Ep. 118: Log4J Sparking Thought on Vulnerable Components

DevelopSec: Developing Security Awareness

Player FM - Internet Radio Done Right

28 subscribers

הוסף לפני ten שנים

תוכן מסופק על ידי Jardine Software Inc.. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Jardine Software Inc. או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Before The Chorus

1
LIVE: Before the Chorus & Open Folk Present: In These Lines feat. Gaby Moreno, Lily Kershaw & James Spaite 33:58

לפני 12 ימים33:58

הפעל מאוחר יותר

רשימות

לייק

אהבתי

33:58

On June 25th 2025, in collaboration with Open Folk, we presented our first ever live interview event in Los Angeles. As Open Folk put it: "In These Lines is a live event where three artists each bring one song — not just to perform, but to explore. They sit down with Sofia Loporcaro, host of Before The Chorus, to talk about where the song came from, what it meant to write it, and what it still holds. Then they play it. Just the song, and the truth behind it." Find Open Folk on Instagram: @openfolkla Find Gaby on Spotify: https://open.spotify.com/artist/0K9pSmFx0kWESA9jqx8aCW?si=Wz4RUP88Qlm_RKs7QTLvWQ On Apple Music: https://music.apple.com/us/artist/gaby-moreno/472697737 Instagram: https://www.instagram.com/gaby_moreno/ Find Lily on Spotify: https://open.spotify.com/artist/0p0ksmwMDQlAM24TWKu4Ua?si=Bmdg-uIUTHu-zRUc_dqL3g On Apple Music: https://music.apple.com/us/artist/lily-kershaw/526884610 Instagram: https://www.instagram.com/lilykershaw/ Find James on Spotify: https://open.spotify.com/artist/3u50TPoLvMBXNT1KrLa3iT?si=OoLoq7ZTRZyUiytQcz0FsQ On Apple Music: https://music.apple.com/us/artist/james-spaite/905076868 Instagram: https://www.instagram.com/jamesspaite/ Subscribe: ⁠⁠⁠⁠⁠⁠⁠https://beforethechorus.bio.to/listen⁠⁠⁠⁠⁠⁠⁠ Sign up for our newsletter: ⁠⁠⁠⁠⁠⁠⁠https://www.beforethechorus.com/⁠⁠⁠⁠⁠⁠⁠ Follow on Instagram: ⁠⁠⁠⁠⁠⁠⁠@beforethechoruspodcast⁠⁠⁠⁠⁠⁠⁠ & ⁠⁠⁠⁠⁠⁠⁠@soundslikesofia⁠⁠⁠⁠⁠⁠⁠ About the podcast: Welcome to Before the Chorus , where we go beyond the sounds of our favourite songs to hear the stories of the artists who wrote them. Before a song is released, a record is produced, or a chorus is written, the musicians that write them think. A lot. They live. A lot. And they feel. A LOT. Hosted by award-winning interviewer Sofia Loporcaro, Before the Chorus explores the genuine human experiences behind the music. Sofia’s deep knowledge of music and personal journey with mental health help her connect with artists on a meaningful level. This is a space where fans connect with artists, and listeners from all walks of life feel seen through the stories that shape the music we love. About the host: Sofia Loporcaro is an award-winning interviewer and radio host who’s spent over 8 years helping musicians share their stories. She’s hosted shows for Amazing Radio, and Transmission Roundhouse. Now on Before the Chorus, she’s had the chance to host guests like Glass Animals, Feist, Madison Cunningham, Mick Jenkins, & Ru Paul's Drag Race winner Shea Couleé. Learn more about your ad choices. Visit megaphone.fm/adchoices…

לפני 4 שנים 24:27

MP3•בית הפרקים

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.

DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

Send us a text

For more info go to https://www.developsec.com or follow us on X (@developsec).

The DevelopSec podcast is brought to you by Jardine Software Inc.

128 פרקים

#Tech #Security #Training #Podcasting Education #Jardine Software Inc #AppSec #Application Security #Secure Development

Ep. 118: Log4J Sparking Thought on Vulnerable Components

DevelopSec: Developing Security Awareness

28 subscribers

published לפני 4 שנים

שתפו

MP3•בית הפרקים

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.

DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

Send us a text

For more info go to https://www.developsec.com or follow us on X (@developsec).

The DevelopSec podcast is brought to you by Jardine Software Inc.

128 פרקים

#Tech #Security #Training #Podcasting Education #Jardine Software Inc #AppSec #Application Security #Secure Development

כל הפרקים

1
Ep. 124: Double-ClickJacking 21:07

לפני 22 weeks21:07

21:07

In this episode, I go over what Double-ClickJacking is and what you can potentially do about it to reduce the risk to your applications. Will this be the new finding on everyone's pen tests this year? Paulos Yibelo first described Double-ClickJacking and you can read more from him at his post referenced below. References: Paulos Yibelo Blog: https://www.paulosyibelo.com/2024/12/doubleclickjacking-what.html Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 123: Goals of Security Culture - Sort of? 7:56

לפני 23 weeks7:56

7:56

In this episode, I talk about how security is a part of everyone's role and the labeling of "Security Culture". I share some ideas on how to improve on role based security awareness and building stronger relationships between security and the rest of the organization. For more info go to https://www.developsec.com or follow us on X (@developsec). Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 122: Integrating Security Responsibilities into Development 18:04

לפני 24 weeks18:04

18:04

In this episode I talk about assigning responsibility for secure development and how the dev and security teams should be working together to accomplish a common goal. I also discuss the importance of updating developer job descriptions and creating an expectation around developers having secure development experience. For more info go to https://www.developsec.com or follow us on X (@developsec). Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 121 - Evolving Ransomware: Unique Tactics for Payment 17:44

לפני 1 year17:44

17:44

In this episode I talk about the evolving world of ransomware. I discuss a few examples of unique tactics the malicious actors are using to put pressure on organizations to pay the ransom. Referenced Articles: https://www.theregister.com/AMP/2024/04/30/finnish_psychotherapy_center_crook_sentenced/ https://www.darkreading.com/cyber-risk/hackers-weaponize-sec-disclosure-rules-against-corporate-targets https://www.theregister.com/2024/01/05/swatting_extorion_tactics/ For more info go to https://www.developsec.com or follow us on X (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 120: Addressing Root Cause - Vulnerable Components 16:30

לפני 2 years16:30

16:30

In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Transcript: In this episode, James talks about root cause analysis versus treating the symptoms. Tackling the challenge to integrate security into the development process, looking for insights, answers and practical solutions to avoid getting overwhelmed. Welcome to the develop SEC podcast where our focus is your success in securing and improving development processes. And here's your host, James Jardine. Hey, everyone, welcome back to the show. Today, I want to talk about addressing the symptoms versus addressing the root problem. And I think in application security, or when we talk about secure development, this is something where a lot of times we address the symptoms, but we never really take the step back to address the actual root cause of what's causing those symptoms. And today, I want to actually talk about vulnerable third party components. This is something that has been kind of brought to the attention a lot more in the past few years, made it into the OWASP, top 10. And it's something I think everybody struggles with, we never know when we'll have a vulnerable third party component, because until somebody actually identifies a vulnerability, we just assume that we're good. And then on top of that, if there is a vulnerability identified, then we also run the chances that we're probably not even using that feature. So vulnerable third party components are a really interesting aspect, when we think about secure development. Because there is a lot of unknowns, we may know that there's a vulnerability there. But the actual knowledge of do we use that piece and are we vulnerable, can be difficult, which, in the end, ends up adding a whole bunch of extra work and a whole lot of time for us to try to figure this out and address this stuff. And so this is where I talk about addressing the symptoms. In this case, in a lot of places, what we do is we address that symptom, we know that there's an issue of vulnerable third party components, right, that's the symptom, we have a vulnerable third party component. And so most places have some sort of process in place where we're going to identify these right, we're going to scan them all the time, whether using some of the common commercial tools, maybe you're using a free open source tool. But basically, the way it goes is I'm going to scan my repos or I'm going to scan my packages, and I'm going to look for all the dependencies, and then I'll look at their dependencies, and we'll see if there's any known vulnerable components within these right. And that requires having some sort of CVE out there that says, hey, somebody has found this, they've reported it, I remember requiring this to be a rep Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 119: Risks of SpellCheck 12:35

לפני 3 years12:35

12:35

In this episode we talk about the spell check feature of the browser and how it could present a risk to sensitive data. Link to article referenced: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 118: Log4J Sparking Thought on Vulnerable Components 24:27

לפני 4 years24:27

24:27

Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vulnerable? If so, what needs to be done? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 117: How Browsers are Helping with Security 13:49

לפני 5 years13:49

13:49

Chrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is coming up fast. I wrote about this here: https://www.jardinesoftware.net/2019/10/28/samesite-by-default-in-2020/ Also, they are getting ready to start blocking mixed content downloads: https://blog.chromium.org/2020/02/protecting-users-from-insecure.html For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 116: Chrome Retires XSS Auditor 14:07

לפני 6 years14:07

14:07

It was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a developer? https://www.chromium.org/developers/design-documents/xss-auditor For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 115: Is CSRF Really Dead? 15:09

לפני 6 years15:09

15:09

In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 114: Investing in People for Better Application Security 24:37

לפני 6 years24:37

24:37

In this episode, James talks about investing in the development teams to increase application security priorities. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 113: What is your mother's maiden name? 21:00

לפני 6 years21:00

21:00

In this episode, James talks about some of the risks and recommendations around security questions and their implementation. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 112: Application Fingerprinting 21:04

לפני 7 years21:04

21:04

Does your application give away details about it server, framework, or other components? How is this information used by an attacker? Check out this episode to learn more. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 111: Authentication Alerts 16:07

לפני 7 years16:07

16:07

Would you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credential stuffing, there must be a way to be alerted to account access. James talks about authentication alerts, what they are, and why you may want to use them. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

1
Ep. 110: Implementation Matters 19:17

לפני 7 years19:17

19:17

James discusses how implementation matters with security controls and how it changes priorities. This came about after reading the following story: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 109: 2018 Reflection 27:26

לפני 7 years27:26

27:26

I talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previous year and goals. I also talk about some new training I am providing. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 108: Dunkin Donuts Breach, Maybe?? 18:25

לפני 7 years18:25

18:25

In this episode James talk about the Dunkin Donuts Perks breach. This is an interesting situation as the accounts were access using the victim's username and password found from another data breach. The issue: Password Reuse. Could D&D have prevented this? Listen in to hear my thoughts. Please feel free to share your thoughts as well. Article from Today: https://www.today.com/food/dunkin-reveals-security-breach-here-s-what-it-may-mean-t144139 Dunkin Donuts Release: https://www.dunkindonuts.com/content/dam/dd/pdf/Security_Update.pdf For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 107: Credential Stuffing 18:36

לפני 7 years18:36

18:36

In this episode James talks about what credential stuffing is, how if affects your apps, and how you can look to defend against it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 106: Facebook Breach Take-aways and Insights 31:18

לפני 7 years31:18

31:18

James talks about the Facebook breach and shares some insights into how you can take steps to prevent this type of incident in your applications. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 105: Interview with Eric Johnson 57:11

לפני 7 years57:11

57:11

I sit down with Eric Johnson to talk about security in the IDE and other fun topics. A bit longer than usual, but full of great information. You can reach out to Eric on twitter @emjohn20 or check out his site at https://www.pumascan.com . For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 104: Securing Devops with Julien Vehent 45:07

לפני 7 years45:07

45:07

James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world. Julien (@jvehent) is a security architect and engineering manager with over 15 years of experience in large organizations and web companies. He is currently responsible for the operational security of Firefox's backend infrastructure at Mozilla, and is the author of Securing DevOps. Check out the book (Securing DevOps) at https://www.manning.com/books/securing-devops Special 40% discount code for Developsec listeners: poddevelopsec18 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 103: Is 3rd Party Authentication Right For Your Application? 18:16

לפני 7 years18:16

18:16

The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd party to authenticate your users. While this cuts a lot of work out of your development time, it is important to understand the pros and cons to each method. James talks through some of these risks to help better understand which method might be right for you. Links from show: Ep. 92: 2-Factor Authentication - http://podcast.developsec.com/ep-92-2-factor-authentication Ep. 61: Multi-factor Authentication - http://podcast.developsec.com/ep-61-multi-factor-authentication Ep. 39: Authentication - http://podcast.developsec.com/ep-39-authentication Ep. 2: All About Passwords - http://podcast.developsec.com/ep-1-all-about-passwords Ep. 73: Identity with Vittorio Bertocci - http://podcast.developsec.com/ep-73-identity-with-vittorio-bertocci For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 102: Intro to Web Security Policies 16:41

לפני 7 years16:41

16:41

In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation. Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03 Link to form to create the file: https://securitytxt.org/ Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 101: You're not always right and that is ok 20:58

לפני 7 years20:58

20:58

In this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn too. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 100: Choosing Security Tools 26:36

לפני 7 years26:36

26:36

In this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify security issues within our applications. The trick is to learn to identify which ones make the most sense for your environment. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 99: Shifting Left in the SDLC 19:56

לפני 7 years19:56

19:56

In this episode, James talks about what it means to shift left in the SDLC. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 98: Efail and News Hype 18:07

לפני 7 years18:07

18:07

In this episode we talk about efail and the HYPE around security news. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
EP. 97: Gmail / Netflix Potential Scam 18:27

לפני 7 years18:27

18:27

** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. For schedules and information check out https://www.jardinesoftware.com/fundamentals-of-application-security/ ** In this episode, James shares his thoughts on an interesting scam potential was brought up regarding Gmail and Netflix. A lot of the discussion is on a unique Gmail feature most haven't heard of. James breaks this down in this episode. The original story was shared at https://www.theregister.co.uk/2018/04/10/gmail_netflix_phishing_vector/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 96: Security Flaws as Defects 27:35

לפני 7 years27:35

27:35

In this episode we talk about treating security flaws as defects and embedded vs. built-in security. Do you treat security flaws differently? What barriers does that create? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 95: MyFitnessPal Breach Take-Aways 18:24

לפני 7 years18:24

18:24

In this episode we talk about the MyFitnessPal breach and some of the key points that we as developers, security, and users can take away from it. Tweet with Graph of Largest Breaches mentioned: https://twitter.com/EricTopol/status/979556839015661568 Link to article about the breach: https://www.cnet.com/news/millions-of-myfitnesspal-accounts-hacked-under-armour-says/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 94: Penetration Testing 26:09

לפני 7 years26:09

26:09

In this episode we talk about penetration testing and what you need to know to get the most out of the activity. Tune in to hear some of our thoughts on the topic. To take the training course survey go to https://forms.office.com/Pages/ResponsePage.aspx?id=dUTTGKfrY0SMJRLyejG00DrfDtlb8W5HpqoXHgPDektUNDgxVU9SNlVRNVhXMTY4UUxSU041MFVWTC4u For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 93: Code Review 25:53

לפני 7 years25:53

25:53

In this episode we talk about secure code review with a mention of static analysis. Do you know the difference? What is the issue of doing one over the other, or just outright replacing actual code review with static analysis? Tune in to hear some of our thoughts on the topic. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 92: 2-Factor Authentication 21:41

לפני 7 years21:41

21:41

In this episode James talks about 2-factor authentication, why we use it, and maybe why we don't. Is your 2-factor implementation getting in your way? The DevelopSec YouTube Channel - https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
DevelopSec Podcast #91 - OWASP Top 10 2017 Thoughts 28:45

לפני 7 years28:45

28:45

The new OWASP Top 10 2017 is out. We look at some of the changes and how you can effectively use the list to better your security program. We are also launching a new DevelopSec Live broadcast. To check out the first episode, go to https://www.youtube.com/watch?v=kfDuxwFScOE (The first 2 minutes are just a place holder as I was starting, feel free to skip those. That will go away in future episodes). The DevelopSec YouTube Channel - https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 90: 5 Steps to Help Secure Your Database 44:12

לפני 8 years44:12

44:12

James sits down with Perry Krug, from Couchbase to discuss some important steps to take to secure your database. Perry Krug - https://twitter.com/perrykrug Couchbase - https://twitter.com/couchbase Couchbase - https://www.couchbase.com/ CouchbaseSecurity Documents - https://developer.couchbase.com/documentation/server/current/security/security-intro.html For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 89: New Year's Resolutions 18:34

לפני 8 years18:34

18:34

Welcome to 2018! Another year down and time for many of us to start making promises to ourselves of things we will start doing in this new year. In this episode James talks about some lessons we should take from 2017 and ways to use them in 2018. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 88: Meteor Security with Tim Medin 42:33

לפני 8 years42:33

42:33

In this episode, James talks with Tim Medin regarding Meteor and security. If you develop with Meteor or have to test it, there is a lot of information packed in. More about Tim Medin (@timmedin): Red Seige website - https://www.redsiege.com/ Link to Meteor Minor and other tools Tim mentioned: https://github.com/nidem Tim Medin's Bsides Orlando 2017 Presentation - Tim Medin - Mining Meteor B-Sides Orlando 2017 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 87: Apple Sign-in Bug Take-Aways 24:20

לפני 8 years24:20

24:20

You have heard about the Apple Sign-in Bug on High Sierra. Now lets talk about how we can use this example to better our current development processes to protect ourselves. Link to mentioned article: https://www.theguardian.com/technology/2017/nov/30/apple-macos-high-sierra-fix-breaks-file-sharing-password-security-flaw-emergency-patch For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 86: Vulnerable 3rd Party Components 18:34

לפני 8 years18:34

18:34

In this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not. Links: OWASP Dependancy Check - https://www.owasp.org/index.php/OWASP_Dependency_Check GitHub Blog - https://github.com/blog/2470-introducing-security-alerts-on-github RetireJS - https://retirejs.github.io/retire.js/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 85: Open Redirect Revisited 25:01

לפני 8 years25:01

25:01

In this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this information can be used in your personal technology use, not just in development. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 84: Understanding the Technology 23:30

לפני 8 years23:30

23:30

You know your development language and platform, but do you really know the ins and outs of web application technology? How well do you know HTTP, HTML, etc? James talks about a few scenarios where really understanding how the technologies works helps better understand vulnerability risks. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 83: Authorization Overview 20:54

לפני 8 years20:54

20:54

In this episode, James talks about authorization and some common areas where it poses a risk. He also goes over some techniques to help test authorization. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 82: Equifax Take-aways 25:55

לפני 8 years25:55

25:55

The Equifax breach was a major news story. James talks about some of the security controls mentioned and how to start a conversation within your organization about them. Want to listen on YouTube? Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 81: JavaScript in HREF and SRC (XSS) 20:20

לפני 8 years20:20

20:20

We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags. James talks about this unique ability and how to protect your applications from it. The related blog post for this can be found at https://www.developsec.com/2017/09/06/javascript-in-an-href-or-src-attribute/ Want to listen on YouTube? Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 80: Understanding Security of Your Platforms 19:35

לפני 8 years19:35

19:35

We use a lot of platforms and frameworks when we develop an application. These platforms may provide security features, but do you know which ones? James talks about the importance of understanding your platforms and what to consider. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 79: Marketing with USB Drives 15:40

לפני 8 years15:40

15:40

James talks about the risk of USB thumb drives and their risk using the recent BCBS marketing campaign as an example. ( http://www.fiercehealthcare.com/privacy-security/bcbs-alabama-re-evaluates-usb-marketing-campaign-amid-security-concerns ). For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 78: MySpace Lessons - Looking At Account Recovery 19:14

לפני 8 years19:14

19:14

James talks about a recent vulnerability report regarding MySpace's Account Recovery system ( https://www.wired.com/story/myspace-security-account-takeover/ ). He talks about considerations around account recovery and the need to revisit this type of functionality on a regular basis. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 77: Interactive Application Security Testing 14:47

לפני 8 years14:47

14:47

In this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach that is similar to both dynamic and static analysis. Listen in to learn more about it. The video version of this can be found at https://youtu.be/KHSlDletm9I For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 76: Validation - Client vs. Server 13:09

לפני 8 years13:09

13:09

Are you thinking about client vs. server-side input validation? Curious why each is important and when to use them? James talks about the basic concepts and how to apply them to create more secure applications. A video version of this podcast is now available at: https://youtu.be/irO1TOC6-i8 For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 75: IAM with Geurt van Wijk 41:45

לפני 8 years41:45

41:45

In this episode I sit down with Geurt van Wijk from IDdriven to discuss IAM and IDaaS. Geurt has many years of experience around Identity and shares some great insights into considerations when working with it. If you typically think of Identity as just a user with credentials and some typical roles, you will want to listen in. You can get more information about IDdrive from https://www.iddriven.com For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 74: Audio Driver Key Logger Lessons Learned 16:25

לפני 8 years16:25

16:25

It was recently reported that an audio driver on HP systems was logging key strokes to a local file. Accidental? Malicious? Instead, we talk about how to try and avoid this from happening in the future. Original Article: https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 73: Identity with Vittorio Bertocci 30:26

לפני 8 years30:26

30:26

I sat down with Vittorio Bertocci from Microsoft at the Microsoft Build 2017 conference in Seattle Washington. Vittorio shared some great insights into Identity and some new things around Azure AD and Azure AD B2C. Listen in to learn more about some of the interesting things going on. You can watch Vittorio's presentation from build at: https://channel9.msdn.com/Events/Build/2017/B8084 To get more information from Vittorio, you can follow him on twitter at @vibronet or check out his website at www.cloudidentity.com Also, check out this announcement about new authentication SDKs: https://azure.microsoft.com/en-us/blog/start-writing-applications-today-with-the-new-microsoft-authentication-sdks/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 72: Where to Perform Output Encoding 13:37

לפני 8 years13:37

13:37

Over the years I have had many people ask about encoding before storing data in the database. Here are my thoughts and recommendations. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 71: Sub Resource Integrity 14:47

לפני 8 years14:47

14:47

Do you use hosted content on a CDN? How do you know the file hasn't been modified? James describes Sub Resource Integrity and how it is used to help detect and prevent loading modified files. For details referenced in the show about commands and examples, check out our post at https://www.developsec.com/2017/04/16/sub-resource-integrity-sri/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 70: Considering security when selecting an application platform 21:02

לפני 8 years21:02

21:02

Do you struggle with trying to pick the most secure application platform? Are you focusing on the right questions? James talks about ways to look at application platforms and be secure, no matter which one you choose. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 69: Concurrent User Sessions 21:23

לפני 8 years21:23

21:23

Do you allow users to login into their accounts across multiple browsers or devices? Does this raise a security concern? James talks about how to handle this question and analyze the root issue. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 68: How the AWS disruption can help us 15:22

לפני 8 years15:22

15:22

I am sure you have heard about the AWS service disruption that occurred. Have you seen how we can learn from this when we look at our own tools and processes? James talks about how we need to look at our own applications and tools and consider how time has changed the landscape. There might be more than you think. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 67: Clearing up HTTPOnly and Secure Cookie Attributes 9:23

לפני 8 years9:23

9:23

I hear a lot of people struggling with HTTPOnly and Secure attributes on cookies. The names may be confusing to some. Change your viewpoint and it may become easier.. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 66: Forgot Username 14:45

לפני 8 years14:45

14:45

We always talk about Forgot Password... But what about Forgot Username? Listen in as James discusses why protecting this functionality is important and the ways it could be abused if not properly handled. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

DevelopSec: Developing Security Awareness

1
Ep. 65: Security Questions: Good or Bad? 18:07

לפני 8 years18:07

18:07

In this episode, James talks about security questions, or secret questions. We see them used in many different places. People complain they are horrible. So are they that bad that you shouldn't use them? Is it possible to help reduce the risk with security questions? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage . Send us a text For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

28 subscribers

דומה לDevelopSec: Developing Security Awareness

Amazon Basics Multipurpose Copy Printer Paper, 8.5 x 11 Inches, 20 lb, 1 Ream, (500 Sheets), 92 Bright, White

Elmer's Disappearing Purple School Glue Sticks Washable 7 Grams 30 Count

Bounty Quick Size Paper Towels, White, 8 Family Rolls = 20 Regular Rolls (Packaging May Vary)

פודקאסטים ששווה להאזין

DevelopSec: Developing Security Awareness « » Ep. 118: Log4J Sparking Thought on Vulnerable Components

Ep. 118: Log4J Sparking Thought on Vulnerable Components

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

Amazon Basics Dog and Puppy Pee Pads, 5-Layer Leak-Proof Super Absorbent, Quick-Dry Surface, Potty Training, Regular (22x22"), 100 Count, Blue & White

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Microsoft Office Home 2024 | Classic Apps: Word, Excel, PowerPoint | One-Time Purchase for 1 PC/MAC | Instant Download | Formerly Home & Student 2021 [PC/Mac Online Code]

Bounty Paper Towels Quick Size, White, 16 Family Rolls = 40 Regular Rolls (Packaging May Vary)

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

דומה לDevelopSec: Developing Security Awareness

מדריך עזר מהיר

DevelopSec: Developing Security Awareness « »
Ep. 118: Log4J Sparking Thought on Vulnerable Components