The Application Security Podcast

Alex Olsen, Cyber Security Consulting Group leader at Rakuten's Cyber Security Defense Department, discusses security champions, democratizing application security, implementing a security champions program, onboarding process, connecting volunteers to the community, scope, cost, and effort in a security champions program, keeping a champions program engaging, and sharing experiences on security champions and AppSec training.

Mark Curphey is one of the creators of OWASP from the very early days. Mark worked in the background over the few decades of OWASP but has recently taken more to the spotlight. After running, he was elected and joined the OWASP Board of Directors. This conversation starts with the historical story of Mark and his history with OWASP. Then we jump into the visions for OWASP in the future and the plans in place to reach those goals. We hope you enjoy this conversation with...Mark Curphey.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Tiago Mendo is a co-founder and CTO of Probely. He has extensive experience in pentesting applications, training, and providing all-around security consultancy. Tiago started working with security in the early 2000s, beginning with a tenure of 12 years at Portugal Telecom. While there, he built the web security team and worked with 150+ developers. He holds a Master's in Information Technology/Information Security from Carnegie Mellon University and a CISSP certification. He is also a qualified member of AP2SI, a non-profit organization that promotes Information Security in Portugal, and Co-Leader of the Lisbon OWASP Chapter. He is a frequent speaker at security events, such as Confraria da Segurança da Informação, BSides Lisbon, BSides Kraków and LASCON. Tiago Mendo joins us to discuss OWASP ZAP and DAST scanning at scale. Tiago shares what scanning at scale is, the common challenges development teams must overcome when scanning at scale, and how to overcome them using OWASP ZAP. We hope you enjoy this conversation with ... Tiago Mendo.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

J. Wolfgang Goerlich is an Advisory CISO for Cisco Secure. He has been responsible for IT and IT security in the healthcare and financial services verticals. Wolfgang has led advisory and assessment practices for cybersecurity consulting firms. Wolf joins us to talk about some security things that will stretch your mind, like security beyond vulnerabilities, how apps intended functionality can be misused, data privacy, and nudges and behavior science. Wolf challenged my thinking in this episode and pointed out a new area of threat modeling I had never considered. We hope you enjoy this conversation with... J. Wolfgang Goerlich.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Sam Stepanyan is an OWASP London Chapter Leader and an Independent Application Security Consultant with over 20 years of IT experience and a background in software engineering and web application development. Sam has worked for various financial services institutions in the City of London, specializing in Application Security consulting, Secure Software Development Lifecycle (SDLC), developer training, source code reviews and vulnerability management. He is also a Subject Matter Expert in Web Application Firewalls (WAF) and SIEM systems. Sam holds a Master’s degree in Software Engineering and a CISSP certification. Sam joins us to introduce us to OWASP Nettacker. He describes the tool's capabilities, how you can put it into use in various scenarios for asset generation and vuln scanning, and how to contribute to the project going forward. We hope you enjoy this conversation with...Sam Stepanyan.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dolev Farhi is a security engineer and author with extensive experience leading security engineering teams in complex environments and scales in the Fintech and cyber security industries. Currently, he is the Principal Security Engineer at Wealthsimple. He is one of the founders of DEFCON Toronto (DC416). He enjoys researching vulnerabilities in IoT devices, participating in and building CTF challenges and contributing exploits to Exploit-DB.Nick Aleks is a leader in Toronto's cybersecurity community and a distinguished and patented security engineer, speaker, and researcher. He is currently the Senior Director of Security at Wealthsimple, leads his security firm, ASEC.IO, and is a Senior Advisory Board member for HackStudent, George Brown, and the University of Guelph's Master of Cybersecurity and Threat Intelligence programs. A founder of DEFCON Toronto, he specializes in offensive security and penetration testing. He has over ten years of experience hacking everything from websites, safes, locks, cars, drones, and even intelligent buildings.Dolev and Nick join us to unpack the world of GraphQL security. We introduce GraphQL, threats, and mitigations to secure your GraphQL instances. We hope you enjoy this conversation with....Dolev and Nick.Important Links:Link to the book → https://nostarch.com/black-hat-graphqlCrackQL → https://github.com/nicholasaleks/CrackQLDamn Vulnerable GraphQL Application → https://github.com/dolevf/Damn-Vulnerable-GraphQL-ApplicationFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

With nearly 25 years of experience in the cyber-security industry, Guy held various positions in both corporates and startups.In his role as the CTO for the cyber crisis management firm Profero, his focus is making incident response fast and scalable, harnessing the latest technologies and a cloud-native approach.Guy is the BSidesTLV chairman and CTF lead, a Public speaker in well-known global security events (SAS, t2, 44CON, BSidesLV, and several DefCon villages, to name a few), and the recipient of the Cisco “black belt” security ninja honor – Cisco’s highest cybersecurity advocate rank.Guy joins us to explore his front-row seat for the incident response with Log4j. There are many AppSec lessons to learn by understanding the greater depth of Log4J. We hope you enjoy this episode with .... Guy Barhart-Magen.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Brett Smith is a Software Architect/Engineer/Developer with 20+ years of experience. Specialties: Automation, Continuous Integration/Delivery/Testing/Deployment Expertise: Linux, packaging, and tool design. Brett joins us to discuss why he hates security and shares his vast knowledge of building a secure and cutting-edge build pipeline. We hope you enjoy this conversation with...Brett Smith.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Chen Gour-Arie is the Chief Architect and Co-Founder of Enso Security. With over 15 years of hands-on experience in cybersecurity and software development, Chen demonstrably bolstered the software security of dozens of global enterprise organizations across multiple industry verticals. An enthusiastic builder, he has focused his career on building tools to optimize and accelerate security testing and all related workflows. Ken joins us to introduce the AppSec Map and provides a live demo of the catalog and what AppSec practitioners can use it for. We hope you enjoy this conversation with...Chen Gour-Arie.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Dominique Righetto is an AppSec enthusiast and OWASP projects contributor. Dominique joins us to discuss the OWASP Secure Headers project. We discuss headers at a high level and then dive into all the goodies you'll find within the project, from awareness, guidance, and a test suite that can be integrated into your CI/CD pipeline to test your security headers. We hope you enjoy this conversation with...Dominique Righetto.FOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~