The Secure Developer

Securing And Defending Like Brazilian Jiu-Jitsu With Jeremiah Grossman

10 snips
Feb 4, 2025
Jeremiah Grossman, an application security pioneer and former CEO of WhiteHat Security, shares insights from his extensive career, including his influence on OWASP. The discussion reveals the evolution of web application security, highlighting past vulnerabilities like SQL injection and the complexities of modern compliance. Jeremiah emphasizes the need to align developer incentives with security priorities, while also navigating the emerging challenges posed by AI-generated code. He draws fascinating parallels between Brazilian Jiu-Jitsu and cybersecurity, advocating for continuous learning and collaboration.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

Early Web Vulnerabilities

  • Early websites were easily hackable due to prevalent SQL injection and cross-site scripting vulnerabilities.
  • Frameworks and increased awareness have improved web application security over time.
INSIGHT

Framework Reliance

  • Frameworks help eliminate vulnerabilities like SQL injection and cross-site scripting.
  • Developers relying on frameworks may lack experience fixing these issues when they arise.
INSIGHT

Security Spending vs. Posture

  • Security spending remains high, but overall security posture hasn't improved proportionally.
  • The cost of defense often significantly outweighs the attacker's investment.
Get the Snipd Podcast app to discover more snips from this episode
Get the app