2023-04 Rethinking WAFs: OWASP Coraza

The OWASP Podcast Series

Player FM - Internet Radio Done Right

20 subscribers

Lagt til eight år siden

Innhold levert av The OWASP Podcast Series. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av The OWASP Podcast Series eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.

Now On Netflix

1
Black Mirror Season 7 28:30

for 10 dager siden28:30

Spill senere

Lister

Lik

Likt

28:30

We're trying something different this week: a full post-show breakdown of every episode in the latest season of Black Mirror! Ari Romero is joined by Tudum's Black Mirror expert, Keisha Hatchett, to give you all the nuance, the insider commentary, and the details you might have missed in this incredible new season. Plus commentary from creator & showrunner Charlie Brooker! SPOILER ALERT: We're talking about the new season in detail and revealing key plot points. If you haven't watched yet, and you don't want to know what happens, turn back now! You can watch all seven seasons of Black Mirror now in your personalized virtual theater . Follow Netflix Podcasts and read more about Black Mirror on Tudum.com .…

for 2 år siden 29:14

MP3•Episoder hjem

WAFs have been with us a while and it's about time someone reconsidered WAFs and their role in AppSec given the cloud-native and Kubernetes landscape. The OWASP Coraza is not only asking these questions but putting some Go code behind their ideas. Should WAFs work in a mesh network? Why create an open source WAF? What's next for the OWASP Coraza project? These and more topics are covered in this episode. I had a great time recording it and I think you'll have the same while listening. Show Link: - Coraza Website: https://coraza.io/ - Coraza Github Repo: https://github.com/corazawaf/coraza - Coraza Twitter: https://twitter.com/corazaio - AppSec EU 2023 presentation on Coraza - https://www.youtube.com/watch?v=S_TtvDFmia4

191 episoder

#Tech #10 Minute #DevSecOps Podcast Series

2023-04 Rethinking WAFs: OWASP Coraza

The OWASP Podcast Series

20 subscribers

published for 2 år siden

Del

MP3•Episoder hjem

191 episoder

#Tech #10 Minute #DevSecOps Podcast Series

Alle episoder

1
ep2024-12 Tanya Janca: Happy Holidays are Secure Code 1:00:13

for 17 weeks siden1:00:13

1:00:13

Some production issues caused this one to slip to December so the intro is a bit off but this is still a great episode. So, learn some lessons on creating secure code from one of my favorite guests: Tanya Janca. It was hard to keep this one to its current length as Tanya is such a great person to talk to for any reason. Enjoy and happy holidays! Show Links: Get your copy of Alice and Bob Learn Secure Coding! (and more): https://shehackspurple.ca/books/ Also the newsletter so that you can join the free online streams: https://newsletter.shehackspurple.ca/…

1
ep2024-10 Don't be Scared, It's just a Pen Test with Brad Causey 37:19

for 25 weeks siden37:19

37:19

There's no reason to be scared about a pen test - especially when it's run by a professional like Brad Causey. I catch up with Brad in this episode to discuss what's recently changed in pen testing in how you test and people's motivations for hiring a pen testing. Interesting and not spooky at all. Show Links: Brad on LinkedIn - https://www.linkedin.com/in/bradcausey/ SecurIT360 - https://www.securit360.com/ - https://www.linkedin.com/company/securit360/ OWASP Testing Guide - https://owasp.org/www-project-web-security-testing-guide/…

1
ep2024-09 Threat Modeling with Takaharu 36:19

for 30 weeks siden36:19

36:19

What happens when you get interested in Threat Modeling and you want to share. For some, that means you do one work shop, then another, then another. What happens when you start down this path. Takaharu Ogasa tells us what it's been like to become a threat modeling evangelist in Japan, what he's learned and what he's got planned next. It's a great story on how sharing what you learned can make the world just that much better for you and those lucky enough to be involved. Threat Modeling Community (Japanese): - https://threatmodeling.connpass.com/ Takaharu on Twitter -https://x.com/TakaharuOgasa…

1
ep2024-08 OWASP Projects Roundup 36:19

for 33 weeks siden36:19

36:19

The August episode is a review of projects from a recent OWASP project showcase. We talk to the leaders of the OWASP pytm, OWASP Developer Guide, OWASP State of AppSec Survey Project. Get up on the latest news and update on these OWASP projects. OWASP pytm: - https://owasp.org/www-project-pytm/ - https://github.com/izar/pytm OWASP Develper Guide: - https://owasp.org/www-project-developer-guide/ - https://github.com/OWASP/www-project-developer-guide OWASP AppSec Survey Project: - https://owasp.org/www-project-state-of-appsec-survey/…

1
ep2024-07 Safety belts for AppSec with Lisa Plaggemier 32:04

for 40 weeks siden32:04

32:04

After a long and unplanned pause, the OWASP podast is back with a home run of an episode. We have Lisa Plaggemier as our guest who reprises her eloquent keynote topic from AppSec DC. All hope isn't lost, we are making progress - just look at safety in the auto industry to understand where we are and where we're going. Links: Lisa's keynote from AppSec DC https://www.youtube.com/watch?v=Rirxc1OXR4Q&list=PLpr-xdpM8wG_3eyVQxB0oXqVJwlNKs85x&index=38&ab_channel=OWASPFoundation Kubikle web series https://kubikleseries.com/ Convene Seattle 2024 event https://staysafeonline.org/programs/events/convene-seattle-2024/…

1
ep2023-09 Vulnerable Data Gathering for AI with Arturo Buanzo Busleiman 32:38

for 2 years siden32:38

32:38

After getting a ping from an old friend about a potential new OWASP project, I had to bring him on as a guest. He's got an interesting idea around potential vulnerabilities in web crawlers which just happen to gather data for so many AI system. We talk about that, Cybersecurity and Government and so much more. Show Links: - LinkedIn https://www.linkedin.com/in/buanzo/ - Github https://www.linkedin.com/in/buanzo/…

1
ep2023-08 Finding Next Gen Cybersecurity Professionals with Brad Causey 32:48

for 2 years siden32:48

32:48

For years we've heard talk about a shortage of cybersecurity professionals so what can be done about that? In this episode, I speak to Brad Causey who has taken one approach he's found successful. We cover the trade-offs of his approach and how, should you agree with him, you can help fill those troubling vacancies at your company. Show Links: - SecurIT360 https://securit360.com/ - Offensive Security Blog https://offsec.blog/…

1
ep2023-07 What's Audit got to do with IT 33:40

for 2 years siden33:40

33:40

In this episode we talk with Zain Haq and take a leap and bound over the first and second line to discover more about the third line - internal audit. We discover answers to a number of questions: What role does audit play in the overall cybersecurity of an organization? What does the CISO gain from having an audit function? What makes a good auditor? Learn how to get the most out of audit and what they bring to the table. Special thanks to Tina Turner for inspiring the show title. ;-) Show Links: - Zain Haq: https://www.linkedin.com/in/zainhaq25/…

1
SBOMS, CycloneDX and Dependency Track: Automation for Survival with Steve Springett 29:32

for 2 years siden29:32

29:32

Software supply chain seems to be front and center for technologists, cybersecurity and many governments. One of the early pioneers in this space was Steve Springett with two highly successful projects: OWASP Dependency Track and CycloneDX. In this episode, we catch up with Steve to talk about how he got started in software supply chain management as well as the explosive growth for Dependency Track and ClycloneDX. We also touch on future developments for CycloneDX and places where Steve never expected to see his projects go. Enjoy! Show Links: - OWASP Dependency Track: https://dependencytrack.org/ - Dependency Track Github: https://github.com/DependencyTrack - CycloneDX: https://cyclonedx.org/ - CycloneDX Github: https://github.com/CycloneDX - Software Component Verification Standard: https://scvs.owasp.org/ Social Media links: - https://twitter.com/stevespringett - https://infosec.exchange/@stevespringett - https://www.linkedin.com/in/stevespringett/…

1
AppSec at 40,000 feet 44:02

for 2 years siden44:02

44:02

In this episode I speak with Jerry Hoff who provides some very interesting perspective on application security especially at scale and from a high level view like that of a CISO. Even if you're not in a senior leadership position, you're likely to be reporting to one. Understanding that point of view can help you successfully frame your work and accomplish your goals. We touch on multiple topics and have some great back and forth that I'm sure will entertain and inform you. Enjoy!…

1
2023-04 Rethinking WAFs: OWASP Coraza 29:14

for 2 years siden29:14

29:14

1
2023-03 Point of Scary - the POS ecosystem 34:46

for 2 years siden34:46

34:46

In this episode I speak with Aaron about Point of Sale or POS systems. He's been investigating the security of POS systems for quite some time now and brings to light the state of the POS ecosystem. Buckle your seat belts, this is going to be a bumpy and very interesting ride.

1
2023-02 Isolation is just PEACHy 33:54

for 2 years siden33:54

33:54

In this episode I speak with Amitai Cohen who's been thinking a lot about tenant isolation. This is a problem for more then just cloud providers. Anyone with a SaaS offering or even large enterprise may want to isolate customers or parts of their business from each other. Several useful items came out of this including the Cloud VulnDB which catalogs security issues in cloud services and the PEACH tenant isolation framework. You may not think you need to worry about tenant isolation, but I bet you should at least keep it in mind. Enjoy! Show Links: - Cloud VulnDB: https://www.cloudvulndb.org/ - PEACH Framework: https://www.peach.wiz.io/ - OWASP Cloud Tenant Isolation Project: https://owasp.org/www-project-cloud-tenant-isolation/…

1
OWASP Ep 2023-01: Audit, Compliance and automation, Oh my! 27:35

for 2 years siden27:35

27:35

In this episode, I speak with Caleb Queern, one of the authors of "Investments Unlimited" a book I highly recommend you get and read. While the book is fiction, there's a great deal of truth in the story about how automation can work for more than just DevSecOps. Compliance and audit also deserve a seat at the table. Learn how you can get more code out the door, with more safety and a 'risk reduced' smile on the auditors face. Show Links: - Investments Unlimited: https://itrevolution.com/product/investments-unlimited/ - DevOps Automated Governance Reference Architecture: https://itrevolution.com/product/devops-automated-governance-reference-architecture/…

1
2022 Year in Review 14:19

for 2 years siden14:19

14:19

In this episode, I go solo and review the last year of podcasts but with a twist. I do my best to compare the topics covered to the OWASP Flagship projects. The goal is to see if the episodes I recorded this year match up with the projects strategically important to OWASP. Plus, the holiday listeners get gifts all around as I cover (and link) the OWASP Flagship projects. Show Links: - (January) New Ideas, New Voices, New Hosts: https://soundcloud.com/owasp-podcast/new-ideas-new-voices-new-hosts - (February) Tanya Janca - She Hack Purple: https://soundcloud.com/owasp-podcast/tanya-janca - SAMM (Software Assurance Maturity Model): https://owaspsamm.org/ - (March) Fast Times at SBOM High: https://soundcloud.com/owasp-podcast/fast-times-at-sbom-high-with-wendy-nather-and-matt-tesauro - CycloneDX: https://cyclonedx.org/ - Dependency-Track: https://dependencytrack.org/ - Dependency-Check: https://jeremylong.github.io/DependencyCheck/ - (April) The VOID: Verica Open Incident Database: https://soundcloud.com/owasp-podcast/the-void-verica-open-incident-database - Web Security Testing Guide: https://owasp.org/www-project-web-security-testing-guide/ - Mobile Application Security Guide: https://mas.owasp.org/ - (May) Threat Modeling using the Force: https://soundcloud.com/owasp-podcast/threat-modeling-using-the-force-with-adam-shostack-owasp-podcast-e001 - ASVS (Application Security Verification Standard): https://owasp.org/www-project-application-security-verification-standard/ - AMASS: https://owasp.org/www-project-amass/ - (June) Giving a jot about JWTs: JWT Patterns and Anti-Patterns: https://soundcloud.com/owasp-podcast/owasp-podcast-giving-a-jot-about-jwts-jwt-patterns-and-anti-patterns - Cheat Sheet Series: https://cheatsheetseries.owasp.org/ - API Top 10: https://owasp.org/www-project-api-security/ - (July) Getting Lean and Mean with DefectDojo: https://soundcloud.com/owasp-podcast/getting-lean-and-mean-in-the-defectdojo - DefectDojo: https://www.defectdojo.org/ - (August) Going Way Beyond 2FA: https://soundcloud.com/owasp-podcast/going-way-beyond-2fa - ModSecurity Core Rule Set: https://coreruleset.org/ - (September) Breaching the wirefall with community: https://soundcloud.com/owasp-podcast/breaching-the-wirefall-with-community - Security Shepherd: https://owasp.org/www-project-security-shepherd/ - Juice Shop: https://owasp.org/www-project-juice-shop/ - Security Knowledge: https://owasp.org/www-project-security-knowledge-framework/ - (October) Little Zap of Horrors: https://soundcloud.com/owasp-podcast/little-zap-of-horrors - Zed Attack Proxy (ZAP): https://www.zaproxy.org/ - OWTF (Offensive Web Testing Framework): https://owtf.github.io/ - (November) You've got some Kubernetes in my AppSec: https://soundcloud.com/owasp-podcast/youve-got-some-kubernetes-in-my-appsec - OWASP Top 10: https://owasp.org/www-project-top-ten/ - CSRFGuard: https://owasp.org/www-project-csrfguard/…

The OWASP Podcast Series

1
You've got some Kubernetes in my AppSec! 41:44

for 2 years siden41:44

41:44

In this episode, I speak with Jimmy Mesta, the project leader of the new OWASP Kubernetes Top 10. Beyond covering the actual Kubernetes Top 10 project, we cover how AppSec has expanded to cover other areas. You not only have to ensure that your application is secure, you need to ensure the security of the environment in which it runs. That environment is increasing becoming Kubernetes so what better than talk to someone who's protected Kubernetes clusters for years and trained many others to harden their clusters. Show Links: - OWASP Kubernetes Top 10: https://owasp.org/www-project-kubernetes-top-ten/ - Kubernetes Top 10 Github repo: https://github.com/OWASP/www-project-kubernetes-top-ten - OWASP Kubernetes Security Cheat Sheet: https://cheatsheetseries.owasp.org/cheatsheets/Kubernetes_Security_Cheat_Sheet.html - Mozilla SOPS: https://github.com/mozilla/sops - Hashicorp Valut: https://www.hashicorp.com/products/vault - KSOC: https://ksoc.com/…

The OWASP Podcast Series

1
Little Zap of Horrors 33:09

for 2 years siden33:09

33:09

In this episode, I speak with Simon Bennetts, the creator of OWASP Zed Attack Proxy lovingly known as ZAP. We talk about how it all got started, some of the surprises and lessons learned running a wildly successful open source project. We also cover how some security controls can sometimes actually hurt security. It's an interesting discussion I think you'll enjoy it just in time for Halloween. Show Links: - Zap Website: https://www.zaproxy.org/ - Zap Stats: https://www.zaproxy.org/docs/statistics/ - Zap Community: https://www.zaproxy.org/community/…

The OWASP Podcast Series

1
Breaching the wirefall with community 39:35

for 3 years siden39:35

39:35

In this episode, Matt Tesauro hosts wirefall to talk about creating and growing a security community and his 26 years of pen testing experience. In wirefall's case, it's the Dallas Hackers Association or DHA. Our conversation includes what motivated him to create DHA, the lessons he's learned, challenges faced and what success looks like today. He provides some advice for those wanting to get into cybersecurity or be a part of the broader security community. Enjoy. Show Links: - DHA Meetup: https://www.meetup.com/dallas-hackers-association/ - DHA Twitter: https://twitter.com/dallas_hackers - wirefall on Twitter: https://twitter.com/DHAhole…

The OWASP Podcast Series

1
Going Way Beyond 2FA 30:45

for 3 years siden30:45

30:45

In this episode, Matt Tesauro hosts Neil Matatall to talk about going beyond 2FA as he relates lessons learned from Twitter and Github on account security. This is another episode with some good nuggets of wisdom and some sound advice for those writing or maintaining APIs. It's obvious that Neil has not only spent time doing solid engineering work but he's learned a few things that he's willing to share. Enjoy. Show Links: - OWASP DevSlop Episode: https://www.youtube.com/watch?v=hrAKE6LaizE&ab_channel=OWASPDevSlop - Slide Deck: https://bit.ly/35dcTm0 - Neil on Twitter: https://twitter.com/ndm…

The OWASP Podcast Series

1
Getting Lean and Mean in the DefectDojo 30:44

for 3 years siden30:44

30:44

In this episode, Matt Tesauro hosts Greg Anderson and Cody Maffucci to talk about OWASP DefectDojo. DefectDojo is an OWASP flagship project that aims to be the single source of truth for AppSec or Product Security teams. It provides a single pane of glass for security programs and can import and normalize over 150 different security tools. I thought that the OWASP podcast might just cover an OWASP project now and then so here we go. Show Links: - https://www.defectdojo.org/ - Github organization: https://github.com/defectdojo - Github main repo: https://github.com/DefectDojo/django-DefectDojo - Pubic Demo info: https://github.com/DefectDojo/django-DefectDojo#demo - Data models (part of the project docs) https://defectdojo.github.io/django-DefectDojo/usage/models/…

The OWASP Podcast Series

1
Giving a jot about JWTs: JWT Patterns and Anti-Patterns - OWASP Podcast e002 33:22

for 3 years siden33:22

33:22

In this episode, Matt Tesauro hosts David Gillman about JWT Patterns and Anti-Patterns. I first met David at LASCON in the fall of 2021 when I sat in on his conference talk. Based on David’s experiences with JWTs we discuss where JSON Web Tokens can help and harm developers who use them. It seems like JWTs can be a mixed bag mostly determined by how you use them. Hopefully this episode will help you avoid any JWT sharp edges if or, more likely, when you work with them. Show Links: - Video of David’s presentation at LASCON - https://www.youtube.com/watch?v=xTk4ff0eAUg&list=PLLWzQe8KOh5nv8OBs3j39DNYULfxwv_6V&index=29&ab_channel=LASCON - David Gillman on Twitter - https://twitter.com/primed_mover…

The OWASP Podcast Series

1
Threat Modeling using the Force with Adam Shostack - OWASP Podcast e001 47:35

for 3 years siden47:35

47:35

In this episode, Matt Tesauro hosts Adam Shostack to talk about threat modeling - not only what it is but what Adam has learned from teaching numerous teams how to do threat modeling. Learn what makes a good threat model and some news about a new book from Adam to help further the spread of threat modeling with the end goal of more threat modeling and fewer security surprises. Enjoy! Show Links: - Threats Book site: https://threatsbook.com/ - Resources on Adam’s website: https://shostack.org/resources…

The OWASP Podcast Series

1
The Void: Verica Open Incident Database 43:43

for 3 years siden43:43

43:43

Welcome back to the OWASP podcast. In this episode, we're headed to The VOID. I speak with Courtney Nash about the Verica Open Incident Database, otherwise known as The VOID, which is a collection of software-related incident reports available at https://www.thevoid.community/. It's a fascinating discussion about how, by gathering data from The VOID, we can make the Internet a safer and more resilient place. Courtney was super passionate about the research work she's doing. It was completely fun to chat with her and they've already produced some very interesting conclusions, in the published report available on The VOID website. I had a blast recording this one and I hope you enjoy it. EPISODE LINKS - The VOID: https://www.thevoid.community/ - 2021 Report: https://www.thevoid.community/report - Podcast: https://podcast.thevoid.community/ - Google MTTR report: https://www.oreilly.com/library/view/incident-metrics-in/9781098103163/ (Summarized also in the 2021 VOID report)…

The OWASP Podcast Series

1
Fast Times at SBOM High with Wendy Nather and Matt Tesauro 42:36

for 3 years siden42:36

42:36

Hello, it's Matt Tesauro. Welcome back to my take on the OWASP Podcast. It seems as if I'm turning my episodes into the equivalent of a conference hall track, those wonderful interactions you have at conferences, running between rooms at conferences, meeting up with smart minds you don't see all the time. I have the pleasure of reuniting with Wendy Nather, CISO Advisor Extraordinaire, for this episode. We had a very interesting conversation about Software Bill of Materials (SBOMs). Like many of my interactions with Wendy, I learned from our conversation. She threw out some really good nuggets. I highly recommend looking up Wendy on Twitter (@wendynather). Besides the security wisdom she's going to drop, she's got a hell of a sense of humor. I think it will be worth the follow. Enjoy the episode.…

The OWASP Podcast Series

1
SAFe or UnSAFe at Any Speed 32:11

for 3 years siden32:11

32:11

“I absolutely hate SAFe!” -- Bryan Finster That is Bryan Finster, Distinguished Engineer at Defense Unicorns out of Colorado Springs. I was scrolling through LinkedIn a couple days ago, saw a thread on SAFe, The Scaled Agile Framework, and what I was seeing wasn’t exactly… well, what you’d expect to hear about a framework that’s being used by over 20,000 organizations, including the United States government. Before we get too much into it, here is the definition of SAFe. I took it directly off Scaled Agile, the creators and providers of the SAFe framework: “The Scaled Agile Framework® (SAFe®) is a system for implementing Agile, Lean, and DevOps practices at scale. The Scaled Agile Framework is the most popular framework for leading enterprises because it works: it’s trusted, customizable, and sustainable. If you want to build operational excellence, collaboration, responsiveness, and customer satisfaction into your organizational DNA, where do you start? SAFe provides a proven playbook for transformation.” Some people will argue with “because it works”, and Bryan is one of those people. Here’s what started the whole thing. Bryan posted this on LinkedIn, “Example of terrible ideas propagated by #SAFe: feature teams. A feature team doesn’t own anything. They act as coding mills and have no quality ownership. SAFe recommends them as a method to increase output. It’s a hacky workaround for crappy architecture that results in increased support cost and more crappy architecture.” Tell us what you REALLY think, Bryan! In today’s broadcast, we talk to three people who have varying degrees of opinions on SAFe: Tracy Bannon, Senior Principal/ Software Architect & DevOps Advisor at Mitre, David Bishop, Certified SAFe 5.0 Program Consultant, and of course, Bryan. Stay with for what’s sure to be a fun ride. RESOURCES FROM THIS BROADCAST SAFe: Scaled Agile Framework https://www.scaledagileframework.com/ Bryan Finster https://www.linkedin.com/in/bryan-finster/ Tracy Bannon https://www.linkedin.com/in/tracylbannon/ David Bishop https://www.linkedin.com/in/david-bishop-08528220/…

The OWASP Podcast Series

1
Tanya Janca - She Hacks Purple 48:24

for 3 years siden48:24

48:24

Hello, I'm Matt Tesauro, one of the OWASP Podcast co-hosts. I had the opportunity to interview Tanya Janca for this podcast. To be honest, I kind of wish it was a video recording because you'd be able to see the big smiles and vigorous head nodding during the recording. Tanya and I are in violent agreement about all things appsec, and it shows. There's a nice mix of general advice, war stories, and some good nuggets in this interview. I hope you enjoy it.…

The OWASP Podcast Series

1
New Ideas. New Voices. New Hosts. 18:21

for 3 years siden18:21

18:21

8 years ago I took over the OWASP Podcast from Jim Manico, originator of the project. In that time over 160 episodes have been published, with over 500,000 downloads. It has been a fun project, but it’s time to change things up a bit. There is a lot going on at OWASP, even more going on with the technology industry when it comes to cybersecurity. It’s too much for one person to keep up with. Enter the idea of multiple co-hosts for the podcast. Many of you listening already know of Vandana Verma and Matt Tesauro from their work with OWASP. I called to ask if they’d like to share the platform, producing their own episodes around a chosen concept. In today’s episode, Vandana, Matt and I talk about thoughts of an expanded concept for the podcast. We’ll each explain what we will be covering in our shows, and what you can expect to hear in the coming year. Our plan is to have three shows, (kind of like NPR programming when I think of it), under one umbrella: The OWASP Podcast Series. Come along with us and we talk through the new series and what it will me to you, as a listener.…

The OWASP Podcast Series

1
The InfoSec Color Wheel with Jasmine Henry 27:50

for 3 years siden27:50

27:50

We’ve all heard of “Red Teams” and “Blue Teams” when it comes to cybersecurity. But what about the “Purple Team”, the “Yellow Team” or the “Blue Team”. What are those? In February of 2020, Louis Cremen introduced the InfoSec Colour Wheel to the security community. The wheel expands upon April Wright’s work on bringing builders into the security team. The value of the wheel is to show the various types of security teams, seven in all, and the role each plays in security. Jasmine Henry brought the wheel to my attention. As she and I talked, we realized the InfoSec Wheel can be used as a thought exercise to show beginning cybersecurity professionals the various roles they can play within the community. This led to the discussion of careers in cybersecurity and what the near future looks like. In this broadcast, we’ll evaluate the wheel, talk through each of the seven personas and give our thoughts on the value of each role, how it works with the other roles, and the basics of what each provides. Let’s figure out what your primary color is. Stay tuned… https://hackernoon.com/introducing-the-infosec-colour-wheel-blending-developers-with-red-and-blue-security-teams-6437c1a07700 The OWASP Podcast Series is supported by the Open Web Application Security Project, home to over 240 community driven security projects, including the OWASP Top 10, the Web Security Testing Guide, and the Security Knowledge Framework projects. ABOUT JASMINE HENRY Jasmine Henry is a security practitioner who's used JupiterOne to create a compliant security function at a cloud-native startup. She has 10 years of experience leading security programs, an MS in Informatics and Analytics, and a commitment to mentoring rising security practitioners from underrepresented backgrounds. Jasmine is a Career Village co-organizer for The Diana Initiative security conference. She lives in the Capitol Hill neighborhood of Seattle, WA.…

The OWASP Podcast Series

1
CYA - Cover Your Assets with Chris Roberts 44:16

for 4 years siden44:16

44:16

A couple weeks ago I read an article by Chris Roberts. The headline screamed, “Security Solved!” Security solved? What the hell was he talking about. Everyday there’s a new media storm around the latest breach or ransomware attack. There’s an entire industry built around the idea that security is hard, and the need for special equipment, software and people to even think about being secure. Chris was insistent. He professed that security is not hard nor complicated. Not only does he consider it inexpensive and undemanding to do the right thing, his premise is it’s easy to get the simple stuff sorted. I called Chris to get clarification on what he was talking about. As we got deeper into the discussion, we both realized this was a topic that needed more exposure. If there really is a simple way to implement security, the world should hear about it. We invited people to participate in the recording of our discussion. You’ll hear us reference people who were online with us, sending chat messages and questions. This session is a little longer that our usual podcast, but what’s here is important. Chris says it’s easy, I say it’s not, and then we get into it. We start when I ask Chris to give us a little about his background. You’ll be able to tell right from the start, this isn’t going to be your ordinary podcast. Notes for this broadcast: Chris' original article can be found on his LinkedIn feed: https://www.linkedin.com/posts/sidragon1_cybersecurity-management-training-activity-6810995026848485376-58Zs Basic Premise: This isn’t hard. This isn’t complicated. This doesn’t have to be expensive. This doesn’t need fancy words This doesn’t require gilted certificates This isn’t demanding This needs no awards This isn’t covered in glory. Step-by-Step Instructions: 1. Assets, what do you have? 2. Assets, where are they? 3. Who’s got access to them? 4. What DO they do, what is their purpose? 5. What’s on them? 6. Which ones do you need to care about?…

The OWASP Podcast Series

1
OWASP Flagship Projects - Episode 02 25:05

for 4 years siden25:05

25:05

In this episode of the People | Process | Technology podcast, I speak with Seba Deleersnyder from the Software Assurance Maturity Model, Carlos Holguera and Sven Schleier from the Mobile Security Testing Guide, and Bjoern Kimminich from the Juice Shop Project. This is part of an ongoing podcast series, highlighting the OWASP Flagship Projects that will be featured at the OWASP 20th Anniversary Celebration in September. I talk with the project leads to hear what they have been working on for the past year, what their plans are for the coming year, and what we can expect to see at the conference in September. Support for this broadcast is provide by OWASP, celebrating twenty years of making software safer. OWASP hosts their 24 hour, 20th Anniversary Celebration in September. Head to 20thAnniversary.owasp.org for your free ticket… and with support from JupiterOne, who believes that security is a basic right to every person, company, and enterprise. Security begins with cyber asset visibility, and includes understanding the relationships between those assets. Get started with your free, lifetime license at JupiterOne.com.…

Velkommen til Player FM!

Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.

Lytt til 500+ tema

20 subscribers

Lik The OWASP Podcast Series

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Amazon Basics Multipurpose Copy Printer Paper, 8.5" x 11", 20 lb, 8 Reams, 4000 Sheets, 92 Bright, White

MAYBESTA Professional Wireless Lavalier Lapel Microphone for iPhone, iPad - Cordless Omnidirectional Condenser Recording Mic for Interview Video Podcast Vlog YouTube

Podcaster verdt å lytte til

The OWASP Podcast Series « » 2023-04 Rethinking WAFs: OWASP Coraza

2023-04 Rethinking WAFs: OWASP Coraza

Podcaster verdt å lytte til

Velkommen til Player FM!

Amazon Basics Multipurpose Copy Printer Paper, 8.5 x 11 inches, 20 lb, 1 Ream, 500 Sheets, 92 Bright, White

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Mighty Patch™ Original patch from Hero Cosmetics - Hydrocolloid Acne Pimple Patch for Covering Zits and Blemishes in Face and Skin, Vegan-friendly and Not Tested on Animals (36 Count)

Amazon eGift Card - Happy Easter Shadows

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Lik The OWASP Podcast Series

Hurtigreferanseguide

The OWASP Podcast Series « »
2023-04 Rethinking WAFs: OWASP Coraza