The Secure Developer

In episode #6 of The Secure Developer, Guy is joined by his Snyk.io co-founder Danny Grander for an in depth discussion on CTF (Capture The Flag) competitions in the security world. Learn about the differences between jeopardy style and attack-defense CTFs, the future of AI powered hacking (and defense!), and where you should start if you’re interested in playing. The post Ep. #6, Developer War Games: Capture The Flag! appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In the fifth installment of The Secure Developer, Guy talks with Chef CTO Adam Jacob about the role security can play in DevOps and continuous integration/deployment. They cover the differences between baked-in and bolted on security and how automation with Habitat can change the way developers approach secure coding. The post Ep. #5, Continuous Security at Chef appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode #4 of The Secure Developer, Guy is joined by Eric Lawrence of the Google Chrome security team. Eric and Guy begin with a discussion on what it takes to be a great security engineer – namely curiosity and a willingness to learn. Later they discuss the growing importance of the modern web browser, and how security previously only found in operating systems is now moving into browsers themselves. Finally they discuss the current state of HTTPS, including the carrots and the sticks that browser designers like Eric have at their disposal. The post Ep. #4, Getting Down To The Metal appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

In episode 3 of The Secure Developer, Guy is joined by Sabin Thomas, VP of Engineering at Codiscope, where he creates tools that help developers build and deploy secure code faster. The two discuss the difficulties presented by the accelerating release of new tools and frameworks, the problem of too many sticks and not enough carrots, and the benefits of designing with security in mind from the start. The post Ep. #3, Security From The Start appeared first on Heavybit. Follow UsOur WebsiteOur LinkedIn

Episode SummaryIn this episode of The Secure Developer, Guy hosts RisingStack Founder and CEO Gergely Nemeth. The pair discuss the difficulties of selling security as a requirement, some of the most common attack vectors used on today’s web, and finally, the work Gergely is doing on Trace, a Node.js-focused tool that makes debugging code simple.Show NotesLinksSnyk (Open-source security platform) Follow UsOur WebsiteOur LinkedIn

Episode SummaryIn our first episode, Guy is joined by Kyle Randolph, Principal Security Engineer at Optimizely. Kyle and Guy discuss the sometimes challenging but always important task of prioritizing security in your engineering organization. Kyle shares stories from his time at Optimizely, Adobe, and Twitter.Show NotesIn this insightful episode, we welcome Kyle Randolph, an experienced security professional from Optimizely, to share his wealth of knowledge on establishing an effective application security (AppSec) system. With an impressive background in security at companies like Citrix, Adobe, and Twitter, Kyle holds a deep understanding of building security from scratch and safeguarding existing systems. The conversation draws attention to the importance of fostering a security-based culture within engineering teams, enabling engineers to take ownership of security concerns, and promoting security practices through relevant, real-life stories.Kyle's approach goes beyond merely fixing security bugs; it's about 'baking in' security from the outset. Coupling security considerations with product development, Kyle highlights the role of automation, mentioning tools like Spinnaker and AWS that help incorporate security measures seamlessly into product development. He vividly illustrates the success of these methods through examples at Optimizely, where they have managed to eliminate vulnerabilities like cross-site scripting in their tech infrastructure.The discussion also broaches the challenges associated with prioritizing security tasks, especially during resource constraints. For such scenarios, Kyle emphasizes maintaining a transparent system that records all security issues so that they're addressed comprehensively. Listeners will find this episode particularly valuable as it delves into both the successful strategies and the challenges associated with integrating security into the architectural fabric of product development.LinksBuilding Security In Maturity Model (BSIMM)OWASP (Open Web Application Security Project)Amazon Web Services (AWS)Cloud Formation (AWS service)Spinnaker (Open-source, multi-cloud continuous delivery platform)Snyk (Open-source security platform) Follow UsOur WebsiteOur LinkedIn