Gesamtlänge aller Episoden: 15 days 3 hours 54 minutes
Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no attention to Application Security. Security providers usually tack-on AppSec services to their existing...
As the volume of API traffic increases, it becomes a greater threat to an organization’s sensitive data. Motivated attackers will increasingly target APIs as the pathway to the underlying infrastructure and database. Imperva API Security is a new...
This week, we welcome Steve Wilson, Chief Product Officer at Contrast Security, to discuss Integrating Appsec Tools for DevOps Teams! In the AppSec news: Salesforce reveals their bounty totals for 2021, GitHub opens its advisory database for...
Lots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearly complete toolkit. But nearly complete means there's still room for improvement. We'll talk about...
Doug Kersten, CISO of Appfire, will discuss how the nature of vulnerabilities today makes it critical for developers to make sure they’re building projects in a secure manner in order to quickly mitigate vulnerabilities – or they risk being left...
Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Software and Product Assurance, Coordinated Vulnerability Disclosure (CVD), and IoT or Connected Products...
This week, we welcome Larry Maccherone, DevSecOps Transformation at Contrast Security, to discuss Shift Left, NOT S#!T LEFT! In the AppSec News: PwnKit LPE in Linux, two different smart contract logic flaws in two different hacks, a $100K bounty for...
It is hard, if not impossible, to secure something you don’t know exists. While security professionals spend countless hours on complex yet interesting issues that *may* be exploitable in the future, basic attacks are occurring every day against...
This isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's behavior from its expected functionality to printing garbage messages. The library was exhibiting the...
There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into something effective for modern apps, whether they're on the web, mobile, or cloud? We'll talk about...