identity as just a user with credentials and some typical roles, you will want to listen in. You can get more information about IDdrive from https://www.iddriven.com For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 74: Audio Driver Key Logger Lessons Learned 16:25
16:25 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:25
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIt was recently reported that an audio driver on HP systems was logging key strokes to a local file. Accidental? Malicious? Instead, we talk about how to try and avoid this from happening in the future. Original Article: https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 73: Identity with Vittorio Bertocci 30:26
30:26 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי30:26
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיI sat down with Vittorio Bertocci from Microsoft at the Microsoft Build 2017 conference in Seattle Washington. Vittorio shared some great insights into Identity and some new things around Azure AD and Azure AD B2C. Listen in to learn more about some of the interesting things going on. You can watch Vittorio's presentation from build at: https://channel9.msdn.com/Events/Build/2017/B8084 To get more information from Vittorio, you can follow him on twitter at @vibronet or check out his website at www.cloudidentity.com Also, check out this announcement about new authentication SDKs: https://azure.microsoft.com/en-us/blog/start-writing-applications-today-with-the-new-microsoft-authentication-sdks/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 72: Where to Perform Output Encoding 13:37
13:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיOver the years I have had many people ask about encoding before storing data in the database. Here are my thoughts and recommendations. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Do you use hosted content on a CDN? How do you know the file hasn't been modified? James describes Sub Resource Integrity and how it is used to help detect and prevent loading modified files. For details referenced in the show about commands and examples, check out our post at https://www.developsec.com/2017/04/16/sub-resource-integrity-sri/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 70: Considering security when selecting an application platform 21:02
21:02 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:02
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDo you struggle with trying to pick the most secure application platform? Are you focusing on the right questions? James talks about ways to look at application platforms and be secure, no matter which one you choose. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 69: Concurrent User Sessions 21:23
21:23 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:23
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDo you allow users to login into their accounts across multiple browsers or devices? Does this raise a security concern? James talks about how to handle this question and analyze the root issue. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 68: How the AWS disruption can help us 15:22
15:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיI am sure you have heard about the AWS service disruption that occurred. Have you seen how we can learn from this when we look at our own tools and processes? James talks about how we need to look at our own applications and tools and consider how time has changed the landscape. There might be more than you think. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
I hear a lot of people struggling with HTTPOnly and Secure attributes on cookies. The names may be confusing to some. Change your viewpoint and it may become easier.. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
We always talk about Forgot Password... But what about Forgot Username? Listen in as James discusses why protecting this functionality is important and the ways it could be abused if not properly handled. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 65: Security Questions: Good or Bad? 18:07
18:07 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:07
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks about security questions, or secret questions. We see them used in many different places. People complain they are horrible. So are they that bad that you shouldn't use them? Is it possible to help reduce the risk with security questions? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 64: Using Stolen Passwords to Protect User Accounts 14:27
14:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA few months ago, it was announced that some companies buy stolen passwords off of the black market to help protect their users. This is done by determining if the user's password was part of that list and forcing a reset. James talks about the idea and raises some interesting questions. What do you think about the tactic? For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 63: Remember Me Feature: Security Considerations 15:06
15:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיAre you, or have you, implemented a remember me feature for your application? What do you remember, username, password, or both? James talks about some security considerations around implementing a remember me feature for your application. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 62: MongoDB Ransomware Attacks 13:53
13:53 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:53
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDo you use MongoDB? If so, is it exposed to the internet? Recent news (listed below) had shown that a large number of MongoDB instances are being infected with ransomware. James talks about the issue and ways to help ensure you are not the next victim. Link to original article: http://arstechnica.com/security/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 61: Multi-factor Authentication 17:24
17:24 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:24
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיImplementing multi-factor authentication isn't just about a second factor. There are many considerations that need to be included. One in particular, how do you handle the user losing their means of that second factor. James talks about thinking this through. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Yahoo has announced yet another breach from back in 2013 affecting a very large number of user accounts. https://investor.yahoo.net/ReleaseDetail.cfm?&ReleaseID=1004285 This creates an opportunity to discuss password storage and the storage of security answers. Find out what we can takeaway from this incident. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 59: All About Cookie Protection 23:06
23:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIt is the holiday season. It is appropriate to talk about cookies. Not the kind that you bake, but the ones in your applications. James talks about the security mechanisms for cookies and clarifies what they are for. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Have you heard someone mention "untrusted" data? Applications take data from multiple data sources and we are often confused on what should be trusted or not. In this episode, James Jardine talks about untrusted data and some thoughts for moving past it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Are you an organization looking to do source code review? Are you trying to hire a pen tester with source code review as a duty? James talks about Secure Code Review and some common implementations. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Do you have a clear path for users to contact you about potential security issues in your application or device? Is there a potential for the communication to be lost in the mix? James talks about how it is important for users to have a clear path to communication when it comes to reporting security issues. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 55: Scoping an application security assessment (Applications) 12:03
12:03 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:03
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHaving a penetration test performed against your applications? Do you have mobile and web applications performing the same functionality? James talks about the reason behind doing these assessments at the same time vs. separate. See why testing your entire offering can add benefit to your security assessment. Link to DerbyCon Presentation For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Your pen tester want you to white list them in your WAF? What should you do? Why do they ask? James breaks it down for you in this episode. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 53: Chrome Changing Secure Notifications 17:09
17:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWe talk HTTP/HTTPS all the time. Google just announced that in January they are going to change how they display their secure/not secure indicators for HTTP sites that have passwords or credit cards. James talks about how this can effect you. Link to the article: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Are your login forms secure? Are you sure? In this episode James talks about potential risks with presenting your login forms when using HTTPS and how to avoid them. We often are focused on HTTPS for the submission of credentials, but what about the loading of the form? What about frames? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 52: Importance of UI to Security 11:37
11:37 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי11:37
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe user interface plays a big part in the security of an application. We often only look at flaws such as XSS, but here James provides an example of the lack of Input Validation messages creating a Denial of Service type situation. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
James discusses how all applications, big or small, are a potential target and need to have secure coding practices. We often only look at our big applications from a security perspective, but in reality, all applications pose a risk. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 50: How Serious is Username Enumeration 23:06
23:06 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:06
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks about what Username Enumeration is, how it can be used by attackers, and some ways to help reduce the risk of it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 49: Should Password Change Invalidate Access Tokens? 16:13
16:13 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:13
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיInteresting question was raised around changing a password and the need to invalidate all the access tokens for the associated mobile devices. James talks about his view on the topic and how you can analyze your situation to determine the appropriate direction. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 48: Pokemon Go Security Discussions 18:58
18:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיPokemon Go has taken the world by storm and as always, it brings up some things to talk about regarding security. In this episode James talks about some out of the box security thoughts regarding mobile applications including app permissions, fake apps, and scams. **Link to James' interview on News4Jax talking about Pokemon Go Security Concerns http://www.news4jax.com/news/morning-show/pokemon-go-security-concerns ** For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 47: Account Lockouts and auto-unlock 10:54
10:54 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי10:54
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיA question came in regarding auto-unlock of accounts and account lockout in general. James discusses his thoughts on this process and how he approaches these types of questions. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
A question came in around the need for the password confirm box on registration screens and the security implications. In this episode I respond to the question and give some insights on how to approach these types of questions from a security perspective. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
We are too quick to just give generic recommendations for resolving security vulnerabilities. We need to make sure that the application teams understand why these are vulnerabilities and why they are important. It all starts with Why is that functionality there. James talks about the importance of understanding the WHY and how it is a building block for better secure applications. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
When a developer was presented with a but they tried to say that it wasn't an issue because it was found by a tester using a Mac. "We don't support Macs" James talks about how this is a fundamental misunderstanding about security and tries to clear it up. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 43: Reflecting on Current AppSec Training 22:01
22:01 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:01
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames reflects on the current way we expect application teams to get security training and potential short falls. Is there a better way? Listen as I talk through some different points on the topic. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 42: The Need for Better Secure Code Examples 21:38
21:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיHow do you get your secure coding information? Do you pull code snippets from the internet? Who doesn't. How many of those actually use secure coding best practices. We have a challenge where most of our books, tutorials, and even college classes don't show secure code examples, just code examples. Everywhere we turn, the code we see is insecure. James Talks about this issue and some things you can do to help change that. In the episode, James makes reference to the IT Hot Topics Conference ( https://www.eiseverywhere.com/ehome/index.php?eventid=155122&) . James will be presenting on Friday morning. If you are in the area, this may be a great conference to check out. See the link included for registration info. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 41: Why You Need an Application Inventory 18:21
18:21 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:21
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיDo you use an application inventory in your application security program? James discusses what an application inventory is and why it is important. Here is a list of a few tools that can be used to help identify some application details: Consider using OWASP Dependency Check ( https://www.owasp.org/index.php/OWASP_Dependency_Check ) Retire.js will help identify out dated javascript libraries ( http://retirejs.github.io/retire.js/ ) - This is also a burp extension For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. (https://www.jardinesoftware.com) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 40: Getting More Value from Pen Tests 16:48
16:48 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:48
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיPenetration tests provide a measuring stick for security, but are you missing out on additional value? James discusses ways to use the pen test results to get more value out of a penetration test. James will be providing a free webcast regarding Penetration Testing for Application Teams on March 18th, 2016. Here is the registration link: https://attendee.gototraining.com/r/3147075330537789954 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. (https://www.jardinesoftware.com) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
James discusses what authentication is and some things to look out for. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. (https://www.jardinesoftware.com) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 38: Static Analysis: Tips for Successful Program 39:14
39:14 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי39:14
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James Jardine talks about some of the things you need to consider when trying to implement a static analysis program. It is more than just a tool you drop in. To build a successful program there are other considerations. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. (https://www.jardinesoftware.com) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
James Jardine discusses CSRF chaining, using the combination of multiple CSRF requests to perform a task. Typically we believe that CSRF can only be done with one request, but with a little javascript it is possible to execute multiple requests. Listen in for more information. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. (https://www.jardinesoftware.com) Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 36: Intro to Cross Site Request Forgery (CSRF) 23:46
23:46 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:46
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks about what CSRF is, why it is a risk, and different ways to protect against it. CSRF is #8 on the OWASP Top 10 https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_%28CSRF%29 Want to learn more about application security? Check out https://www.developsec.com . Follow us at @developsec on twitter. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 23: 3rd Party CMS Security Thoughts 21:35
21:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי21:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיCMS platforms are an easy way to get content to the internet, but we still have to consider security. James talks about some of the concerns and things to think about when thinking about these security features. For a more details, check out the blog post at https://www.developsec.com. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 22: Black lists vs. White Lists 16:35
16:35 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי16:35
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיI came across an interesting tweet https://twitter.com/suffert/status/567486188383379456 depicting a good example of a black list that didn't quite cover everything I think they wanted too. This episode discusses the difference between black and white lists and some of the things to watch out for. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 21: Sensitive Data and Storage 19:59
19:59 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:59
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames talks about the need for developers, QA, business analysts and project managers to understand the type of application they are creating and the requirements around sensitive data. Reference Links from the podcast: http://www.njleg.state.nj.us/2014/Bills/S1000/562_R1.PDF http://laws.flrules.org/2014/189 Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
I discuss the lessons learned from the recent Moonpig security disclosure. This is full of information for a developer or QA tester. For more information, visit https://www.developsec.com Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Are you looking to test our your security skills? There are lots of targets that are freely available to you that can be quite helpful. The good news is you won't be getting in trouble for hacking these applications. Here is a short list of some of the targets that exist for you to practice your web hacking skills. Vulnerable Apps: hackazon - http://www.ntobjectives.com/hackazon/ bWAPP - http://sourceforge.net/projects/bwapp/files/bee-box/ webgoat - https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project DVWA - http://sourceforge.net/projects/dvwa/ Mutillidae - http://sourceforge.net/projects/mutillidae/ Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 18: Planning for an Assessment 18:56
18:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיNo matter what size company you are, sooner or later you will be subject to some form of security assessment. Whether that is a penetration test, architecture review, code review or some other assessment. It is important to be prepared. Have the documentation needed when the engagement starts. Most importantly, be honest to any questions and don't try and hide things. The point is to get an accurate view of the security landscape to better help the company's risk position. James talks about all this and more in this episode. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Are you sure you are performing proper authorization checks everyplace? What does Authorization even mean? James Jardine talks about Authorization and how QA, Dev and others can reinforce its implementation. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode, James Jardine talks about the recent breaches regarding cloud services and whether or not we should be running for the hills. Lets focus on the real issue, not the hype of nude photos. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 15: Security Testing - QA can do this!! 23:36
23:36 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי23:36
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James talks about security testing... scratch that, testing. There really is no difference between security testing and regular testing. The app is functioning in a way it was not designed to. QA can do this. Developers can do this. Listen to find out some of the ways that we can help move this forward to get our internal teams testing better. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 14: Input Validation and Output Encoding 13:22
13:22 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי13:22
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThe debate is out there, which is more important. I discuss what they are and how they both play a key role in securing an application. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
D
DevelopSec: Developing Security Awareness
1 Ep. 13: Introduction to Cross Site Scripting 14:57
14:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThis episode gives a high level overview of what XSS is and why it is of concern. Future episodes will dig deeper into the vulnerability. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
D
DevelopSec: Developing Security Awareness
1 DS: Ep 12: Ebay hacked. All about Cookies 19:56
19:56 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי19:56
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיWe discuss a little about eBay and their unfortunate hack, how sourceforge has upgraded their password storage and a lot about cookies. What are cookies, how are they used, how do we secure them. Lots of great information about cookies. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 11: Not your Grandpa's Phishing 14:57
14:57 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:57
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, we talk about phishing. Mass email and spear phishing. What you should know about the topic and how to protect yourself. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
D
DevelopSec: Developing Security Awareness
This episode introduces the new Microsoft Threat Modeling Tool 2014. No more requirement for Visio.. woohoo. Lots of talk about threat modeling and its benefits. Threat Modeling Tool 2014: http://download.microsoft.com/download/3/8/0/3800050D-2BE7-4222-8B22-AF91D073C4FA/MSThreatModelingTool2014.msi Threat Modeling (book by Adam Shostack): http://www.amazon.com/Threat-Modeling-Designing-Adam-Shostack/dp/1118809998/ Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 9: Windows XP and HeartBleed 12:05
12:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי12:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode we take a look at the two hottest topics.. Windows XP End of Life and Heartbleed. If you haven't heard of either of these, your under a rock (and you should listen). This is not an in-depth analysis of these, but just general thoughts on them. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 35: An Introduction to Open Redirects 17:05
17:05 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:05
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames discusses Open Redirects, or on the OWASP Top 10 what is referred to as Unvalidated Redirects and Forwards ( https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards) This is an introduction to what an Open Redirect is, why it is an issue, how to protect against it and how to test for it. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
James discusses Hacking, what is it, why is it important. It is more than what you see in the media of the bad guys hacking computers. It is a curiosity, a hobby, an interesting in pushing limits. Some amazing things have come out of hacking. Check out this episode for more ramblings. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 33: Holiday Gift Security Considerations 18:38
18:38 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:38
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames discussing some things to consider this holiday season when searching for that perfect gift. It is important to understand the privacy policy (what is collected and how it is used) as well as the technologies the gift uses (Bluetooth, wifi, etc). This discussion addresses both consumers and the companies that create these gifts. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 32: Dynamic Analysis: An Overview 22:27
22:27 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:27
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames Jardine provides an overview of Dynamic Analysis and why it is important. Like any automation, there are pros and cons. Listen to find out why dynamic analysis is useful. Some links to some dynamic analysis options that are available: WhiteHat Security (http://www.whitehatsec.com) HP - Web Inspect (http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/) IBM App Scan (http://www-03.ibm.com/software/products/en/appscan) Veracode (http://www.veracode.com) Acunetix (https://www.acunetix.com/) Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 31: Response Splitting and Header Injection 18:40
18:40 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי18:40
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJoin James Jardine as he discusses what Response Splitting/Header Injection is and how it works. He also discusses how ASP.Net helps defend against this attack. This is a quick overview of the vulnerability and a great starting point for anyone learning security concepts. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Hi and welcome to the DevelopSec newscast for October 20th, 2015. I am James Jardine and I wanted to take a few moments to talk about some recent news stories over the past week. Apple removes several apps that could spy on encrypted traffic - http://arstechnica.com/security/2015/10/apple-removes-several-apps-that-could-spy-on-encrypted-traffic/ , http://www.theregister.co.uk/2015/10/09/apple_borks_adblocking_app_over_privacy_concerns/ Apps installed a root certificate on device. Could allow monitoring of data, even SSL/TLS traffic. Recommended to uninstall the apps, unfortunately it was not made clear which ones they are. com CSRF bug pays security tester $25,000 - http://www.theregister.co.uk/2015/10/09/hotmail_hijack_hole_earns_boffin_25k_double_bug_bounty_trouble/ Wesley Wineberg found a Cross-Site Request Forgery flaw in the Microsoft Outlook.com website. Could hijack user sessions. Responsible/Coordinated disclosure allowed flaw to be resolved before publicly disclosed. Medicaid Data Breach, Security Issue at NC and CA Facilities - http://healthitsecurity.com/news/medicaid-data-breach-security-issue-at-nc-and-ca-facilities Spreadsheet sent via email unencrypted. Highlights importance of attention to detail. Sometimes the simplest mistakes create a potential risk. Difficult to prove if data was accessed by unauthorized users. What options could be used instead of emailing the attachment? Thumb drive stolen from employees home Data should be encrypted. Ensure policies exist that cover acceptable use of portal storage. Ensure that employees are trained on the policies. Join the conversation on google+ (https://www.google.com/+Developsec) and Twitter (@DevelopSec) Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
James breaks down a few news stories from the previous week. The following stories were discussed, including some brief points. Microsoft Accidentally pushes test patch http://www.zdnet.com/article/microsoft-accidentally-issued-a-test-windows-update-patch/ Of course the community assumes hack. Oversight that allowed a test patch to be released. They are working to remove it. Credit Card Liability Shift Is here Starting October 1, 2015 if your a vendor and use the magnetic stripe on a chip enabled card, certain fraudulent transactions will fall to you, instead of the bank. This doesn’t change the liability for consumers. James' interview on Channel 4 News in Jacksonville http://www.news4jax.com/news/new-credit-card-technology/35391900 WinRAR exploit – Is it just hype? http://www.theregister.co.uk/2015/09/30/500m_winrar_users_open_to_remote_code_execution_zero_day/ Requires you to execute an exe, which is something we are taught not to do from untrusted sources. Estimates say this effects 500 million users, but let’s be realistic on the risk here. It requires you to execute an executable. Remember not to run attachments or files unless they are from a trusted source and you are expecting the item. Huge iOS 9 Security Flaw (or maybe not?) https://www.yahoo.com/tech/s/huge-ios-9-security-flaw-lets-anyone-see-134547688.html Can bypass the lock screen to see photos and contacts. Uses Siri (so it has to be enabled on the lock screen). Requires physical access to the device. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
James breaks down a few news stories from the previous week. The following stories were discussed, including some brief points. $1 million bounty for iOS 9 hack http://www.wired.com/2015/09/spy-agency-contractor-puts-1m-bounty-iphone-hack/ Zerodium announced 1 million dollar bounty for hack that can take over an iOS device remotely, via web page, vulnerable app or text message Terms of offer demand that bug not be reported to Apple or publicly disclosed Not uncommon for iOS bugs to fetch big money Rare malware outbreak hits some Apple apps http://www.usatoday.com/story/tech/2015/09/21/apple-china-hack-app-store-malware--xcode-ghost/72572190/ Some developers used fake versions of XCode to create applications Designed to steal user passwords Reportedly little danger to US iphone users unless using Chinese social media apps. Important to use software from trusted sources. Comcast to Pay $33 million over Privacy Breach http://www.huffingtonpost.com/entry/comcast-to-pay-over-privacy-breach_55fb30d7e4b0fde8b0cd9fe4 75,000 names, phone numbers and addresses published People paid $1.50 / month more for privacy Each customer will get $100 Some law enforcement, judges and domestic violence abuse victims will get more due to facing increased safety concerns. Follow us on Twitter (@developsec). If you want to be alerted when new items are available you can subscribe on our website at https://www.developsec.com Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 30: HTTP Strict Transport Security (HSTS): Intro 14:41
14:41 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:41
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJames talks about HTTP Strict Transport Security (HSTS) and what it is for. For more information, check out the corresponding post https://www.developsec.com/2015/09/17/http-strict-transport-security-hsts-overview/ that has links to other references. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 29: FTC Start with Security Guidelines 24:58
24:58 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי24:58
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיJust recently, the FTC released "Start with Security: A Guide for Busines" which is a set of 10 items businesses can do to help secure their assetts. The full guide can be found at https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business. James Jardine breaks gives an overview of the 10 items provided in the document. If you are a business, these are some good things to think about when it comes to security. The interesting twist is that it is not highly technical, rather uses real companies as examples for the different items. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 28: What is Penetration Testing 20:45
20:45 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:45
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode, James Jardine talks about what penetration testing, "pen testing", is and how it really has a lot of meanings to different people. A pen test isn't something that should be considered negative, rather it is a positive approach to helping identify security risks to your organization. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 27: Importance of Security for BA and PM 15:54
15:54 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי15:54
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיIn this episode James covers some thoughts on how business analysts and project managers are crucial to the security role for applications. It doesn't take a huge change in the way work is done and the domino affect carries all the way through to QA. Accompanying Blog Post: https://www.developsec.com/2015/06/01/business-analysts-and-product-managers-security-roles/ Follow us on Twitter: @developsec Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 26: The Importance of Security for QA 22:20
22:20 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי22:20
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיQA plays a crucial role in testing for security flaws within applications. They have the Proximity, Knowledge of the Application and it is an extension to the role they currently fill. James Jardine discusses why security testing is critical to the QA role. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 25: Static Analysis: Analyzing the Options 17:09
17:09 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי17:09
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיStatic analysis is an important part of the secure development lifecycle. There are some things to think about when you are considering a static analysis option. James discusses the questions in this episode. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 24: The Importance of Baselines 14:44
14:44 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי14:44
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיUnderstanding baselines of our networks, applications, traffice, etc is important to identifying security issues. James Jardine shares some thoughts on the need for these baselines and why they are important. There is a quick write up on this topic at https://www.developsec.com. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode, James Jardine talks about how oversharing with network shares is a big problem. Often times we open shares to too many people and we share sensitive information that shouldn't be shared. We need to look at how we monitor these shares and how, as a user, we share information on them. Sorry.. seems to have recorded a little quiet this time. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
We all see data breaches happen all the time, daily in most cases. James talks about how common this is, how companies can handle the situation and how users can be proactive to protect themselves. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode, James Jardine discusses mobile security and why we need to be thinking about it. Devices are Powerful these days and we do everything on them. We can't afford to ignore the security aspect of these devices. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
Here we are in 2014 and we still have SQL Injection issues. James Jardine discusses what SQL Injection is, how attackers take advantage of it and how developers can protect against it. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode, James Jardine talks about web proxies and how they are used. Whether you are a developer, QA tester, or pen tester, web proxies are essential to your testing efforts. Some Proxies discussed: Burp Suite - http://portswigger.net/ Fiddler - http://www.telerik.com/download/fiddler Zap Proxy - https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project Some cool extensions mentioned: Co2 - http://co2.professionallyevil.com/ Watcher - http://websecuritytool.codeplex.com/ Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode, James talks about these external systems that are connected to our networks. It is speculated that the Target breach was done through an HVAC system that was connected to the Internet. How many devices these days connect to the internet and have default passwords for the vendor to manage them. I discuss these ideas and things to think about when working with these systems. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
In this episode, James covers some interesting topics about passwords. Why we use them, what makes one better than another, some password management options and multi-factor authentication. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
D
DevelopSec: Developing Security Awareness
1 Ep. 1: Introduction to the Podcast 20:03
20:03 הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתי20:03
הפעל מאוחר יותר הפעל מאוחר יותר רשימות לייק אהבתיThis is the first episode of the DevelopSec podcast. The goal behind this podcast is to develop security awareness. Helping developers gain security knowledge, and also consumers with understanding security in general. We discuss recent breaches like Target and Neiman Marcus as well as the topics we will be discussing. We will talk about techniques, tools, and other resources that you can use. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…
ברוכים הבאים אל Player FM!
Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.
Daily Deals
דומה לDevelopSec: Developing Security Awareness
This is the audio podcast version of Troy Hunt's weekly update video published here: https://www.troyhunt.com/tag/weekly-update/
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
S
Security Weekly Podcast Network (Audio)
1
Security Weekly Podcast Network (Audio)
Security Weekly Productions
2k3k
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
A podcast about web design and development.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
T
The Talk Show With John Gruber
1
The Talk Show With John Gruber
Daring Fireball / John Gruber
2k342
The director’s commentary track for Daring Fireball. Long digressions on Apple, technology, design, movies, and more.
…
continue reading
Hanselminutes is Fresh Air for Developers. A weekly commute-time podcast that promotes fresh technology and fresh voices. Talk and Tech for Developers, Life-long Learners, and Technologists.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
How does artificial intelligence change when people — not profit — truly come first? Join IRL’s host Bridget Todd, as she meets people around the world building responsible alternatives to the tech that’s changing how we work, communicate, and even listen to music.
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Player FM - אפליקציית פודקאסט
התחל במצב לא מקוון עם האפליקציה Player FM !
התחל במצב לא מקוון עם האפליקציה Player FM !
))
