People | Process | Technology Podcast

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Virtual Village Project with project lead Evin Hernandez. The Virtual Village provides users with access to numerous operating system's Desktop as well as Servers. Users are able to create custom apps for other OWASP projects, as well as be able to request test environments , or honey pots , etc.

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Juice Shop Project with project lead Bjoern Kimminich. The Juice Shop is an intentionally insecure webapp for security training, written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Bjoern Kimminich (Project Leader OWASP Juice Shop) Personal Twitter: http://twitter.com/bkimminich OWASP Juice Shop Project Twitter: http://twitter.com/owasp_juiceshop Project Wiki Page: https://www.owasp.org/index.php/OWASP_Juice_Shop_Project Main Github Project: https://github.com/bkimminich/juice-shop Juice Shop CTF-Extension Project: https://github.com/bkimminich/juice-shop-ctf

"Why does OWASP even exist? Why do we even have this idea of understanding common issues, common problems. There are resources to help us do it better next time. I feel we are not learning at the curve where we should be, considering the resources available to us." -- Jaya Baloo As CISO of KPN, the largest telecom in the Netherlands, Jaya Baloo has a lot on her mind, but maybe not what you'd think. In this free wheeling discussion, we begin with what Jaya will be talking about during her keynote at AppSec EU 2017 in Belfast, and then move into cryptography, quantum technologies, and her concerns with the way software is currently built.

Brian Fox and Shannon Lietz talk about the recent announcement of the struts 2 vulnerability: What is it, how can it affect you, what you can do about it. You can view this broadcast as video on YouTube: https://www.youtube.com/watch?v=EzRKOudJPtQ

In mid-May I'll be joining the organizing team of AppSec EU 2017 in Belfast for a week of security and DevOps sessions. Listen in as Gary Robinson, Michelle Simpson and Owen Pendlebury talk about what's planned for the week.

In preparation for her keynote session at AppSec EU 2017 in Belfast, Shannon Lietz continues to explore the integration of DevOps and security. This is a recording of her session at RSAC 2017 in San Francisco.

Shannon Lietz, DevSecOps Lead at Intuit, will be giving a keynote presentation at AppSec EU 2017, Belfast. I talked with Shannon about what she will be presenting and why she is so excited to return to Ireland.

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is one of the most used projects at OWASP. With the current team headed by Bruce Mayhew, Nanne Baars and Jason White, work is moving forward on the creation of new content for creating training lessons for application security. I talked with Bruce and team about what they've done with the latest update and what they hope to accomplish in the coming year.

The OWASP ModSecurity Core Rule Set Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application. Chaim Sanders,Ryan Barnett, Christian Folini and Walter Hop are the team coordinating the project. During 2016 AppSec USA, I spoke with Chaim about the purpose of the project, the work work done in the past year, the upcoming release and what the team hopes to accomplish in 2017. https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

This is a live recording from 2016 IP Expo London, with Shannon Lietz (Intuit), Chris Swan (CSC) and host Mark Miller (Sonatype) discussing the future of security as it relates to DevOps. Shannon and Chris are real world practitioners, bringing stories from the trenches. We initially start with where the term DevSecOps came from, then move on to the future of automated security as part of the DevOps ecosystem.

Today's podcast is the fourth in a series of four, talking with prospective 2016 board members. Today's question is, "What is more important to you as a candidate 1) Members 2) Projects 3) Conferences 4) Chapters " The format for today's Q&A with potential board members is simple. We ask a single question. Each candidate has 2 minutes to respond to the question. These recordings were done using google hangouts, so there will be slight sound glitches and background noises during some of the answers.

Today's podcast is the third in a series of four, talking with prospective 2016 board members. Today's question is, "What is the single most important issue for you to tackle if elected to the board?" The format for today's Q&A with potential board members is simple. We ask a single question. Each candidate has 2 minutes to respond to the question. These recordings were done using google hangouts, so there will be slight sound glitches and background noises during some of the answers.

Today's podcast is the second in a series of four, talking with prospective 2016 board members. Today's question is, "Do you consider vendor neutrality an issue at OWASP? If so, why?" The format for today's Q&A with potential board members is simple. We ask a single question. Each candidate has 2 minutes to respond to the question. These recordings were done using google hangouts, so there will be slight sound glitches and background noises during some of the answers.

Today's podcast is the first in a series of four, talking with prospective 2016 board members. Today's question is, "What kind of action plan do you have in mind to help motivate the participation of Developers into OWASP community." The format for today's Q&A with potential board members is simple. We ask a single question. Each candidate has 2 minutes to respond to the question. These recordings were done using google hangouts, so there will be slight sound glitches and background noises during some of the answers.

From October 11 - 14, 2016, appsec professionals from around the world will gather in Washington DC to participate in one of this year's main OWASP events, AppSec USA 2016. In this broadcast, I speak with three organizers of the event (Andrew Weidenhamer, Mike McCabe, Patrick Cooley )to get insight as to what to anticipate at the conference, the unique qualities of an AppSec USA event, and a sneak peek at the sessions that will be given over the 4 day event.