Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254 | Security Weekly Podcast Network (Video) Podcast

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254: Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why... by Application Security Weekly (Video)

37 min listen

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254: Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why... by Security Weekly Podcast Network (Audio)

73 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Security Weekly Podcast Network (Audio)

74 min listen

Integrating Appsec Tools for DevOps Teams - Steve Wilson - ASW #186: DevOps teams have often been underserved by security tools. Modern appsec solutions need to fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline isn't sufficient -- there are apps... by Application Security Weekly (Video)

37 min listen

Integrating Appsec Tools for DevOps Teams - Steve Wilson - ASW #186: DevOps teams have often been underserved by security tools. Modern appsec solutions need to fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline isn't sufficient -- there are apps... by Security Weekly Podcast Network (Video)

37 min listen

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272: We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to... by Security Weekly Podcast Network (Video)

38 min listen

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272: We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to... by Application Security Weekly (Video)

38 min listen

ASW #231 - Neatsun Ziv: In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supply Chain Attack Reference (OSC&R), a consortium of leading cybersecurity leaders. OSC&R the... by Security Weekly Podcast Network (Audio)

80 min listen

Always Interesting - ASW #143: This week, we welcome John Morello, VP of Product at Palo Alto Networks, joins us to talk about Cloud Native Security Platforms! Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy... by Security Weekly Podcast Network (Audio)

62 min listen

ISC StormCast for Monday, February 13th 2017: #Samsung #KNOX Patch; #MongoDB Audit; Crypto in #PHP by SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

6 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Application Security Weekly (Video)

40 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Security Weekly Podcast Network (Video)

40 min listen

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272: We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to... by Security Weekly Podcast Network (Audio)

74 min listen

Stung by OWASP? Chatting with the creator of the most popular web app scanner: Simon Bennetts, founder and project lead of OWASP ZAP, joins the home team to talk about how he came to create the world’s most-used web app scanner, why open-source projects need long-term contributors, and how recent AI advancements could introduce new security vulnerabilities. by The Stack Overflow Podcast

17 min listen

ASW #190 - Harshil Parikh: Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all... by Security Weekly Podcast Network (Audio)

78 min listen

Why DAST - from Project Management Perspective - Suha Akyuz - ESW #233: More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to production. Using the legacy DevOps can lead to a downfall... by Security Weekly Podcast Network (Video)

31 min listen

Why DAST - from Project Management Perspective - Suha Akyuz - ESW #233: More than 96% of software development projects fail across the globe because too many businesses rely on the legacy DevOps process which allows us to run security testing right before going to production. Using the legacy DevOps can lead to a downfall... by Enterprise Security Weekly (Video)

31 min listen

Open-source supply chain security with Feross Aboukhadijeh: Feross Aboukhadijeh is the creator of WebTorrent, StandardJS, and Wormhole. We talked to Feross about Wormhole back in June and he joins us now to talk about Socket.dev, a new security company that can protect your most critical apps from supply chain attacks. by PodRocket - A web development podcast from LogRocket

44 min listen

Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282: How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source... by Security Weekly Podcast Network (Audio)

78 min listen

Challenges of DAST Scanners / Adoption by Developers - Nuno Loureiro, Tiago Mendo - ASW #155: What are some of the DAST scanners challenges, like coverage of modern apps, point & shoot, scan time, partial scans, or scanning at scale? What do developers look for in a DAST scanner? This segment is sponsored by Probely. Visit to learn... by Security Weekly Podcast Network (Video)

40 min listen

Challenges of DAST Scanners / Adoption by Developers - Nuno Loureiro, Tiago Mendo - ASW #155: What are some of the DAST scanners challenges, like coverage of modern apps, point & shoot, scan time, partial scans, or scanning at scale? What do developers look for in a DAST scanner? This segment is sponsored by Probely. Visit to learn... by Application Security Weekly (Video)

40 min listen

Broadening What We Call AppSec - Christien Rioux - ASW Vault: Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take... by Security Weekly Podcast Network (Video)

36 min listen

Broadening What We Call AppSec - Christien Rioux - ASW Vault: Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take... by Security Weekly Podcast Network (Audio)

36 min listen

Broadening What We Call AppSec - Christien Rioux - ASW Vault: Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take... by Application Security Weekly (Video)

36 min listen

How IaC is Changing Cloud Security for the Better - Tony Karam - ESW #297: Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it’s defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention... by Enterprise Security Weekly (Video)

37 min listen

How IaC is Changing Cloud Security for the Better - Tony Karam - ESW #297: Infrastructure-as-code (IaC) allows for quick and consistent configuration and deployment of infrastructure components because it’s defined through code. It also enables repeatable deployments across environments. IaC is seeing significant attention... by Security Weekly Podcast Network (Video)

37 min listen

Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170: There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to... by Security Weekly Podcast Network (Video)

38 min listen

Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170: There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to... by Application Security Weekly (Video)

38 min listen

How to Build a Developer-First Application Security Program - Harshil Parikh - ASW #190: Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all... by Application Security Weekly (Video)

36 min listen

How to Build a Developer-First Application Security Program - Harshil Parikh - ASW #190: Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all... by Security Weekly Podcast Network (Video)

36 min listen

Discover this podcast and so much more

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes