The Application Security Podcast Jeff Williams -- Application Detection & Response (ADR)
14 snips
Sep 24, 2024 In this conversation with Jeff Williams, a co-founder of OWASP and a trailblazer in application security, listeners dive into the transformative power of Application Detection and Response (ADR). Jeff emphasizes ADR's role in real-time monitoring and response to vulnerabilities, contrasting it with traditional security techniques. He shares insights on the evolution of security testing and the importance of community building. The discussion also explores the intersection of AI and AppSec, addressing both its potential benefits and challenges in enhancing security.
AI Snips
Chapters
Transcript
Episode notes
Competitive Basketball Kept Him Grounded
- Jeff Williams describes joining Masters basketball tournaments as a way to stay fit and find purpose outside tech.
- He formed a team and won back-to-back national championships for 50+ players, sharing vivid tournament stories.
Runtime Blueprints Cut Testing Workload
- Runtime observation can auto-generate a security blueprint showing endpoints, data flows, and controls.
- That blueprint lets pen testers and threat modelers focus effort where exploitation is actually possible.
Target Tests Using Blueprint Filters
- Use the blueprint to filter routes by behavior and target testing (e.g., only routes that evaluate expressions).
- Focus tests on likely exploit points to reduce pen test effort by up to 75% or more.