• Skip to main content
  • Skip to primary sidebar
  • Skip to footer

DevelopSec

  • Home
  • Podcast
  • Blog
  • Resources
  • About
  • Schedule a Call

Podcast

December 19, 2021 by James Jardine Leave a Comment

Ep. 118: Log4J Sparking Thought on Vulnerable Components

Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vulnerable? If so, what needs to be done?

Listen to the Episode:

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

[Read more…] about Ep. 118: Log4J Sparking Thought on Vulnerable Components

Filed Under: Podcast Tagged With: application security, application security program, AppSec, leadership, owasp, podcast, secure development, security training, training, vulnerable component

February 10, 2020 by James Jardine Leave a Comment

Ep. 117: How Browsers are Helping with Security

Browsers play a role in web application security, but where does their responsibility stop and the developer’s start? In this episode, we are going to discuss a few changes happening in the Chrome browser, that change security by default.

Listen to the Episode:

SameSite Default
Chrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is coming up fast. I wrote about this here: https://www.jardinesoftware.net/2019/10/28/samesite-by-default-in-2020/

This change could impact any application and as developers we should be aware of security defaults in the browsers.

Mixed Content
Also, they are getting ready to start blocking mixed content downloads:
https://blog.chromium.org/2020/02/protecting-users-from-insecure.html

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

[Read more…] about Ep. 117: How Browsers are Helping with Security

Filed Under: Podcast Tagged With: application security, AppSec, awareness, chrome, cross site request forgery, developer training, mixed content, same site, samesite, secure development, secure training, security training, training

November 15, 2019 by James Jardine Leave a Comment

Ep. 116: Chrome Retires XSS Auditor

Do you rely on the browser to protect your application from Cross-Site Scripting? Over the years, many of the popular browsers attempted to create these XSS filters to help reduce the risk of the vulnerability. Unfortunately, over the years we have seen a lot of bypasses to these filters. Chrome announced they are removing their XSS Auditor. Hear some of our thoughts on the changes.

Listen to the Episode:

 

References

https://www.chromium.org/developers/design-documents/xss-auditor

[Read more…] about Ep. 116: Chrome Retires XSS Auditor

Filed Under: Podcast Tagged With: application security, AppSec, cross site scripting, developer training, sdlc, secure code, secure development, secure sdlc, security awareness, training, xss

November 7, 2019 by James Jardine Leave a Comment

Ep. 115: Is CSRF Really Dead?

In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead?

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.

 DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

[Read more…] about Ep. 115: Is CSRF Really Dead?

Filed Under: Podcast Tagged With: app sec, application security, AppSec, cross site request forgery, CSRF, pen testing, secure development, security education, security testing

October 29, 2019 by James Jardine Leave a Comment

Ep. 114: Investing in People for Better Application Security

In this episode, James talks about investing in the development teams to increase application security priorities.

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.

 DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.

[Read more…] about Ep. 114: Investing in People for Better Application Security

Filed Under: Podcast Tagged With: app sec, AppSec, developer training, qa, qa security, secure development, security, security awareness, security training, training

June 26, 2018 by James Jardine Leave a Comment

Ep. 102: Intro to Web Security Policies

In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation.

Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03

Link to form to create the file: https://securitytxt.org/

Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

Join the conversations.. join our slack channel.  Email james@developsec.com for an invitation.

DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.

[Read more…] about Ep. 102: Intro to Web Security Policies

Filed Under: Podcast Tagged With: app sec, applicaiton security, AppSec, bug bounty, DevelopSec podcast, podcast, secure development, security awareness, vulnerability disclosure

  • Go to page 1
  • Go to page 2
  • Go to Next Page »

Primary Sidebar

Contact Us:

Contact us today to see how we can help.
Contact Us

Footer

Company Profile

Are you tackling the challenge to integrate security into the development process? Application security can be a complex task and often … Read More... about Home

Resources

Podcasts
DevelopSec
Down the Security Rabbithole (#DTSR)

Blogs
DevelopSec
Jardine Software

Engage With Us

  • Email
  • GitHub
  • Twitter
  • YouTube

Contact Us

DevelopSec
Email: james@developsec.com



Privacy Policy

© Copyright 2018 Developsec · All Rights Reserved