The OWASP Podcast Series

In this segment, we talk with the co-coordinators of the OWASP OWTF Project. The aim of the project is to make security assessments as efficient as possible by automating the manual, uncreative part of pen testing.

In this segment of OWASP 24/7, I speak with Tobias Gondrom on the strategic goals for OWASP in 2015.

In this broadcast, we talk with the organizing committee from AppSecEU 2015 to see what they've been working on and what you can expect when you go to the conference in Amsterdam this May.

Johanna Curiel is the wizard behind the curtain that manages the evaluation of OWASP projects. In this wide ranging discussion, I talk with Johanna about the criteria for project evaluation, how projects become "Flagship" status and what it takes to run a project of this size. About Johanna Curiel Johanna Curiel is a security engineer and developer of financial tools for Algorithmic Trading software. She workson multiple open source initiatives such as Owasp, Openbloomberg, Algorithmic Trading and bug hunting activities and hackatons.

I caught up with Tom Brennan, coordinator of the 2015 OWASP Project Summit in New York City to hear what he has in store for the 2 day event. http://www.meetup.com/OWASP-NYC/

The first SAMM (Software Assurance Maturity Model) will be held in Dublin, Ireland on March 27 - 28, 2015. I spoke with Seba Deleersnyder, co-ordinator of the summit to find out his goals for the SAMM project as well as the his hopes for the summit. About Seba Deleersnyder As security project leader, application security specialist, trainer and trusted advisor for our customers, I have a track record of delivering information security projects. I specialise in Web & Mobile Application Security, combining both my broad software development and ICT security experience.

What does it take to put on a successful conference? How much work is involved? In this segment, I sit down with Neil Matatall and Richard Greenberg, co-organizers of AppSec California 2015. We talk about how they came up with the idea and what resources were needed to pull off such a successful event. About Richard Greenberg Richard Greenberg, CISSP, a recognized leader in Information Security, is President of the Los Angeles Chapter of OWASP. His day job is Information Security Officer for the Los Angeles County Department of Public Health.

The OWASP AppSensor Project has just released version 2.0. In this broadcast we speak with John Melton, project code lead, on the latest features in the release and what the future looks like for the project. About John Melton John is one of the co-leaders for the OWASP AppSensor project and leads the software implementation. For his day job, he is a principal security researcher for WhiteHat Security, working in the SAST space. His background is in software and security engineering.

Moxie Marlinspike is the founder of Open Whisper Systems which is both a large community of Open Source contributors, as well as a small team of dedicated developers. Together, the members of Open Whisper Systems is working to advance the state of the art for secure communication, while simultaneously making it easy for everyone to use. Moxie works on secure protocols, Android clients, and server software. He has been contributing to Open Whisper Systems since it was Whisper Systems, formerly ran the product security team at Twitter, started the first cloud-based password cracking service. He has also published a number of attacks on secure protocols like SSL and MS-CHAPv2. He has been a keynote speaker at past OWASP and other security conferences.

At the IBM DevOps Symposium I watched as Dibbe Edwards enthralled the audience as she explained how IBM has instituted DevOps and Agile throughout the development cycle. In some cases the results are nearly unbelievable, such as reducing Overall Time to Development from 120 days down to 3 days. I wanted to hear more about how she could create such startling results, so I gave her a call. About Dibbe Edwards Dibbe Edwards is Vice President, IBM Rational DevOps Capabilities Development responsible for the executive leadership of Rational’s development business covering key aspects of IBM’s DevOps strategy and offerings, including application lifecycle management and reporting, quality and requirements management, systems development and architecture management, SaaS-based offerings, and integration and open software development. Dibbe is additionally driving Rational’s own internal continuous software delivery activities as well as Rational’s on-going transparent development initiative through jazz.net. Dibbe is a frequent speaker at devops events, including recently at DevOps Enterprise . She blogs at IBM developerWorks where she most recently authored a blog about A Day in the Life of an Enterprise DevOps Team.