Jardine Software Inc.

DevelopSec: Developing Security Awareness

Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.

Autor

Jardine Software Inc.

Categoría

Technology

Web del podcast

podcast.developsec.com

Último episodio

30 de ene. de 2026

¿Dónde escuchar?

Podcasts en la app Replaio Radio Muy pronto

Los podcasts llegarán muy pronto a la app. Instálala ahora y sé el primero en descubrir una forma totalmente nueva de vivir los podcasts

Descárgala en Google Play Instálala gratis Android 5 M+ de descargas · valoración de 4,8 iOS muy pronto

Episodios

Newscast - Oct. 20, 2015 20.10.2015

Hi and welcome to the DevelopSec newscast for October 20th, 2015.  I am James Jardine and I wanted to take a few moments to talk about some recent news stories over the past week. Apple removes several apps that could spy on encrypted traffic - http://arstechnica.com/security/2015/10/apple-removes-several-apps-that-could-spy-on-encrypted-traffic/ , http://www.theregister.co.uk/2015/10/09/apple_bor...

Newscast - Sept. 30, 2015 01.10.2015

James breaks down a few news stories from the previous week.  The following stories were discussed, including some brief points.   Microsoft Accidentally pushes test patch http://www.zdnet.com/article/microsoft-accidentally-issued-a-test-windows-update-patch/ Of course the community assumes hack. Oversight that allowed a test patch to be released. They are working to remove it. Credit Card Liabili...

Newscast - Sept. 23, 2015 24.09.2015

James breaks down a few news stories from the previous week.  The following stories were discussed, including some brief points. $1 million bounty for iOS 9 hack http://www.wired.com/2015/09/spy-agency-contractor-puts-1m-bounty-iphone-hack/ Zerodium announced 1 million dollar bounty for hack that can take over an iOS device remotely, via web page, vulnerable app or text message Terms of offer dema...

Ep. 30: HTTP Strict Transport Security (HSTS): Intro 18.09.2015

James talks about HTTP Strict Transport Security (HSTS) and what it is for.  For more information, check out the corresponding post https://www.developsec.com/2015/09/17/http-strict-transport-security-hsts-overview/ that has links to other references. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardi...

Ep. 29: FTC Start with Security Guidelines 30.07.2015

Just recently, the FTC released "Start with Security: A Guide for Busines" which is a set of 10 items businesses can do to help secure their assetts.  The full guide can be found at https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business.    James Jardine breaks gives an overview of the 10 items provided in the document. If you are a business, these are som...

Ep. 28: What is Penetration Testing 17.07.2015

In this episode, James Jardine talks about what penetration testing, "pen testing", is and how it really has a lot of meanings to different people.  A pen test isn't something that should be considered negative, rather it is a positive approach to helping identify security risks to your organization.  Send us Fan Mail For more info go to https://www.developsec.com or follow us on X...

Ep. 27: Importance of Security for BA and PM 18.06.2015

In this episode James covers some thoughts on how business analysts and project managers are crucial to the security role for applications.  It doesn't take a huge change in the way work is done and the domino affect carries all the way through to QA.  Accompanying Blog Post: https://www.developsec.com/2015/06/01/business-analysts-and-product-managers-security-roles/   Follow us on Twitter: @...

Ep. 26: The Importance of Security for QA 26.05.2015

QA plays a crucial role in testing for security flaws within applications.  They have the Proximity, Knowledge of the Application and it is an extension to the role they currently fill.  James Jardine discusses why security testing is critical to the QA role.  Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you...

Ep. 25: Static Analysis: Analyzing the Options 10.04.2015

Static analysis is an important part of the secure development lifecycle.  There are some things to think about when you are considering a static analysis option.  James discusses the questions in this episode. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc. 

Ep. 24: The Importance of Baselines 02.04.2015

Understanding baselines of our networks, applications, traffice, etc is important to identifying security issues.  James Jardine shares some thoughts on the need for these baselines and why they are important.  There is a quick write up on this topic at https://www.developsec.com. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podc...

Ep. 23: 3rd Party CMS Security Thoughts 11.03.2015

CMS platforms are an easy way to get content to the internet, but we still have to consider security.   James talks about some of the concerns and things to think about when thinking about these security features.  For a more details, check out the blog post at https://www.developsec.com. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The Develop...

Ep. 22: Black lists vs. White Lists 19.02.2015

I came across an interesting tweet https://twitter.com/suffert/status/567486188383379456  depicting a good example of a black list that didn't quite cover everything I think they wanted too.    This episode discusses the difference between black and white lists and some of the things to watch out for. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @develop...

Ep. 21: Sensitive Data and Storage 04.02.2015

James talks about the need for developers, QA, business analysts and project managers to understand the type of application they are creating and the requirements around sensitive data.    Reference Links from the podcast: http://www.njleg.state.nj.us/2014/Bills/S1000/562_R1.PDF http://laws.flrules.org/2014/189 Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @de...

EP. 20: MoonPig Take-aways 09.01.2015

I discuss the lessons learned from the recent Moonpig security disclosure.  This is full of information for a developer or QA tester.   For more information, visit https://www.developsec.com Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc. 

Ep. 19: Target Environments 30.11.2014

Are you looking to test our your security skills?  There are lots of targets that are freely available to you that can be quite helpful.  The good news is you won't be getting in trouble for hacking these applications.  Here is a short list of some of the targets that exist for you to practice your web hacking skills. Vulnerable Apps: hackazon - http://www.ntobjectives.com/hackazon/ bWAPP - h...

Ep. 18: Planning for an Assessment 12.10.2014

No matter what size company you are, sooner or later you will be subject to some form of security assessment.  Whether that is a penetration test, architecture review, code review or some other assessment.  It is important to be prepared.  Have the documentation needed when the engagement starts.  Most importantly, be honest to any questions and don't try and hide things.  The point is to get...

Ep. 17: Authorization 03.10.2014

Are you sure you are performing proper authorization checks everyplace?  What does Authorization even mean?  James Jardine talks about Authorization and how QA, Dev and others can reinforce its implementation. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc. 

Ep. 16: The Cloud: Is it Safe? 05.09.2014

In this episode, James Jardine talks about the recent breaches regarding cloud services and whether or not we should be running for the hills.  Lets focus on the real issue, not the hype of nude photos.  Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc. 

Ep. 15: Security Testing - QA can do this!! 22.08.2014

In this episode, James talks about security testing... scratch that, testing.  There really is no difference between security testing and regular testing.  The app is functioning in a way it was not designed to.  QA can do this.   Developers can do this.  Listen to find out some of the ways that we can help move this forward to get our internal teams testing better. Send us Fan Mail For more info...

Ep. 14: Input Validation and Output Encoding 27.07.2014

The debate is out there, which is more important.  I discuss what they are and how they both play a key role in securing an application. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc. 

Ep. 13: Introduction to Cross Site Scripting 27.06.2014

This episode gives a high level overview of what XSS is and why it is of concern.  Future episodes will dig deeper into the vulnerability. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc. 

DS: Ep 12: Ebay hacked. All about Cookies 27.05.2014

We discuss a little about eBay and their unfortunate hack, how sourceforge has upgraded their password storage and a lot about cookies.   What are cookies, how are they used, how do we secure them.  Lots of great information about cookies.  Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software...

Ep. 11: Not your Grandpa's Phishing 09.05.2014

In this episode, we talk about phishing.  Mass email and spear phishing.  What you should know about the topic and how to protect yourself. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc. 

Ep. 10: Threat Modeling 25.04.2014

This episode introduces the new Microsoft Threat Modeling Tool 2014.  No more requirement for Visio..  woohoo.   Lots of talk about threat modeling and its benefits.   Threat Modeling Tool 2014: http://download.microsoft.com/download/3/8/0/3800050D-2BE7-4222-8B22-AF91D073C4FA/MSThreatModelingTool2014.msi   Threat Modeling (book by Adam Shostack): http://www.amazon.com/Threat-Modeling-Designing-Ada...

Ep. 9: Windows XP and HeartBleed 11.04.2014

In this episode we take a look at the two hottest topics.. Windows XP End of Life and Heartbleed.  If you haven't heard of either of these, your under a rock (and you should listen).   This is not an in-depth analysis of these, but just general thoughts on them. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought...

Escucha el podcast DevelopSec: Developing Security Awareness en Replaio

Radio y podcasts en una sola app - gratis y sin registro. Instálala hoy y no te pierdas el estreno

Descárgala en Google Play

Replaio no es editor de podcasts; los nombres de los programas, las portadas y el audio pertenecen a sus autores y se distribuyen a través de canales RSS públicos