In this episode I talk about the evolving world of ransomware. I discuss a few examples of unique tactics the malicious actors are using to put pressure on organizations to pay the ransom. Referenced Articles: https://www.theregister.com/

Ep. 120: Addressing Root Cause - Vulnerable Components

Jan 31st, 2023 16m 31s

In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@dev

Ep. 119: Risks of SpellCheck

Jan 19th, 2023 12m 36s

In this episode we talk about the spell check feature of the browser and how it could present a risk to sensitive data. Link to article referenced: https://www.darkreading.com/application-security/spellchecking-google-chrome-microsoft-edge

Log4J Sparking Thought on Vulnerable Components

Dec 19th, 2021 24m 28s

Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vul

How Browsers are Helping with Security

Feb 9th, 2020 13m 50s

Chrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is coming up fast. I wrote about this here: https://www.jardinesoftware.net/2019/10/28/samesite

Chrome Retires XSS Auditor

Nov 15th, 2019 14m 8s

It was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a developer? https://www.chromium.org/developers/design-documents/xss-auditor For more info go to

Is CSRF Really Dead?

Nov 6th, 2019 15m 10s

In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversatio

Investing in People for Better Application Security

Oct 29th, 2019 24m 38s

In this episode, James talks about investing in the development teams to increase application security priorities. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack cha

What is your mother's maiden name?

May 28th, 2019 21m 1s

In this episode, James talks about some of the risks and recommendations around security questions and their implementation. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join ou

Application Fingerprinting

Jan 22nd, 2019 21m 5s

Does your application give away details about it server, framework, or other components? How is this information used by an attacker? Check out this episode to learn more. For more info go to https://www.developsec.com or follow us on twitter

Authentication Alerts

Jan 14th, 2019 16m 8s

Would you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credential stuffing, there must be a way to be alerted to account access. James talks about authentication alerts, what they are, an

Implementation Matters

Jan 7th, 2019 19m 18s

James discusses how implementation matters with security controls and how it changes priorities. This came about after reading the following story: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbug For mor

2018 Reflection

Jan 2nd, 2019 27m 27s

I talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previous year and goals. I also talk about some new training I am providing. For more info go to https://www.developsec.com or f

Dunkin Donuts Breach, Maybe?

Dec 12th, 2018 18m 26s

In this episode James talk about the Dunkin Donuts Perks breach. This is an interesting situation as the accounts were access using the victim's username and password found from another data breach. The issue: Password Reuse. Could D&D have pr

Credential Stuffing

Nov 9th, 2018 18m 37s

In this episode James talks about what credential stuffing is, how if affects your apps, and how you can look to defend against it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.

Facebook Breach Take-aways and Insights

Oct 4th, 2018 31m 19s

James talks about the Facebook breach and shares some insights into how you can take steps to prevent this type of incident in your applications. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the

Interview with Eric Johnson

Sep 20th, 2018 57m 12s

I sit down with Eric Johnson to talk about security in the IDE and other fun topics. A bit longer than usual, but full of great information. You can reach out to Eric on twitter @emjohn20 or check out his site at https://www.pumascan.com. Fo

Securing Devops with Julien Vehent

Aug 30th, 2018 45m 8s

James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world. Julien (@jvehent) is a security architect and engineering manager with over 15 years of experience in large organizations a

Is 3rd Party Authentication Right For Your Application?

Aug 16th, 2018 18m 17s

The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd party to authenticate your users. While this cuts a lot of work out of your development time, it is impor

Intro to Web Security Policies

Jun 26th, 2018 16m 42s

In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation. Link to Draft: https://tools.ietf.org/ht

You're not always right and that is ok

Jun 18th, 2018 20m 59s

In this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn too. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join

Choosing Security Tools

Jun 7th, 2018 26m 37s

In this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify security issues within our applications. The trick is to learn to identify which ones make the m

Shifting Left in the SDLC

May 30th, 2018 19m 57s

In this episode, James talks about what it means to shift left in the SDLC. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for

Efail and News Hype

May 15th, 2018 18m 8s

In this episode we talk about efail and the HYPE around security news. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com fo

Gmail / Netflix Potential Scam

Apr 23rd, 2018 18m 28s

** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. For schedules and information check out https://www.jardinesoftware.com/fundamentals-of-application-security/ ** In this epi

Rate

Contact This Podcast

Get this podcast via API

Join Podchaser to...

Rate podcasts and episodes
Follow podcasts and creators
Create podcast and episode lists
& much more

Unlock more with Podchaser Pro

Audience Insights

Contact Information

Demographics

Charts

Sponsor History

and More!

Resources
Help Center
Blog
API

Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More