2022 Year in Review

2022 Year in Review

Author: The OWASP Podcast Series December 30, 2022 Duration: 14:19
The OWASP Podcast Series
Technology
In this episode, I go solo and review the last year of podcasts but with a twist. I do my best to compare the topics covered to the OWASP Flagship projects. The goal is to see if the episodes I recorded this year match up with the projects strategically important to OWASP. Plus, the holiday listeners get gifts all around as I cover (and link) the OWASP Flagship projects. Show Links: - (January) New Ideas, New Voices, New Hosts: https://soundcloud.com/owasp-podcast/new-ideas-new-voices-new-hosts - (February) Tanya Janca - She Hack Purple: https://soundcloud.com/owasp-podcast/tanya-janca - SAMM (Software Assurance Maturity Model): https://owaspsamm.org/ - (March) Fast Times at SBOM High: https://soundcloud.com/owasp-podcast/fast-times-at-sbom-high-with-wendy-nather-and-matt-tesauro - CycloneDX: https://cyclonedx.org/ - Dependency-Track: https://dependencytrack.org/ - Dependency-Check: https://jeremylong.github.io/DependencyCheck/ - (April) The VOID: Verica Open Incident Database: https://soundcloud.com/owasp-podcast/the-void-verica-open-incident-database - Web Security Testing Guide: https://owasp.org/www-project-web-security-testing-guide/ - Mobile Application Security Guide: https://mas.owasp.org/ - (May) Threat Modeling using the Force: https://soundcloud.com/owasp-podcast/threat-modeling-using-the-force-with-adam-shostack-owasp-podcast-e001 - ASVS (Application Security Verification Standard): https://owasp.org/www-project-application-security-verification-standard/ - AMASS: https://owasp.org/www-project-amass/ - (June) Giving a jot about JWTs: JWT Patterns and Anti-Patterns: https://soundcloud.com/owasp-podcast/owasp-podcast-giving-a-jot-about-jwts-jwt-patterns-and-anti-patterns - Cheat Sheet Series: https://cheatsheetseries.owasp.org/ - API Top 10: https://owasp.org/www-project-api-security/ - (July) Getting Lean and Mean with DefectDojo: https://soundcloud.com/owasp-podcast/getting-lean-and-mean-in-the-defectdojo - DefectDojo: https://www.defectdojo.org/ - (August) Going Way Beyond 2FA: https://soundcloud.com/owasp-podcast/going-way-beyond-2fa - ModSecurity Core Rule Set: https://coreruleset.org/ - (September) Breaching the wirefall with community: https://soundcloud.com/owasp-podcast/breaching-the-wirefall-with-community - Security Shepherd: https://owasp.org/www-project-security-shepherd/ - Juice Shop: https://owasp.org/www-project-juice-shop/ - Security Knowledge: https://owasp.org/www-project-security-knowledge-framework/ - (October) Little Zap of Horrors: https://soundcloud.com/owasp-podcast/little-zap-of-horrors - Zed Attack Proxy (ZAP): https://www.zaproxy.org/ - OWTF (Offensive Web Testing Framework): https://owtf.github.io/ - (November) You've got some Kubernetes in my AppSec: https://soundcloud.com/owasp-podcast/youve-got-some-kubernetes-in-my-appsec - OWASP Top 10: https://owasp.org/www-project-top-ten/ - CSRFGuard: https://owasp.org/www-project-csrfguard/

Tune in to The OWASP Podcast Series for genuine conversations that go beyond the headlines of cybersecurity. Instead of dry lectures, you'll hear from the people actually building, testing, and defending the software that shapes our world. Each episode sits down with a different practitioner or innovator, pulling insights directly from their daily work and long-term vision. The discussions are grounded in the real challenges of application security, offering practical knowledge and forward-thinking strategies. This podcast provides a unique audio space to understand the evolving threats and defensive techniques critical for our digital infrastructure. You’ll find the dialogue is both technical and accessible, demystifying complex topics through the experiences of those on the front lines. The goal is to share actionable wisdom from the OWASP community and its extended network, focusing on how to create more resilient systems. By listening, you gain a deeper appreciation for the ongoing effort required to secure technology for everyone. It’s an essential resource for developers, security professionals, and anyone curious about the foundational work of safeguarding our connected future. The series turns abstract concepts into tangible lessons, all through the voices of the individuals dedicated to this crucial mission.
Author: Language: English Episodes: 100

Official website RSS
youtubelinkedingithub
The OWASP Podcast Series
Podcast Episodes
Strategic Asymetry - Leveling the Playing Field w/ Chetan Conikee [not-audio_url] [/not-audio_url]

Duration: 34:42
"In the past when we were writing software, it was our engineers and our organizations that had total cost of ownership of that software. But now, that has fundamentally changed. Engineers are using open source software…
Threat Modeling - A Disaster Story with Edwin Kwan [not-audio_url] [/not-audio_url]

Duration: 18:05
We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussi…
The DevSecOps Unicorn Rodeo w/ Stefan Streichsbier [not-audio_url] [/not-audio_url]

Duration: 23:24
Stefan Streichsbier talks about his chapter, "Unicorn Rodeos", in the just released book, "Epic Failures in DevSecOps". We start with where did the chapter name come from and what does it mean, then lead into his three m…
The DevSecOps Experiment [not-audio_url] [/not-audio_url]

Duration: 14:22
DJ Schleen talks about his upcoming 15 part video series, "The DevSecOps Experiment", where he will walk through the setup of a software supply chain, including building in security during every step of the process. This…
Open Source Vulnerabilities - Who is Ultimately Responsible [not-audio_url] [/not-audio_url]

Duration: 46:31
In this broadcast, I speak with Chris Roberts and Derek Weeks about lines of responsibility and npm package highjacking in light of the event-stream vulnerability announcement last week. The announcement of the event-str…
event-stream: Analysis of a Compromised npm Package [not-audio_url] [/not-audio_url]

Duration: 21:36
Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas H…
Spy vs Spy in Application Security: Harvesting Adversaries [not-audio_url] [/not-audio_url]

Duration: 16:13
"The guy who wrote wifi software with SSID never imagined that someone could use that SSID to transmit data by writing two smaller applications to leverage it. We are constantly going to be in this [type of] battle. Ulti…
Moving from Projects to Products w/ Mik Kersten [not-audio_url] [/not-audio_url]

Duration: 39:24
"If you look inside a large enterprise IT organization, they have this very bizarre and broken layer that's completely separating the way that business thinks in terms of products, budgets and costs, and the way IT peopl…
The Journey to Open Source at Capital One w/ Tapabrata "Topo" Pal [not-audio_url] [/not-audio_url]

Duration: 19:44
Why would you allow open source usage in your company. What are the compelling reasons to take the risk. In this discussion, I talk with Topo Pal and Derek Weeks about the industry perception of open source and what's re…
The Future of Software and DevOps / with Sacha Labourey [not-audio_url] [/not-audio_url]

Duration: 23:22
"The compensation, the incentives that people have are very much anchored in short term objectives that do not take into account the vision for the bigger transformations that are happening within the market." -- Sacha L…

«1...345678910»