Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Innehåll tillhandahållet av Bryan Brake, Amanda Berlin, and Brian Boettcher. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Bryan Brake, Amanda Berlin, and Brian Boettcher eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Liknande BrakeSec Education Podcast
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
Technical interviews about software topics.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 21:00 UTC.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Industry expert Mikah Sargent, brings you interviews from tech journalists who make or break the top stories of the week. Get the freshest perspective and in depth insight into the fast-paced world of technology from Tech News Weekly. Records every Thursday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
Bitcoin groundbreakers share personal stories of how Bitcoin is changing lives for the better. Host Mauricio Di Bartolomeo, co-founder and CSO of Ledn, speaks with leading Bitcoin voices, entrepreneurs, and human rights advocates to hear their unique journey and practical real-world examples of how Bitcoin has made a positive impact in their lives. Brought to you by Ledn, a leading financial services company built for Bitcoin & digital assets. Ledn offers a suite of lending, saving and tradi ...
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
))
Josh Grossman - building Appsec programs, bridging security and developer gaps
Manage episode 412715842 series 59938
Innehåll tillhandahållet av Bryan Brake, Amanda Berlin, and Brian Boettcher. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Bryan Brake, Amanda Berlin, and Brian Boettcher eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Youtube VOD: https://youtu.be/G3PxZFmDyj4
#appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis
Questions and topics:
1. The background to the topic, why is it something that interests you? How do you convince developers to take your course?
2. What do you think the root cause of the gap is?
3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?)
4. Where do gaps begin? Is it the ‘need’ to ‘move fast’?
5. What can devs do to involve security in their process? Sprint planning? SCA tools?
6. How have you seen this go wrong at organizations?
7. How important is it to have security early in the product development process?
8. What sort of challenges do you think mainstream security people face in AppSec scenarios?
9. How does Product Security differ from Application Security? (what if the product is an application?)
10. What are the key development concepts that security people need to be familiar with to effectively get involved in AppSec/ProdSec?
11.. How do you suggest a security team approach AppSec/ProdSec? Leadership buy-in Effective/valuable processes Tools should achieve a goal
12. SBOM - NTIA is asking for it, How to get dev teams to care.
13. Key takeaways?
Additional information / pertinent LInks (Would you like to know more?): BlackHat Training: https://www.blackhat.com/us-24/training/schedule/index.html#accelerated-appsec--hacking-your-product-security-programme-for-velocity-and-value-virtual-37218
https://www.walkme.com/blog/leadership-buy-in/
https://www.bouncesecurity.com/
https://www.teamgantt.com/blog/raci-chart-definition-tips-and-example
https://www.cisa.gov/sbom
SCA Tools https://chpk.medium.com/top-10-software-composition-analysis-sca-tools-for-devsecops-85bd3b7512dd
https://semgrep.dev/
https://www.linkedin.com/in/joshcgrossman
https://owasp.org/www-project-application-security-verification-standard/
https://github.com/OWASP/ASVS/tree/master/5.0
https://owasp.org/www-project-cyclonedx/
https://joshcgrossman.com/
PyCon talk about custom security testing: https://www.youtube.com/watch?v=KuNZzDjvMlg
Michal's Black Hat course - Accurate and Scalable: Web Application Bug Hunting: https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-37210
ASVS website: https://owasp.org/asvs
Lightning talk I did recently about OWASP: https://www.bouncesecurity.com/eventspast#f86548cb37cb2a82728b1762bd1b7aee
Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec
459 episoder
Dela
Manage episode 412715842 series 59938
Innehåll tillhandahållet av Bryan Brake, Amanda Berlin, and Brian Boettcher. Allt poddinnehåll inklusive avsnitt, grafik och podcastbeskrivningar laddas upp och tillhandahålls direkt av Bryan Brake, Amanda Berlin, and Brian Boettcher eller deras podcastplattformspartner. Om du tror att någon använder ditt upphovsrättsskyddade verk utan din tillåtelse kan du följa processen som beskrivs här https://sv.player.fm/legal.
Youtube VOD: https://youtu.be/G3PxZFmDyj4
#appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis
Questions and topics:
1. The background to the topic, why is it something that interests you? How do you convince developers to take your course?
2. What do you think the root cause of the gap is?
3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?)
4. Where do gaps begin? Is it the ‘need’ to ‘move fast’?
5. What can devs do to involve security in their process? Sprint planning? SCA tools?
6. How have you seen this go wrong at organizations?
7. How important is it to have security early in the product development process?
8. What sort of challenges do you think mainstream security people face in AppSec scenarios?
9. How does Product Security differ from Application Security? (what if the product is an application?)
10. What are the key development concepts that security people need to be familiar with to effectively get involved in AppSec/ProdSec?
11.. How do you suggest a security team approach AppSec/ProdSec? Leadership buy-in Effective/valuable processes Tools should achieve a goal
12. SBOM - NTIA is asking for it, How to get dev teams to care.
13. Key takeaways?
Additional information / pertinent LInks (Would you like to know more?): BlackHat Training: https://www.blackhat.com/us-24/training/schedule/index.html#accelerated-appsec--hacking-your-product-security-programme-for-velocity-and-value-virtual-37218
https://www.walkme.com/blog/leadership-buy-in/
https://www.bouncesecurity.com/
https://www.teamgantt.com/blog/raci-chart-definition-tips-and-example
https://www.cisa.gov/sbom
SCA Tools https://chpk.medium.com/top-10-software-composition-analysis-sca-tools-for-devsecops-85bd3b7512dd
https://semgrep.dev/
https://www.linkedin.com/in/joshcgrossman
https://owasp.org/www-project-application-security-verification-standard/
https://github.com/OWASP/ASVS/tree/master/5.0
https://owasp.org/www-project-cyclonedx/
https://joshcgrossman.com/
PyCon talk about custom security testing: https://www.youtube.com/watch?v=KuNZzDjvMlg
Michal's Black Hat course - Accurate and Scalable: Web Application Bug Hunting: https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-37210
ASVS website: https://owasp.org/asvs
Lightning talk I did recently about OWASP: https://www.bouncesecurity.com/eventspast#f86548cb37cb2a82728b1762bd1b7aee
Show points of Contact: Amanda Berlin: @infosystir @hackershealth Brian Boettcher: @boettcherpwned Bryan Brake: https://linkedin.com/in/brakeb Brakesec Website: https://www.brakeingsecurity.com Youtube channel: https://youtube.com/@brakeseced Twitch Channel: https://twitch.tv/brakesec
459 episoder
All episodes
×
Välkommen till Player FM
Player FM scannar webben för högkvalitativa podcasts för dig att njuta av nu direkt. Den är den bästa podcast-appen och den fungerar med Android, Iphone och webben. Bli medlem för att synka prenumerationer mellan enheter.
Liknande BrakeSec Education Podcast
Risky Business is a weekly information security podcast featuring news and in-depth interviews with industry luminaries. Launched in February 2007, Risky Business is a must-listen digest for information security pros. With a running time of approximately 50-60 minutes, Risky Business is pacy; a security podcast without the waffle.
…
continue reading
Ever wondered how automation will change the world? Maybe you puzzle over what India could do to ease traffic congestion, or how China's aircraft carriers will transform Indian Ocean geopolitics? All Things Policy, a daily podcast brought to you by the Takshashila Institution, brings you all the answers. Every weekday, our researchers break down complex economic and geopolitical ideas through the lens of current events. For everyone from the busy executive to the curious student, All Things ...
…
continue reading
Technical interviews about software topics.
…
continue reading
Windows Weekly is about more than Windows. Veteran Microsoft insiders Paul Thurrott and Richard Campbell join Leo for a deep dive into the most valuable company in the world. From consumer to enterprise, AI to Xbox, Windows Weekly is the only Microsoft podcast you'll ever need. Records live every Wednesday at 2:00pm Eastern / 11:00am Pacific / 18:00 UTC.
…
continue reading
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
It's not just Google. This Week in Google hosts, Leo Laporte, Jeff Jarvis, and Paris Martineau, cover all of Big Tech every Wednesday. Listeners tune in for thought-provoking and entertaining conversations about AI, Internet memes, the future of media, and the latest emerging tech. You won't want to miss a minute. Records live every Wednesday at 5:00pm Eastern / 2:00pm Pacific / 21:00 UTC.
…
continue reading
A podcast featuring panelists of engineers from Netflix, Twitch, & Atlassian talking over drinks about all things software engineering.
…
continue reading
Industry expert Mikah Sargent, brings you interviews from tech journalists who make or break the top stories of the week. Get the freshest perspective and in depth insight into the fast-paced world of technology from Tech News Weekly. Records every Thursday at 2:00pm Eastern / 11:00am Pacific / 19:00 UTC.
…
continue reading
Bitcoin groundbreakers share personal stories of how Bitcoin is changing lives for the better. Host Mauricio Di Bartolomeo, co-founder and CSO of Ledn, speaks with leading Bitcoin voices, entrepreneurs, and human rights advocates to hear their unique journey and practical real-world examples of how Bitcoin has made a positive impact in their lives. Brought to you by Ledn, a leading financial services company built for Bitcoin & digital assets. Ledn offers a suite of lending, saving and tradi ...
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Player FM - Podcast-app
Gå offline med appen Player FM !
Gå offline med appen Player FM !
