The Secure Developer

In this episode of The Secure Developer, Geva Solomonovich, COO at Snyk and founder of Snowy Peak Security joins Guy to discuss security policies, and why you shouldn’t wait to implement your own. Geva shares the 3 categories of security policies he developed with his clients and emphasizes that it’s not enough to create a set of documents or processes. You need to establish a security mindset and integrate it into everything you do. Don’t miss this episode for practical tips on reducing your company’s risk surface. The post Ep. #8, What’s In A Security Policy? appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In this episode of The Secure Developer, Ben Bernstein from Twistlock joins Guy to discuss container security. Are you currently using containers, or thinking about moving to containers in your stack? You won’t want to miss this episode. With containers, developers control the entire stack. While empowering to developers, this can also open up new security vulnerabilities. Ben and Guy discuss the tools and processes you’ll need to put in place to ensure your containers are compliant and secure. The post Ep. #7, Understanding Container Security appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense CTFs, the future of AI powered hacking (and defense!), and where you should start if you’re interested in playing. The post Ep. #6, Developer War Games: Capture The Flag! appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation with Habitat can change the way developers approach secure coding. The post Ep. #5, Continuous Security at Chef appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer – namely curiosity and a willingness to learn. Later they discuss the growing importance of the modern web browser, and how security previously only found in operating systems is now moving into browsers themselves. Finally they discuss the current state of HTTPS, including the carrots and the sticks that browser designers like Eric have at their disposal. The post Ep. #4, Getting Down To The Metal appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas, VP of Engineering at Codiscope, where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release of new tools and frameworks, the problem of too many sticks and not enough carrots, and the benefits of designing with security in mind from the start. The post Ep. #3, Security From The Start appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

Episode SummaryIn this episode of The Secure Developer, Guy hosts RisingStack Founder and CEO Gergely Nemeth. The pair discuss the difficulties of selling security as a requirement, some of the most common attack vectors used on today’s web, and finally, the work Gergely is doing on Trace, a Node.js-focused tool that makes debugging code simple.Show NotesLinksSnyk (Open-source security platform) Follow UsOur WebsiteOur LinkedIn

Episode SummaryIn our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes challenging but always important task of prioritizing security in your engineering organization. Kyle shares stories from his time at Optimizely, Adobe, and Twitter.Show NotesIn this insightful episode, we welcome Kyle Randolph, an experienced security professional from Optimizely, to share his wealth of knowledge on establishing an effective application security (AppSec) system. With an impressive background in security at companies like Citrix, Adobe, and Twitter, Kyle holds a deep understanding of building security from scratch and safeguarding existing systems. The conversation draws attention to the importance of fostering a security-based culture within engineering teams, enabling engineers to take ownership of security concerns, and promoting security practices through relevant, real-life stories.Kyle's approach goes beyond merely fixing security bugs; it's about 'baking in' security from the outset. Coupling security considerations with product development, Kyle highlights the role of automation, mentioning tools like Spinnaker and AWS that help incorporate security measures seamlessly into product development. He vividly illustrates the success of these methods through examples at Optimizely, where they have managed to eliminate vulnerabilities like cross-site scripting in their tech infrastructure.The discussion also broaches the challenges associated with prioritizing security tasks, especially during resource constraints. For such scenarios, Kyle emphasizes maintaining a transparent system that records all security issues so that they're addressed comprehensively. Listeners will find this episode particularly valuable as it delves into both the successful strategies and the challenges associated with integrating security into the architectural fabric of product development.LinksBuilding Security In Maturity Model (BSIMM)OWASP (Open Web Application Security Project)Amazon Web Services (AWS)Cloud Formation (AWS service)Spinnaker (Open-source, multi-cloud continuous delivery platform)Snyk (Open-source security platform) Follow UsOur WebsiteOur LinkedIn