Application Security Weekly Episode #141 – March 01, 2021
Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe
1. Hackable; How to do Application Security Right – 12:30 PM-01:00 PM
Announcements
-
Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!
-
If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!
Description
In looking at how to do application security right we talk about understanding the difference between defining types of security testing and the goals that security testing should be aiming for. Plus, we highlight how doing security right also means shifting left in terms of addressing security issues in the design phase. And throughout all this is the importance of being able to communicate security principles and how your design and testing reduces risk.
Register for the DevSecOps eSummit for which Ted will be a panelist:
https://onlinexperiences.com/Launch/QReg.htm?ShowUUID=5673DA7C-B8C2-4A3E-B675-C6BBF45DC04F
Guest(s)
Ted Harrington – Executive Partner at Independent Security Evaluators |
Ted Harrington is the #1 best selling author of HACKABLE: How to Do Application Security Right, and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for hacking cars, medical devices, web applications, and password managers. He’s helped hundreds of companies fix tens of thousands of security vulnerabilities, including Google, Amazon, and Netflix. Ted has been featured in more than 100 media outlets, including The Wall Street Journal, Financial Times, and Forbes. His team founded and organizes IoT Village, an event whose hacking contest is a three-time DEF CON Black Badge winner. |
Hosts
John Kinsella – Chief Architect at Accurics |
Matt Alderman – Executive Director at CyberRisk Alliance |
Mike Shema – Product Security Lead at Square |
2. JSON, OpenSSL, Educational Resources, & Flaws in CodeQL – 01:00 PM-01:30 PM
Announcements
-
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
-
Our next live webcast will be on March 18th at 11am ET where you will learn how to Prepare Linux Hosts for Unexpected Threats! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand
Description
This week on the Application Security News, Implementation pitfalls in parsing JSON, finding all forms of a flaw with CodeQL, more educational resources for hacking apps, engineering and product management practices for DevOps, & more!
Hosts
John Kinsella – Chief Architect at Accurics |
Matt Alderman – Executive Director at CyberRisk Alliance |
Mike Shema – Product Security Lead at Square
|