Ep. 123: Goals of Security Culture - Sort of?

Ep. 123: Goals of Security Culture - Sort of?

Author: Jardine Software Inc. February 18, 2025 Duration: 7:56
DevelopSec: Developing Security Awareness
TechnologyEducationNews
In this episode, I talk about how security is a part of everyone's role and the labeling of "Security Culture". I share some ideas on how to improve on role based security awareness and building stronger relationships between security and the rest of the organization. For more info go to https://www.developsec.com or follow us on X (@developsec). Send us Fan Mail For more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is brought to you by Jardine...

Ever find yourself wondering how the digital tools you build every day can be made more resilient? DevelopSec: Developing Security Awareness, from Jardine Software Inc., digs into the practical realities of application security. This isn't about abstract theory; it's a grounded conversation for developers, engineers, and tech leaders who know that security is now a core part of the development lifecycle. Each episode focuses on a specific topic, breaking down how vulnerabilities emerge in code and, more importantly, how to identify and mitigate them before they become a problem. You'll hear straightforward discussions on everything from common coding flaws to emerging threats, providing actionable insights you can apply directly to your projects. The goal is to build a more intuitive security mindset, transforming it from a compliance checkpoint into a natural part of the development process. Tune into this podcast for a clear-eyed look at securing applications, where complex concepts are made accessible without sacrificing depth. It's a resource for anyone ready to move beyond curiosity and actively strengthen their work.
Author: Language: English Episodes: 100

Official website RSS
youtubelinkedinspotify
DevelopSec: Developing Security Awareness
Podcast Episodes
Ep. 49: Should Password Change Invalidate Access Tokens? [not-audio_url] [/not-audio_url]

Duration: 16:13
Interesting question was raised around changing a password and the need to invalidate all the access tokens for the associated mobile devices. James talks about his view on the topic and how you can analyze your situatio…
Ep. 48: Pokemon Go Security Discussions [not-audio_url] [/not-audio_url]

Duration: 18:58
Pokemon Go has taken the world by storm and as always, it brings up some things to talk about regarding security. In this episode James talks about some out of the box security thoughts regarding mobile applications incl…
Ep. 47: Account Lockouts and auto-unlock [not-audio_url] [/not-audio_url]

Duration: 10:54
A question came in regarding auto-unlock of accounts and account lockout in general. James discusses his thoughts on this process and how he approaches these types of questions. For more info go to https://www.developsec…
Ep. 46: Password Confirm Boxes [not-audio_url] [/not-audio_url]

Duration: 11:41
A question came in around the need for the password confirm box on registration screens and the security implications. In this episode I respond to the question and give some insights on how to approach these types of qu…
Ep. 45: The importance of WHY [not-audio_url] [/not-audio_url]

Duration: 22:45
We are too quick to just give generic recommendations for resolving security vulnerabilities. We need to make sure that the application teams understand why these are vulnerabilities and why they are important. It all st…
Ep. 44: "We don't support Macs" [not-audio_url] [/not-audio_url]

Duration: 12:02
When a developer was presented with a but they tried to say that it wasn't an issue because it was found by a tester using a Mac. "We don't support Macs" James talks about how this is a fundamental misunderstanding about…
Ep. 43: Reflecting on Current AppSec Training [not-audio_url] [/not-audio_url]

Duration: 22:01
James reflects on the current way we expect application teams to get security training and potential short falls. Is there a better way? Listen as I talk through some different points on the topic. For more info go to ht…
Ep. 42: The Need for Better Secure Code Examples [not-audio_url] [/not-audio_url]

Duration: 21:38
How do you get your secure coding information? Do you pull code snippets from the internet? Who doesn't. How many of those actually use secure coding best practices. We have a challenge where most of our books, tutorials…
Ep. 41: Why You Need an Application Inventory [not-audio_url] [/not-audio_url]

Duration: 18:21
Do you use an application inventory in your application security program? James discusses what an application inventory is and why it is important. Here is a list of a few tools that can be used to help identify some app…
Ep. 40: Getting More Value from Pen Tests [not-audio_url] [/not-audio_url]

Duration: 16:48
Penetration tests provide a measuring stick for security, but are you missing out on additional value? James discusses ways to use the pen test results to get more value out of a penetration test. James will be providing…

«1...5678910»