พอดคาสท์ OWASP ชั้นนำ (2024)

1
ep2023-09 Vulnerable Data Gathering for AI with Arturo Buanzo Busleiman 32:38

7M ago32:38

32:38

After getting a ping from an old friend about a potential new OWASP project, I had to bring him on as a guest. He's got an interesting idea around potential vulnerabilities in web crawlers which just happen to gather data for so many AI system. We talk about that, Cybersecurity and Government and so much more.Show Links:- LinkedIn https://www.linke…

1
ep2023-08 Finding Next Gen Cybersecurity Professionals with Brad Causey 32:48

8M ago32:48

32:48

For years we've heard talk about a shortage of cybersecurity professionals so what can be done about that? In this episode, I speak to Brad Causey who has taken one approach he's found successful. We cover the trade-offs of his approach and how, should you agree with him, you can help fill those troubling vacancies at your company.Show Links:- Secu…

1
ep2023-07 What's Audit got to do with IT 33:40

9M ago33:40

33:40

In this episode we talk with Zain Haq and take a leap and bound over the first and second line to discover more about the third line - internal audit. We discover answers to a number of questions: What role does audit play in the overall cybersecurity of an organization? What does the CISO gain from having an audit function? What makes a good audit…

1
SBOMS, CycloneDX and Dependency Track: Automation for Survival with Steve Springett 29:32

10M ago29:32

29:32

Software supply chain seems to be front and center for technologists, cybersecurity and many governments. One of the early pioneers in this space was Steve Springett with two highly successful projects: OWASP Dependency Track and CycloneDX. In this episode, we catch up with Steve to talk about how he got started in software supply chain management …

1
AppSec at 40,000 feet 44:02

11M ago44:02

44:02

In this episode I speak with Jerry Hoff who provides some very interesting perspective on application security especially at scale and from a high level view like that of a CISO. Even if you're not in a senior leadership position, you're likely to be reporting to one. Understanding that point of view can help you successfully frame your work and ac…

1
AppSec Days PNW 2023 Portland: A conversation with Jeevan Singh and Chelsea Willis 26:43

11M ago26:43

26:43

AppSec Days PNW leaders Jeevan Singh and Chelsea Willis join us to talk about the upcoming OWASP collaborative event from the OWASP chapters of Vancouver, Victoria, Seattle, and Portland happening this year in Portland on June 10th. AppSec Days PNW has been running for three years now and this is the first in person event. You can learn more and re…

1
2023-04 Rethinking WAFs: OWASP Coraza 29:14

12M ago29:14

29:14

WAFs have been with us a while and it's about time someone reconsidered WAFs and their role in AppSec given the cloud-native and Kubernetes landscape. The OWASP Coraza is not only asking these questions but putting some Go code behind their ideas. Should WAFs work in a mesh network? Why create an open source WAF? What's next for the OWASP Coraza pr…

1
2023-03 Point of Scary - the POS ecosystem 34:46

1y ago34:46

34:46

In this episode I speak with Aaron about Point of Sale or POS systems. He's been investigating the security of POS systems for quite some time now and brings to light the state of the POS ecosystem. Buckle your seat belts, this is going to be a bumpy and very interesting ride.โดย The OWASP Podcast Series

1
2023-02 Isolation is just PEACHy 33:54

1y ago33:54

33:54

In this episode I speak with Amitai Cohen who's been thinking a lot about tenant isolation. This is a problem for more then just cloud providers. Anyone with a SaaS offering or even large enterprise may want to isolate customers or parts of their business from each other. Several useful items came out of this including the Cloud VulnDB which catalo…

1
OWASP Ep 2023-01: Audit, Compliance and automation, Oh my! 27:35

1y ago27:35

27:35

In this episode, I speak with Caleb Queern, one of the authors of "Investments Unlimited" a book I highly recommend you get and read. While the book is fiction, there's a great deal of truth in the story about how automation can work for more than just DevSecOps. Compliance and audit also deserve a seat at the table. Learn how you can get more code…

1
2022 Year in Review 14:19

1+ y ago14:19

14:19

In this episode, I go solo and review the last year of podcasts but with a twist. I do my best to compare the topics covered to the OWASP Flagship projects. The goal is to see if the episodes I recorded this year match up with the projects strategically important to OWASP. Plus, the holiday listeners get gifts all around as I cover (and link) the O…

1
You've got some Kubernetes in my AppSec! 41:44

1+ y ago41:44

41:44

In this episode, I speak with Jimmy Mesta, the project leader of the new OWASP Kubernetes Top 10. Beyond covering the actual Kubernetes Top 10 project, we cover how AppSec has expanded to cover other areas. You not only have to ensure that your application is secure, you need to ensure the security of the environment in which it runs. That environm…

1
Little Zap of Horrors 33:09

1+ y ago33:09

33:09

In this episode, I speak with Simon Bennetts, the creator of OWASP Zed Attack Proxy lovingly known as ZAP. We talk about how it all got started, some of the surprises and lessons learned running a wildly successful open source project. We also cover how some security controls can sometimes actually hurt security. It's an interesting discussion I th…

1
Breaching the wirefall with community 39:35

1+ y ago39:35

39:35

In this episode, Matt Tesauro hosts wirefall to talk about creating and growing a security community and his 26 years of pen testing experience. In wirefall's case, it's the Dallas Hackers Association or DHA. Our conversation includes what motivated him to create DHA, the lessons he's learned, challenges faced and what success looks like today. He …

1
Going Way Beyond 2FA 30:45

1+ y ago30:45

30:45

In this episode, Matt Tesauro hosts Neil Matatall to talk about going beyond 2FA as he relates lessons learned from Twitter and Github on account security. This is another episode with some good nuggets of wisdom and some sound advice for those writing or maintaining APIs. It's obvious that Neil has not only spent time doing solid engineering work …

1
Getting Lean and Mean in the DefectDojo 30:44

1+ y ago30:44

30:44

In this episode, Matt Tesauro hosts Greg Anderson and Cody Maffucci to talk about OWASP DefectDojo. DefectDojo is an OWASP flagship project that aims to be the single source of truth for AppSec or Product Security teams. It provides a single pane of glass for security programs and can import and normalize over 150 different security tools. I though…

1
Giving a jot about JWTs: JWT Patterns and Anti-Patterns - OWASP Podcast e002 33:22

2y ago33:22

33:22

In this episode, Matt Tesauro hosts David Gillman about JWT Patterns and Anti-Patterns. I first met David at LASCON in the fall of 2021 when I sat in on his conference talk. Based on David’s experiences with JWTs we discuss where JSON Web Tokens can help and harm developers who use them. It seems like JWTs can be a mixed bag mostly determined by ho…

1
Threat Modeling using the Force with Adam Shostack - OWASP Podcast e001 47:35

2y ago47:35

47:35

In this episode, Matt Tesauro hosts Adam Shostack to talk about threat modeling - not only what it is but what Adam has learned from teaching numerous teams how to do threat modeling. Learn what makes a good threat model and some news about a new book from Adam to help further the spread of threat modeling with the end goal of more threat modeling …

1
The Void: Verica Open Incident Database 43:43

2y ago43:43

43:43

Welcome back to the OWASP podcast. In this episode, we're headed to The VOID. I speak with Courtney Nash about the Verica Open Incident Database, otherwise known as The VOID, which is a collection of software-related incident reports available at https://www.thevoid.community/. It's a fascinating discussion about how, by gathering data from The VOI…

1
Fast Times at SBOM High with Wendy Nather and Matt Tesauro 42:36

2y ago42:36

42:36

Hello, it's Matt Tesauro. Welcome back to my take on the OWASP Podcast. It seems as if I'm turning my episodes into the equivalent of a conference hall track, those wonderful interactions you have at conferences, running between rooms at conferences, meeting up with smart minds you don't see all the time.I have the pleasure of reuniting with Wendy …

1
SAFe or UnSAFe at Any Speed 32:11

2y ago32:11

32:11

“I absolutely hate SAFe!” -- Bryan FinsterThat is Bryan Finster, Distinguished Engineer at Defense Unicorns out of Colorado Springs. I was scrolling through LinkedIn a couple days ago, saw a thread on SAFe, The Scaled Agile Framework, and what I was seeing wasn’t exactly… well, what you’d expect to hear about a framework that’s being used by over 2…

1
Tanya Janca - She Hacks Purple 48:24

2y ago48:24

48:24

Hello, I'm Matt Tesauro, one of the OWASP Podcast co-hosts. I had the opportunity to interview Tanya Janca for this podcast. To be honest, I kind of wish it was a video recording because you'd be able to see the big smiles and vigorous head nodding during the recording. Tanya and I are in violent agreement about all things appsec, and it shows.Ther…

1
New Ideas. New Voices. New Hosts. 18:21

2y ago18:21

18:21

8 years ago I took over the OWASP Podcast from Jim Manico, originator of the project. In that time over 160 episodes have been published, with over 500,000 downloads. It has been a fun project, but it’s time to change things up a bit.There is a lot going on at OWASP, even more going on with the technology industry when it comes to cybersecurity. It…

1
The InfoSec Color Wheel with Jasmine Henry 27:50

2+ y ago27:50

27:50

We’ve all heard of “Red Teams” and “Blue Teams” when it comes to cybersecurity. But what about the “Purple Team”, the “Yellow Team” or the “Blue Team”. What are those?In February of 2020, Louis Cremen introduced the InfoSec Colour Wheel to the security community. The wheel expands upon April Wright’s work on bringing builders into the security team…

1
OWASP Portland Training Day Sponsor Highlight - Cambia Health 13:02

2+ y ago13:02

13:02

Support the showโดย OWASP PDX

1
OWASP Portland Training Day Sponsor Highlight - Summit Security Group 14:43

2+ y ago14:43

14:43

Summit Security Group is a long time partner of Portland OWASP Training Day and this year's CTF sponsor. David Quisenberry interviews Summit Security Group Managing Director and Founder Dan Briley to talk about their services, trends they are seeing in their security consulting practice, and ways they encourage a learning lifestyle at Summit. Suppo…

1
Michael Allen Lake - From the JEDI Initiative to the New U.S. Digital Corps 43:02

2+ y ago43:02

43:02

Our special guest today is Michael Allen Lake who is a digital transformation consultant focused on innovation and change adoption within the Federal government. He has worked on projects at nine different Federal agencies. His experience ranges from helping organizations leverage data as a strategic asset to the adoption and promotion of enterpris…

พอดคาสต์ที่ควรค่าแก่การฟัง

OWASP พอดคาสต์

พอดคาสต์ที่ควรค่าแก่การฟัง

1
Open Web Application Security Project (OWASP) - Portland, Oregon Chapter

OWASP PDX

1
The OWASP Podcast Series

The OWASP Podcast Series

1
ep2023-09 Vulnerable Data Gathering for AI with Arturo Buanzo Busleiman 32:38

1
ep2023-08 Finding Next Gen Cybersecurity Professionals with Brad Causey 32:48

1
ep2023-07 What's Audit got to do with IT 33:40

1
SBOMS, CycloneDX and Dependency Track: Automation for Survival with Steve Springett 29:32

1
AppSec at 40,000 feet 44:02

1
AppSec Days PNW 2023 Portland: A conversation with Jeevan Singh and Chelsea Willis 26:43

1
2023-04 Rethinking WAFs: OWASP Coraza 29:14

1
2023-03 Point of Scary - the POS ecosystem 34:46

1
2023-02 Isolation is just PEACHy 33:54

1
OWASP Ep 2023-01: Audit, Compliance and automation, Oh my! 27:35

1
2022 Year in Review 14:19

1
You've got some Kubernetes in my AppSec! 41:44

1
Little Zap of Horrors 33:09

1
Breaching the wirefall with community 39:35

1
Going Way Beyond 2FA 30:45

1
Getting Lean and Mean in the DefectDojo 30:44

1
Giving a jot about JWTs: JWT Patterns and Anti-Patterns - OWASP Podcast e002 33:22

1
Threat Modeling using the Force with Adam Shostack - OWASP Podcast e001 47:35

1
The Void: Verica Open Incident Database 43:43

1
Fast Times at SBOM High with Wendy Nather and Matt Tesauro 42:36

1
SAFe or UnSAFe at Any Speed 32:11

1
Tanya Janca - She Hacks Purple 48:24

1
New Ideas. New Voices. New Hosts. 18:21

1
The InfoSec Color Wheel with Jasmine Henry 27:50

1
OWASP Portland Training Day Sponsor Highlight - Cambia Health 13:02

1
OWASP Portland Training Day Sponsor Highlight - Summit Security Group 14:43

1
Michael Allen Lake - From the JEDI Initiative to the New U.S. Digital Corps 43:02

คู่มืออ้างอิงด่วน