Saturday, January 19, 2019
OWASP Podcast

A Concise Introduction to DevSecOps

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise...
OWASP Podcast

What’s In Store for the AppSec Cali Conference w/ Richard Greenberg

As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak...
OWASP Podcast

Epic Failures in DevSecOps w/ Aubrey Stearn

Aubrey Stearn is the Technical Lead for the Enterprise Cloud Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks about her extensive experience guiding...
OWASP Podcast

Strategic Asymetry – Leveling the Playing Field w/ Chetan Conikee

"In the past when we were writing software, it was our engineers and our organizations that had total cost of ownership of that software. But now, that has fundamentally changed. Engineers are using open source software and deploying the...
OWASP Podcast

Threat Modeling – A Disaster Story with Edwin Kwan

We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about...
OWASP Podcast

The DevSecOps Unicorn Rodeo w/ Stefan Streichsbier

Stefan Streichsbier talks about his chapter, "Unicorn Rodeos", in the just released book, "Epic Failures in DevSecOps". We start with where did the chapter name come from and what does it mean, then lead into his three main points...
OWASP Podcast

The DevSecOps Experiment

DJ Schleen talks about his upcoming 15 part video series, "The DevSecOps Experiment", where he will walk through the set setup of a software supply chain, including building in security during every step of the process. This is a...
OWASP Podcast

Open Source Vulnerabilities – Who is Ultimately Responsible

In this broadcast, I speak with Chris Roberts and Derek Weeks about lines of responsibility and npm package highjacking in light of the event-stream vulnerability announcement last week. The announcement of the event-stream npm package vulnerability has once again raised...
OWASP Podcast

event-stream: Analysis of a Compromised npm Package

Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software...
OWASP Podcast

Spy vs Spy: Harvesting Adversaries

"The guy who wrote wifi software with SSID never imagined that someone could use that SSID to transmit data by writing two smaller applications to leverage it. We are constantly going to be in this battle. Ultimately we've...
OWASP Podcast

Moving from Projects to Products w/ Mik Kersten

"If you look inside a large enterprise IT organization, they have this very bizarre and broken layer that's completely separating the way that business thinks in terms of products, budgets and costs, and the way IT people know the...
OWASP Podcast

The Journey to Open Source at Capital One w/ Tapabrata “Topo” Pal

Why would you allow open source usage in your company. What are the compelling reasons to take the risk. In this discussion, I talk with Topo Pal and Derek Weeks about the industry perception of open source and what's...
OWASP Podcast

The Future of Software and DevOps / with Sacha Labourey

"The compensation, the incentives that people have are very much anchored in short term objectives that do not take into account the vision for the bigger transformations that are happening within the market." -- Sacha Labourey, CEO, CloudBees Sacha...
OWASP Podcast

How to Build Chapter Engagement at OWASP

While at 2019 AppSec EU, I spoke with Sam StepanyanGrigorios Fragkos, chapter leaders of one of OWASP's largest chapters. The conversation centered around what does it take to grow a community, what does it take to lead a chapter.
OWASP Podcast

A Message from the Executive Producer

This is Mark Miller, Executive Producer. 4 years ago I took over the creation and curation of the OWASP podcast series. In that time, there have been 118 episodes, with a combined listenership of over 269,000 plays. The series...
ZDNet

Websites can steal browser data via extensions APIs

Researcher finds nearly 200 Chrome, Firefox, and Opera extensions vulnerable to attacks from malicious sites.
Security Affairs

6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals,...
isBuzz

Fortnite Vulnerabilities Allow Hackers To Take Over Gamers’ Accounts, Data And In-Game Currency

Cybersecurity researchers today shared details of vulnerabilities that could have affected any player of the hugely popular online battle game, Fortnite. If exploited, the vulnerability would have given an attacker full access to a user’s account and their personal information  as well...

DNC Accuses Russia, ACLU Sues ICE, and More Security News This Week

Trump dominated security headlines this week, but there's plenty of other news to catch up on.
SecurityWeek

Bulgaria Extradites Russian Hacker to US: Embassy

Bulgaria has extradited a Russian indicted by a US court for mounting a complex hacking scheme to the United States, the Russian embassy in Washington said Saturday. read more