Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272 | Security Weekly Podcast Network (Video) Podcast

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272: We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to... by Application Security Weekly (Video)

38 min listen

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272: We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to... by Security Weekly Podcast Network (Audio)

74 min listen

Visualizing & Detecting Threats For Your Custom Application - Justin Massey - ASW #122: Application logs are critical to DevOps teams for monitoring the performance and health of their apps. Those same logs are just as critical to understanding the security of apps, whether detecting attacks or responding to them. So, it's important that... by Security Weekly Podcast Network (Video)

41 min listen

Visualizing & Detecting Threats For Your Custom Application - Justin Massey - ASW #122: Application logs are critical to DevOps teams for monitoring the performance and health of their apps. Those same logs are just as critical to understanding the security of apps, whether detecting attacks or responding to them. So, it's important that... by Application Security Weekly (Video)

41 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Security Weekly Podcast Network (Video)

40 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Application Security Weekly (Video)

40 min listen

Integrating Appsec Tools for DevOps Teams - Steve Wilson - ASW #186: DevOps teams have often been underserved by security tools. Modern appsec solutions need to fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline isn't sufficient -- there are apps... by Security Weekly Podcast Network (Video)

37 min listen

Integrating Appsec Tools for DevOps Teams - Steve Wilson - ASW #186: DevOps teams have often been underserved by security tools. Modern appsec solutions need to fit within the existing workflows related to how software is built and deployed. But just dropping a tool into that pipeline isn't sufficient -- there are apps... by Application Security Weekly (Video)

37 min listen

Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274: Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ten list!) We talk about what it takes to pitch a new project and the problems that this new project... by Application Security Weekly (Video)

34 min listen

Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274: Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ten list!) We talk about what it takes to pitch a new project and the problems that this new project... by Security Weekly Podcast Network (Video)

34 min listen

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254: Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why... by Security Weekly Podcast Network (Audio)

73 min listen

Airplane.dev with Ravi Parikh: Ravi Parikh, Co-Founder of Airplane and Heap, joins us to talk about Airplane.dev -- a developer platform for quickly building internal tools and automating internal workflows and processes. If you're an engineer and you find yourself constantly running the same SQL query over and over again, or the same script or on-call runbook, Airplane wants to make it really easy to take that one off script or SQL query or whatever eng only operation that you're bottlenecked on and turn that into a robust reusable internal app that anybody in your company can use. by PodRocket - A web development podcast from LogRocket

30 min listen

ASW #224 - Keith Hoodlet: How do you mature a team responsible for securing software? What are effective ways to prioritize investments? We'll discuss a set of posts on building talent, building capabilities, and what mature teams look like. Segment resources: - ... by Security Weekly Podcast Network (Audio)

77 min listen

Navigating the Complexities of Development to Create Secure APIs with Kristen Bell - Kristen Bell - ASW #248: Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams need to push for collaboration and help implement tools that augment the development process. Dev teams need to wrangle complex... by Application Security Weekly (Video)

38 min listen

Navigating the Complexities of Development to Create Secure APIs with Kristen Bell - Kristen Bell - ASW #248: Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams need to push for collaboration and help implement tools that augment the development process. Dev teams need to wrangle complex... by Security Weekly Podcast Network (Video)

38 min listen

The DIY AppSec Lab - ASW #185: Lots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearly complete toolkit. But nearly complete means there's still room for improvement. We'll talk about... by Application Security Weekly (Video)

32 min listen

The DIY AppSec Lab - ASW #185: Lots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearly complete toolkit. But nearly complete means there's still room for improvement. We'll talk about... by Security Weekly Podcast Network (Video)

32 min listen

Working With OpenVAS - PSW #708: Gain some insights into the OpenVAS project, why you might want to use it and some of the best implementations. This segment will dive right into the extended setup by compiling OpenVAS, and all components, from source code. Visit for all the... by Security Weekly Podcast Network (Video)

41 min listen

Always Interesting - ASW #143: This week, we welcome John Morello, VP of Product at Palo Alto Networks, joins us to talk about Cloud Native Security Platforms! Modern appsec demonstrates the importance of a cloud native strategy for enterprise security and how much that strategy... by Security Weekly Podcast Network (Audio)

62 min listen

Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170: There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to... by Security Weekly Podcast Network (Video)

38 min listen

Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170: There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to... by Application Security Weekly (Video)

38 min listen

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264: This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need... by Security Weekly Podcast Network (Audio)

74 min listen

Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274: Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ten list!) We talk about what it takes to pitch a new project and the problems that this new project... by Security Weekly Podcast Network (Audio)

57 min listen

Shifting Focus to Make DevSecOps Successful - Janet Worthington - ASW #258: What if all these recommendations to shift left were more about shifting focus? It's all too easy to become preoccupied with vulns, whether figuring out how to find them earlier in the SDLC or spending time fixing them within specific number of days.... by Security Weekly Podcast Network (Video)

40 min listen

Shifting Focus to Make DevSecOps Successful - Janet Worthington - Janet Worthington - ASW #258: What if all these recommendations to shift left were more about shifting focus? It's all too easy to become preoccupied with vulns, whether figuring out how to find them earlier in the SDLC or spending time fixing them within specific number of days.... by Application Security Weekly (Video)

40 min listen

SWVHSC: How Does Sec Live In A DevOps World? - Mike Rothman - ASW #117: As you go full DevSecOps, where does that leave security operations? Who makes changes that are required? How do you empower (or deputize) app folks or ops folks (DevOps) to make those operational changes? What kind of tooling is going to meet the... by Security Weekly Podcast Network (Video)

34 min listen

SWVHSC: How Does Sec Live In A DevOps World? - Mike Rothman - ASW #117: As you go full DevSecOps, where does that leave security operations? Who makes changes that are required? How do you empower (or deputize) app folks or ops folks (DevOps) to make those operational changes? What kind of tooling is going to meet the... by Application Security Weekly (Video)

34 min listen

The Security Challenges That Devs Encounter When Building Secure Apps - Farshad Abasi - ASW #203: Appsec starts with the premise that we need to build secure code, but it also has to be able to recommend effective practices and tools that help developers. This also means appsec teams need to work with developers to create criteria for security... by Application Security Weekly (Video)

35 min listen

The Security Challenges That Devs Encounter When Building Secure Apps - Farshad Abasi - ASW #203: Appsec starts with the premise that we need to build secure code, but it also has to be able to recommend effective practices and tools that help developers. This also means appsec teams need to work with developers to create criteria for security... by Security Weekly Podcast Network (Video)

35 min listen

Security By Design - ASW #135: A premise of adding security to DevOps is we can "shift left" AppSec responsibilities, one of which is building apps so they're secure by design. Yet what resources does the AppSec community provide for this approach to design? We take a look at the... by Security Weekly Podcast Network (Video)

36 min listen

Discover this podcast and so much more

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272

Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272

Description

Titles in the series (100)

More Episodes from Security Weekly Podcast Network (Video)

Related podcast episodes