Jardine Software Inc.
DevelopSec: Developing Security Awareness
Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.
Autor
Jardine Software Inc.
Categoría
Web del podcast
Último episodio
30 de ene. de 2026
¿Dónde escuchar?
Podcasts en la app Replaio Radio Muy prontoLos podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts
Episodios
Ep. 54: WAFs and Pen Testing 21.09.2016 16:19
Your pen tester want you to white list them in your WAF? What should you do? Why do they ask? James breaks it down for you in this episode. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your applicat...
Ep. 53: Chrome Changing Secure Notifications 15.09.2016 17:09
We talk HTTP/HTTPS all the time. Google just announced that in January they are going to change how they display their secure/not secure indicators for HTTP sites that have passwords or credit cards. James talks about how this can effect you. Link to the article: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html For more info go to https://www.developsec.com or follow...
Login Forms and HTTPS 07.09.2016 10:28
Are your login forms secure? Are you sure? In this episode James talks about potential risks with presenting your login forms when using HTTPS and how to avoid them. We often are focused on HTTPS for the submission of credentials, but what about the loading of the form? What about frames? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine...
Ep. 52: Importance of UI to Security 05.09.2016 11:37
The user interface plays a big part in the security of an application. We often only look at flaws such as XSS, but here James provides an example of the lack of Input Validation messages creating a Denial of Service type situation. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine...
Ep. 51: Everything is a target 29.08.2016 12:48
James discusses how all applications, big or small, are a potential target and need to have secure coding practices. We often only look at our big applications from a security perspective, but in reality, all applications pose a risk. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardin...
Ep. 50: How Serious is Username Enumeration 28.07.2016 23:06
In this episode, James talks about what Username Enumeration is, how it can be used by attackers, and some ways to help reduce the risk of it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to add value to your appli...
Ep. 49: Should Password Change Invalidate Access Tokens? 25.07.2016 16:13
Interesting question was raised around changing a password and the need to invalidate all the access tokens for the associated mobile devices. James talks about his view on the topic and how you can analyze your situation to determine the appropriate direction. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://w...
Ep. 48: Pokemon Go Security Discussions 18.07.2016 18:58
Pokemon Go has taken the world by storm and as always, it brings up some things to talk about regarding security. In this episode James talks about some out of the box security thoughts regarding mobile applications including app permissions, fake apps, and scams. **Link to James' interview on News4Jax talking about Pokemon Go Security Concerns http://www.news4jax.com/news/morning-show/p...
Ep. 47: Account Lockouts and auto-unlock 17.06.2016 10:54
A question came in regarding auto-unlock of accounts and account lockout in general. James discusses his thoughts on this process and how he approaches these types of questions. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and...
Ep. 46: Password Confirm Boxes 10.06.2016 11:41
A question came in around the need for the password confirm box on registration screens and the security implications. In this episode I respond to the question and give some insights on how to approach these types of questions from a security perspective. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardi...
Ep. 45: The importance of WHY 03.06.2016 22:45
We are too quick to just give generic recommendations for resolving security vulnerabilities. We need to make sure that the application teams understand why these are vulnerabilities and why they are important. It all starts with Why is that functionality there. James talks about the importance of understanding the WHY and how it is a building block for better secure applications. For more in...
Ep. 44: "We don't support Macs" 27.05.2016 12:02
When a developer was presented with a but they tried to say that it wasn't an issue because it was found by a tester using a Mac. "We don't support Macs" James talks about how this is a fundamental misunderstanding about security and tries to clear it up. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software...
Ep. 43: Reflecting on Current AppSec Training 21.05.2016 22:01
James reflects on the current way we expect application teams to get security training and potential short falls. Is there a better way? Listen as I talk through some different points on the topic. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application se...
Ep. 42: The Need for Better Secure Code Examples 24.04.2016 21:38
How do you get your secure coding information? Do you pull code snippets from the internet? Who doesn't. How many of those actually use secure coding best practices. We have a challenge where most of our books, tutorials, and even college classes don't show secure code examples, just code examples. Everywhere we turn, the code we see is insecure. James Talks about this issue and so...
Ep. 41: Why You Need an Application Inventory 19.04.2016 18:21
Do you use an application inventory in your application security program? James discusses what an application inventory is and why it is important. Here is a list of a few tools that can be used to help identify some application details: Consider using OWASP Dependency Check ( https://www.owasp.org/index.php/OWASP_Dependency_Check ) Retire.js will help identify out dated javascript libraries (...
Ep. 40: Getting More Value from Pen Tests 08.03.2016 16:48
Penetration tests provide a measuring stick for security, but are you missing out on additional value? James discusses ways to use the pen test results to get more value out of a penetration test. James will be providing a free webcast regarding Penetration Testing for Application Teams on March 18th, 2016. Here is the registration link: https://attendee.gototraining.com/r/3147075330537789954...
Ep. 39: Authentication 29.02.2016 19:49
James discusses what authentication is and some things to look out for. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. (https://www.jardinesoftware.com) Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Send...
Ep. 38: Static Analysis: Tips for Successful Program 07.02.2016 39:14
In this episode, James Jardine talks about some of the things you need to consider when trying to implement a static analysis program. It is more than just a tool you drop in. To build a successful program there are other considerations. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. (https://www.jardinesoftware.com) Jard...
Ep. 37: CSRF Chaining 26.01.2016 17:51
James Jardine discusses CSRF chaining, using the combination of multiple CSRF requests to perform a task. Typically we believe that CSRF can only be done with one request, but with a little javascript it is possible to execute multiple requests. Listen in for more information. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc...
Ep. 36: Intro to Cross Site Request Forgery (CSRF) 07.01.2016 23:46
In this episode, James talks about what CSRF is, why it is a risk, and different ways to protect against it. CSRF is #8 on the OWASP Top 10 https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_Request_Forgery_%28CSRF%29 Want to learn more about application security? Check out https://www.developsec.com . Follow us at @developsec on twitter. Send us Fan Mail For more info go to https://ww...
Ep. 35: An Introduction to Open Redirects 15.12.2015 17:05
James discusses Open Redirects, or on the OWASP Top 10 what is referred to as Unvalidated Redirects and Forwards ( https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards) This is an introduction to what an Open Redirect is, why it is an issue, how to protect against it and how to test for it. Send us Fan Mail For more info go to https://www.developsec.com or follow u...
Ep. 34: Importance of Hacking 11.12.2015 25:18
James discusses Hacking, what is it, why is it important. It is more than what you see in the media of the bad guys hacking computers. It is a curiosity, a hobby, an interesting in pushing limits. Some amazing things have come out of hacking. Check out this episode for more ramblings. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The Develop...
Ep. 33: Holiday Gift Security Considerations 24.11.2015 18:38
James discussing some things to consider this holiday season when searching for that perfect gift. It is important to understand the privacy policy (what is collected and how it is used) as well as the technologies the gift uses (Bluetooth, wifi, etc). This discussion addresses both consumers and the companies that create these gifts. For more info go to https://www.developsec.com or follow us...
Ep. 32: Dynamic Analysis: An Overview 21.11.2015 22:27
James Jardine provides an overview of Dynamic Analysis and why it is important. Like any automation, there are pros and cons. Listen to find out why dynamic analysis is useful. Some links to some dynamic analysis options that are available: WhiteHat Security (http://www.whitehatsec.com) HP - Web Inspect (http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/) IBM App S...
Ep. 31: Response Splitting and Header Injection 09.11.2015 18:40
Join James Jardine as he discusses what Response Splitting/Header Injection is and how it works. He also discusses how ASP.Net helps defend against this attack. This is a quick overview of the vulnerability and a great starting point for anyone learning security concepts. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is...
Podcasts similares
Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos