The Application Security Podcast
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Principal Application Security Architect focused on Threat Modeling at Aquia.
Latest episodes
Apr 27, 2018 • 31min
Chase Schultz -- AppSec and Hardware
Chase Schultz joins to discuss the combination of AppSec and hardware. He also dives into how the Meltdown and Spectre attacks worked.You can find Chase on Twitter @f47h3r_B0FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apr 20, 2018 • 30min
John Melton -- #OWASP AppSensor
John Melton joins to discuss the #OWASP AppSensor project. He talks about how AppSensor works and how it can be used in your application. You can find John on Twitter @_jtmelton FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apr 13, 2018 • 37min
David Habusha -- Third Party Software is not a Cathedral, It’s a Bazaar
David Habusha joins to discuss the OWASP Top 10 A9: Using components with known vulnerabilities. He also dives into the Software Composition Analysis (SCA) market. You can find David on Twitter @davidhabusha FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apr 12, 2018 • 48min
Steve Springett -- Dependency Check and Dependency Track
Steve Springett joins the show to talk about Dependency Check and Dependency Track. He also discusses how they can help prevent you from using components with known vulnerabilities. You can find Steve on Twitter @stevespringettFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apr 6, 2018 • 33min
Steven Wierckx -- The #OWASP Threat Modeling Project
Steven Wierckx joins Robert and Chris this week to talk about the #OWASP Threat Modeling project that he’s involved in. You can find Steven on Twitter @ihackforfun https://open-security-summit.org/FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Apr 5, 2018 • 31min
Jim Manico -- The #OWASP Cheat Sheet Project
Jim Manico joins us to discuss some of the changes with the OWASP Cheat Sheets and their plans for that project's future. Jim also talks about how they are looking for experts to create or update some of the Cheat Sheets. You can find Jim on Twitter @manicodeFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mar 23, 2018 • 34min
Neil Smithline -- OWASP Top 10 #10: Logging
Neil Smithline joins this week to discuss one of the new items on the OWASP Top 10 List, Insufficient Logging and Monitoring. You can find Neil on Twitter @neilsmithineFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mar 16, 2018 • 43min
Jim Routh -- Selling #AppSec Up The Chain
Jim Routh joins the podcast to discuss selling #AppSec up the chain. Jim has built five successful software security programs in his career and serves as a CISO now. Jim shares his real-world experience with successfully selling #AppSec to senior management (as well as many other pieces of wisdom for running an AppSec program).You can find Jim on Twitter @jmrouth01FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mar 9, 2018 • 29min
Chris and Robert -- #AppSec Recommendations
Chris and Robert go over a plethora of recommendations they have accumulated over their years of experience in the industry.Chris’s recommendations1. Book: Agile Application Security: Enabling Security in a Continuous Delivery Pipelineby Laura Bell (Author), Michael Brunton-Spall (Author), Rich Smith (Author), Jim Bird (Author)https://amzn.com/14919388462. Website: Iron GeekAdrian Crenshaw records many major, non-commercial security conferences and posts the talks to Youtubehttp://www.irongeek.com/3. Book: The DevOps Handbook: How to Create World-Class Agility, Reliability, and Security in Technology Organizationsby Gene Kim (Author), Patrick Debois (Author), John Willis (Author), Jez Humble (Author)https://amzn.com/1942788002 4. News Source: The RegisterNews site, but has great sources and a bit of British humor attached to technology failureshttp://www.theregister.co.uk/security/5. Blog: TechBeaconhttps://www.techbeacon.com6. Book: Threat Modeling: Designing for Securityby Adam Shostack (Author)https://amzn.com/11188099987. Book: The Tangled Web: A Guide to Securing Modern Web Applicationsby Michal Zalewski (Author)https://amzn.com/B006FZ3UNI8. Book: Start with Why: How Great Leaders Inspire Everyone to Take Actionby Simon Sinek (Author)Not a security book, but a good approach for those trying to change a security culturehttps://amzn.com/B002Q6XUE4Robert’s Recommendations1. Books by Martin Fowler (Author)He wrote many books on understanding Architecture.https://martinfowler.com/books/2. Book: Software Security: Building Security Inby Gary McGraw (Author)http://a.co/5EIlu4h3. Book: Core Software Security: Security at the Sourceby James Ransome (Author) and Anmol Misra (Author)http://a.co/hEwCflz4. Book: Threat Modeling: Designing for Securityby Adam Shostack (Author)https://amzn.com/11188099985. Websites: Troy Hunthttps://www.troyhunt.com/https://haveibeenpwned.com/6. Conferences: #AppSec USA, , B-Sides, Source, Convergehttps://2018.appsecusa.org/http://www.securitybsides.comhttps://sourceconference.com/https://www.convergeconference.org/7. Website: Google AlertsUse this to be notified about specific topics you want to learn about.https://www.google.com/alerts8. Book: The Checklist Manifesto: How to Get Things Rightby Atul Gawande (Author)http://a.co/dirHpwq9. Book Securing Systems: Applied Security ArchitecFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mar 2, 2018 • 33min
Magen Wu -- Hustle and Flow: Dealing With Burnout in Security
Magen Wu works through the topic of burnout and mental health in security. She gives examples of handling this and recognizing if people around you are burning out.You can find her on Twitter @infosec_tottieAdditional information on this topic:Jack Daniel often speaks on this topic of burnoutYoutube: The Causes of and Solutions for Security BurnoutYoutube: Infosec Survival Skills: Being Productive, Coping with Stress, & Preventing BurnoutArticle: Becoming jaded with Security BSides’ Jack DanielFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
