Saturday, November 17, 2018
OWASP Podcast

Spy vs Spy: Harvesting Adversaries

"The guy who wrote wifi software with SSID never imagined that someone could use that SSID to transmit data by writing two smaller applications to leverage it. We are constantly going to be in this battle. Ultimately we've...
OWASP Podcast

Moving from Projects to Products w/ Mik Kersten

"If you look inside a large enterprise IT organization, they have this very bizarre and broken layer that's completely separating the way that business thinks in terms of products, budgets and costs, and the way IT people know the...
OWASP Podcast

The Journey to Open Source at Capital One w/ Tapabrata “Topo” Pal

Why would you allow open source usage in your company. What are the compelling reasons to take the risk. In this discussion, I talk with Topo Pal and Derek Weeks about the industry perception of open source and what's...
OWASP Podcast

The Future of Software and DevOps / with Sacha Labourey

"The compensation, the incentives that people have are very much anchored in short term objectives that do not take into account the vision for the bigger transformations that are happening within the market." -- Sacha Labourey, CEO, CloudBees Sacha...
OWASP Podcast

How to Build Chapter Engagement at OWASP

While at 2019 AppSec EU, I spoke with Sam StepanyanGrigorios Fragkos, chapter leaders of one of OWASP's largest chapters. The conversation centered around what does it take to grow a community, what does it take to lead a chapter.
OWASP Podcast

A Message from the Executive Producer

This is Mark Miller, Executive Producer. 4 years ago I took over the creation and curation of the OWASP podcast series. In that time, there have been 118 episodes, with a combined listenership of over 269,000 plays. The series...
OWASP Podcast

2018 AppSec EU London – Conference Preview

In this episode, I speak with the organizing committee of 2018 AppSec EU, hearing about what's planned and why you should consider attending this international conference in London.
OWASP Podcast

Steps to Responsible Disclosure with Bas van Schaik,Man Yue Mo and Brian Fox

On March 1, 2018, the team at Semmle announced a critical vulnerability in the Pivotal Spring framework. The vulnerability was found by security researcher Man Yue Mo at Semmle — the team behind lgtm.com. In this episode of OWASP...
OWASP Podcast

RSAC 2018 – Preview of Opening Session for DevOps Connect: DevSecOps Day

Shannon Lietz, Caroline Wong and Paula Thrasher will give the opening remarks at DevOps Connect: DevSecOps Days on April 16 at the RSAC Conference in San Francisco. On today's show, I talk with Shannon, Caroline and Paula, on what...
OWASP Podcast

HackNYC 2018: Preview with Kevin E. Greene

Prior to his work as Principal Software Assurance Engineer at MITRE, Kevin E. Greene was R&D Program Manager for the Department of Homeland Security. He is currently on the organizing committee for HackNYC, helping to organize talks and sessions...
OWASP Podcast

HackNYC 2018: Preview with Dr. Bill Curtis

In May, at HackNYC 2018 in New York City, Dr. Bill Curtis' team of Tracie Gerardi and Lev Lesokhin will deliver a presentation on putting an end to "Technical Debt". I spoke with Dr. Curtis about his work in...
OWASP Podcast

The OpenChain Project with Shane Coughlan

The OpenChain Project identifies key recommended processes for effective open source management. The project builds trust in open source by making open source license compliance simpler and more consistent. In this broadcast, I speak with Shane Coughlan, project director,...
OWASP Podcast

Expanding Community Engagement at OWASP w/ Greg Anderson

Newly elected to the OWASP board, Greg Anderson is interested in how to expand the OWASP community. I talked with him about what he hope to accomplish in his tenure on the board, the first initiatives he would like...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.