Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.
…
continue reading
1
Ep. 121 - Evolving Ransomware: Unique Tactics for Payment
17:45
17:45
Spela senare
Spela senare
Listor
Gilla
Gillad
17:45
In this episode I talk about the evolving world of ransomware. I discuss a few examples of unique tactics the malicious actors are using to put pressure on organizations to pay the ransom. Referenced Articles: https://www.theregister.com/AMP/2024/04/30/finnish_psychotherapy_center_crook_sentenced/ https://www.darkreading.com/cyber-risk/hackers-weap…
…
continue reading
1
Ep. 120: Addressing Root Cause - Vulnerable Components
16:31
16:31
Spela senare
Spela senare
Listor
Gilla
Gillad
16:31
In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application se…
…
continue reading
In this episode we talk about the spell check feature of the browser and how it could present a risk to sensitive data. Link to article referenced: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge-browsers-leaks-passwords For more info go to https://www.developsec.com or follow us on twitter (@developsec).…
…
continue reading
1
Ep. 118: Log4J Sparking Thought on Vulnerable Components
24:28
24:28
Spela senare
Spela senare
Listor
Gilla
Gillad
24:28
Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vulnerable? If so, what needs to be done? For more info go to https://www.developsec.com or follow us on twit…
…
continue reading
1
Ep. 117: How Browsers are Helping with Security
13:50
13:50
Spela senare
Spela senare
Listor
Gilla
Gillad
13:50
Chrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is coming up fast. I wrote about this here: https://www.jardinesoftware.net/2019/10/28/samesite-by-default-in-2020/ Also, they are getting ready to start blocking mixed content downloads: https://blog.c…
…
continue reading
1
Ep. 116: Chrome Retires XSS Auditor
14:08
14:08
Spela senare
Spela senare
Listor
Gilla
Gillad
14:08
It was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a developer? https://www.chromium.org/developers/design-documents/xss-auditor For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack ch…
…
continue reading
In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application…
…
continue reading
1
Ep. 114: Investing in People for Better Application Security
24:38
24:38
Spela senare
Spela senare
Listor
Gilla
Gillad
24:38
In this episode, James talks about investing in the development teams to increase application security priorities. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to a…
…
continue reading
1
Ep. 113: What is your mother's maiden name?
21:01
21:01
Spela senare
Spela senare
Listor
Gilla
Gillad
21:01
In this episode, James talks about some of the risks and recommendations around security questions and their implementation. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security con…
…
continue reading
1
Ep. 112: Application Fingerprinting
21:05
21:05
Spela senare
Spela senare
Listor
Gilla
Gillad
21:05
Does your application give away details about it server, framework, or other components? How is this information used by an attacker? Check out this episode to learn more. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitatio…
…
continue reading
Would you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credential stuffing, there must be a way to be alerted to account access. James talks about authentication alerts, what they are, and why you may want to use them. For more info go to https://www.developsec.com or follow us on twitter (@d…
…
continue reading
James discusses how implementation matters with security controls and how it changes priorities. This came about after reading the following story: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join…
…
continue reading
I talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previous year and goals. I also talk about some new training I am providing. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.…
…
continue reading
1
Ep. 108: Dunkin Donuts Breach, Maybe??
18:26
18:26
Spela senare
Spela senare
Listor
Gilla
Gillad
18:26
In this episode James talk about the Dunkin Donuts Perks breach. This is an interesting situation as the accounts were access using the victim's username and password found from another data breach. The issue: Password Reuse. Could D&D have prevented this? Listen in to hear my thoughts. Please feel free to share your thoughts as well. Article from …
…
continue reading
In this episode James talks about what credential stuffing is, how if affects your apps, and how you can look to defend against it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application secur…
…
continue reading
1
Ep. 106: Facebook Breach Take-aways and Insights
31:19
31:19
Spela senare
Spela senare
Listor
Gilla
Gillad
31:19
James talks about the Facebook breach and shares some insights into how you can take steps to prevent this type of incident in your applications. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides app…
…
continue reading
1
Ep. 105: Interview with Eric Johnson
57:12
57:12
Spela senare
Spela senare
Listor
Gilla
Gillad
57:12
I sit down with Eric Johnson to talk about security in the IDE and other fun topics. A bit longer than usual, but full of great information. You can reach out to Eric on twitter @emjohn20 or check out his site at https://www.pumascan.com. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. …
…
continue reading
1
Ep. 104: Securing Devops with Julien Vehent
45:08
45:08
Spela senare
Spela senare
Listor
Gilla
Gillad
45:08
James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world. Julien (@jvehent) is a security architect and engineering manager with over 15 years of experience in large organizations and web companies. He is currently responsible for the operational security of Firefox's backend infrastruct…
…
continue reading
1
Ep. 103: Is 3rd Party Authentication Right For Your Application?
18:17
18:17
Spela senare
Spela senare
Listor
Gilla
Gillad
18:17
The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd party to authenticate your users. While this cuts a lot of work out of your development time, it is important to understand the pros and cons to each method. James talks through some of these risks to help better…
…
continue reading
1
Ep. 102: Intro to Web Security Policies
16:42
16:42
Spela senare
Spela senare
Listor
Gilla
Gillad
16:42
In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation. Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03 Link to form to create the file: https://securitytxt.org/ Link to our blog …
…
continue reading
1
Ep. 101: You're not always right and that is ok
20:59
20:59
Spela senare
Spela senare
Listor
Gilla
Gillad
20:59
In this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn too. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provide…
…
continue reading
In this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify security issues within our applications. The trick is to learn to identify which ones make the most sense for your environment. For more info go to https://www.developsec.com or follow us on twitter (@d…
…
continue reading
In this episode, James talks about what it means to shift left in the SDLC. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your applica…
…
continue reading
In this episode we talk about efail and the HYPE around security news. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application …
…
continue reading
1
EP. 97: Gmail / Netflix Potential Scam
18:28
18:28
Spela senare
Spela senare
Listor
Gilla
Gillad
18:28
** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. For schedules and information check out https://www.jardinesoftware.com/fundamentals-of-application-security/ ** In this episode, James shares his thoughts on an interesting scam potential was brought up regarding Gmail and Netfli…
…
continue reading