Jardine Software Inc.
DevelopSec: Developing Security Awareness
Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.
Auteur
Jardine Software Inc.
Catégorie
Site du podcast
Dernier épisode
30 janv. 2026
Où écouter ?
Les podcasts dans l'appli Replaio Radio Bientôt disponibleLes podcasts arrivent très bientôt dans l'appli. Installe-la dès maintenant et découvre en avant-première une toute nouvelle façon de vivre les podcasts
Épisodes
Newscast - Oct. 20, 2015 20.10.2015 26:16
Hi and welcome to the DevelopSec newscast for October 20th, 2015. I am James Jardine and I wanted to take a few moments to talk about some recent news stories over the past week. Apple removes several apps that could spy on encrypted traffic - http://arstechnica.com/security/2015/10/apple-removes-several-apps-that-could-spy-on-encrypted-traffic/ , http://www.theregister.co.uk/2015/10/09/apple_bor...
Newscast - Sept. 30, 2015 01.10.2015 23:52
James breaks down a few news stories from the previous week. The following stories were discussed, including some brief points. Microsoft Accidentally pushes test patch http://www.zdnet.com/article/microsoft-accidentally-issued-a-test-windows-update-patch/ Of course the community assumes hack. Oversight that allowed a test patch to be released. They are working to remove it. Credit Card Liabili...
Newscast - Sept. 23, 2015 24.09.2015 15:31
James breaks down a few news stories from the previous week. The following stories were discussed, including some brief points. $1 million bounty for iOS 9 hack http://www.wired.com/2015/09/spy-agency-contractor-puts-1m-bounty-iphone-hack/ Zerodium announced 1 million dollar bounty for hack that can take over an iOS device remotely, via web page, vulnerable app or text message Terms of offer dema...
Ep. 30: HTTP Strict Transport Security (HSTS): Intro 18.09.2015 14:41
James talks about HTTP Strict Transport Security (HSTS) and what it is for. For more information, check out the corresponding post https://www.developsec.com/2015/09/17/http-strict-transport-security-hsts-overview/ that has links to other references. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardi...
Ep. 29: FTC Start with Security Guidelines 30.07.2015 24:58
Just recently, the FTC released "Start with Security: A Guide for Busines" which is a set of 10 items businesses can do to help secure their assetts. The full guide can be found at https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business. James Jardine breaks gives an overview of the 10 items provided in the document. If you are a business, these are som...
Ep. 28: What is Penetration Testing 17.07.2015 20:45
In this episode, James Jardine talks about what penetration testing, "pen testing", is and how it really has a lot of meanings to different people. A pen test isn't something that should be considered negative, rather it is a positive approach to helping identify security risks to your organization. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X...
Ep. 27: Importance of Security for BA and PM 18.06.2015 15:54
In this episode James covers some thoughts on how business analysts and project managers are crucial to the security role for applications. It doesn't take a huge change in the way work is done and the domino affect carries all the way through to QA. Accompanying Blog Post: https://www.developsec.com/2015/06/01/business-analysts-and-product-managers-security-roles/ Follow us on Twitter: @...
Ep. 26: The Importance of Security for QA 26.05.2015 22:20
QA plays a crucial role in testing for security flaws within applications. They have the Proximity, Knowledge of the Application and it is an extension to the role they currently fill. James Jardine discusses why security testing is critical to the QA role. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you...
Ep. 25: Static Analysis: Analyzing the Options 10.04.2015 17:09
Static analysis is an important part of the secure development lifecycle. There are some things to think about when you are considering a static analysis option. James discusses the questions in this episode. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
Ep. 24: The Importance of Baselines 02.04.2015 14:44
Understanding baselines of our networks, applications, traffice, etc is important to identifying security issues. James Jardine shares some thoughts on the need for these baselines and why they are important. There is a quick write up on this topic at https://www.developsec.com. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podc...
Ep. 23: 3rd Party CMS Security Thoughts 11.03.2015 21:35
CMS platforms are an easy way to get content to the internet, but we still have to consider security. James talks about some of the concerns and things to think about when thinking about these security features. For a more details, check out the blog post at https://www.developsec.com. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The Develop...
Ep. 22: Black lists vs. White Lists 19.02.2015 16:35
I came across an interesting tweet https://twitter.com/suffert/status/567486188383379456 depicting a good example of a black list that didn't quite cover everything I think they wanted too. This episode discusses the difference between black and white lists and some of the things to watch out for. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @develop...
Ep. 21: Sensitive Data and Storage 04.02.2015 19:59
James talks about the need for developers, QA, business analysts and project managers to understand the type of application they are creating and the requirements around sensitive data. Reference Links from the podcast: http://www.njleg.state.nj.us/2014/Bills/S1000/562_R1.PDF http://laws.flrules.org/2014/189 Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @de...
EP. 20: MoonPig Take-aways 09.01.2015 23:11
I discuss the lessons learned from the recent Moonpig security disclosure. This is full of information for a developer or QA tester. For more information, visit https://www.developsec.com Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
Ep. 19: Target Environments 30.11.2014 20:22
Are you looking to test our your security skills? There are lots of targets that are freely available to you that can be quite helpful. The good news is you won't be getting in trouble for hacking these applications. Here is a short list of some of the targets that exist for you to practice your web hacking skills. Vulnerable Apps: hackazon - http://www.ntobjectives.com/hackazon/ bWAPP - h...
Ep. 18: Planning for an Assessment 12.10.2014 18:56
No matter what size company you are, sooner or later you will be subject to some form of security assessment. Whether that is a penetration test, architecture review, code review or some other assessment. It is important to be prepared. Have the documentation needed when the engagement starts. Most importantly, be honest to any questions and don't try and hide things. The point is to get...
Ep. 17: Authorization 03.10.2014 19:40
Are you sure you are performing proper authorization checks everyplace? What does Authorization even mean? James Jardine talks about Authorization and how QA, Dev and others can reinforce its implementation. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
Ep. 16: The Cloud: Is it Safe? 05.09.2014 20:03
In this episode, James Jardine talks about the recent breaches regarding cloud services and whether or not we should be running for the hills. Lets focus on the real issue, not the hype of nude photos. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
Ep. 15: Security Testing - QA can do this!! 22.08.2014 23:36
In this episode, James talks about security testing... scratch that, testing. There really is no difference between security testing and regular testing. The app is functioning in a way it was not designed to. QA can do this. Developers can do this. Listen to find out some of the ways that we can help move this forward to get our internal teams testing better. Send us Fan Mail For more info...
Ep. 14: Input Validation and Output Encoding 27.07.2014 13:22
The debate is out there, which is more important. I discuss what they are and how they both play a key role in securing an application. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
Ep. 13: Introduction to Cross Site Scripting 27.06.2014 14:57
This episode gives a high level overview of what XSS is and why it is of concern. Future episodes will dig deeper into the vulnerability. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
DS: Ep 12: Ebay hacked. All about Cookies 27.05.2014 19:56
We discuss a little about eBay and their unfortunate hack, how sourceforge has upgraded their password storage and a lot about cookies. What are cookies, how are they used, how do we secure them. Lots of great information about cookies. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software...
Ep. 11: Not your Grandpa's Phishing 09.05.2014 14:57
In this episode, we talk about phishing. Mass email and spear phishing. What you should know about the topic and how to protect yourself. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought to you by Jardine Software Inc.
Ep. 10: Threat Modeling 25.04.2014 14:58
This episode introduces the new Microsoft Threat Modeling Tool 2014. No more requirement for Visio.. woohoo. Lots of talk about threat modeling and its benefits. Threat Modeling Tool 2014: http://download.microsoft.com/download/3/8/0/3800050D-2BE7-4222-8B22-AF91D073C4FA/MSThreatModelingTool2014.msi Threat Modeling (book by Adam Shostack): http://www.amazon.com/Threat-Modeling-Designing-Ada...
Ep. 9: Windows XP and HeartBleed 11.04.2014 12:05
In this episode we take a look at the two hottest topics.. Windows XP End of Life and Heartbleed. If you haven't heard of either of these, your under a rock (and you should listen). This is not an in-depth analysis of these, but just general thoughts on them. Send us Fan Mail For more info go to https://www.developsec.com or follow us on X ( @developsec ). The DevelopSec podcast is brought...
Podcasts similaires
Replaio n'est pas éditeur de podcasts ; les noms des émissions, les visuels et l'audio appartiennent à leurs auteurs et sont diffusés via des flux RSS publics