Jardine Software Inc.
DevelopSec: Developing Security Awareness
Curious about application security? Want to learn how to detect security vulnerabilities and protect your application. We discuss different topics and provide valuable insights into the world of application security.
Author
Jardine Software Inc.
Category
Podcast website
Latest episode
Jan 30, 2026
Where to listen?
Podcasts in the app Replaio Radio Coming soonPodcasts are coming to the app soon. Install now and be the first to see a whole new take on podcasts
Episodes
Ep. 79: Marketing with USB Drives 31.07.2017 15:40
James talks about the risk of USB thumb drives and their risk using the recent BCBS marketing campaign as an example. ( http://www.fiercehealthcare.com/privacy-security/bcbs-alabama-re-evaluates-usb-marketing-campaign-amid-security-concerns ). For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@deve...
Ep. 78: MySpace Lessons - Looking At Account Recovery 24.07.2017 19:14
James talks about a recent vulnerability report regarding MySpace's Account Recovery system ( https://www.wired.com/story/myspace-security-account-takeover/ ). He talks about considerations around account recovery and the need to revisit this type of functionality on a regular basis. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversation...
Ep. 77: Interactive Application Security Testing 07.07.2017 14:47
In this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach that is similar to both dynamic and static analysis. Listen in to learn more about it. The video version of this can be found at https://youtu.be/KHSlDletm9I For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our sl...
Ep. 76: Validation - Client vs. Server 19.06.2017 13:09
Are you thinking about client vs. server-side input validation? Curious why each is important and when to use them? James talks about the basic concepts and how to apply them to create more secure applications. A video version of this podcast is now available at: https://youtu.be/irO1TOC6-i8 For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversa...
Ep. 75: IAM with Geurt van Wijk 05.06.2017 41:45
In this episode I sit down with Geurt van Wijk from IDdriven to discuss IAM and IDaaS. Geurt has many years of experience around Identity and shares some great insights into considerations when working with it. If you typically think of Identity as just a user with credentials and some typical roles, you will want to listen in. You can get more information about IDdrive from https://www.iddriven.c...
Ep. 74: Audio Driver Key Logger Lessons Learned 24.05.2017 16:25
It was recently reported that an audio driver on HP systems was logging key strokes to a local file. Accidental? Malicious? Instead, we talk about how to try and avoid this from happening in the future. Original Article: https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/ For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the c...
Ep. 73: Identity with Vittorio Bertocci 17.05.2017 30:26
I sat down with Vittorio Bertocci from Microsoft at the Microsoft Build 2017 conference in Seattle Washington. Vittorio shared some great insights into Identity and some new things around Azure AD and Azure AD B2C. Listen in to learn more about some of the interesting things going on. You can watch Vittorio's presentation from build at: https://channel9.msdn.com/Events/Build/2017/B8084 To...
Ep. 72: Where to Perform Output Encoding 11.05.2017 13:37
Over the years I have had many people ask about encoding before storing data in the database. Here are my thoughts and recommendations. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation. Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine...
Ep. 71: Sub Resource Integrity 17.04.2017 14:47
Do you use hosted content on a CDN? How do you know the file hasn't been modified? James describes Sub Resource Integrity and how it is used to help detect and prevent loading modified files. For details referenced in the show about commands and examples, check out our post at https://www.developsec.com/2017/04/16/sub-resource-integrity-sri/ For more info go to https://www.developsec.com or...
Ep. 70: Considering security when selecting an application platform 27.03.2017 21:02
Do you struggle with trying to pick the most secure application platform? Are you focusing on the right questions? James talks about ways to look at application platforms and be secure, no matter which one you choose. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitatio...
Ep. 69: Concurrent User Sessions 10.03.2017 21:23
Do you allow users to login into their accounts across multiple browsers or devices? Does this raise a security concern? James talks about how to handle this question and analyze the root issue. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security...
Ep. 68: How the AWS disruption can help us 03.03.2017 15:22
I am sure you have heard about the AWS service disruption that occurred. Have you seen how we can learn from this when we look at our own tools and processes? James talks about how we need to look at our own applications and tools and consider how time has changed the landscape. There might be more than you think. For more info go to https://www.developsec.com or follow us on twitter ( @develop...
Ep. 67: Clearing up HTTPOnly and Secure Cookie Attributes 24.02.2017 9:23
I hear a lot of people struggling with HTTPOnly and Secure attributes on cookies. The names may be confusing to some. Change your viewpoint and it may become easier.. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application security consulting and training to...
Ep. 66: Forgot Username 22.02.2017 14:45
We always talk about Forgot Password... But what about Forgot Username? Listen in as James discusses why protecting this functionality is important and the ways it could be abused if not properly handled. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides applicatio...
Ep. 65: Security Questions: Good or Bad? 15.02.2017 18:07
In this episode, James talks about security questions, or secret questions. We see them used in many different places. People complain they are horrible. So are they that bad that you shouldn't use them? Is it possible to help reduce the risk with security questions? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( htt...
Ep. 64: Using Stolen Passwords to Protect User Accounts 23.01.2017 14:27
A few months ago, it was announced that some companies buy stolen passwords off of the black market to help protect their users. This is done by determining if the user's password was part of that list and forcing a reset. James talks about the idea and raises some interesting questions. What do you think about the tactic? For more info go to https://www.developsec.com or follow us on twit...
Ep. 63: Remember Me Feature: Security Considerations 17.01.2017 15:06
Are you, or have you, implemented a remember me feature for your application? What do you remember, username, password, or both? James talks about some security considerations around implementing a remember me feature for your application. For more info go to https://www.developsec.com or follow us on twitter ( @developsec ). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com )...
Ep. 62: MongoDB Ransomware Attacks 10.01.2017 13:53
Do you use MongoDB? If so, is it exposed to the internet? Recent news (listed below) had shown that a large number of MongoDB instances are being infected with ransomware. James talks about the issue and ways to help ensure you are not the next victim. Link to original article: http://arstechnica.com/security/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/ For m...
Ep. 61: Multi-factor Authentication 05.01.2017 17:24
Implementing multi-factor authentication isn't just about a second factor. There are many considerations that need to be included. One in particular, how do you handle the user losing their means of that second factor. James talks about thinking this through. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://w...
Ep. 60: Yahoo Breach Takeaways 15.12.2016 18:49
Yahoo has announced yet another breach from back in 2013 affecting a very large number of user accounts. https://investor.yahoo.net/ReleaseDetail.cfm?&ReleaseID=1004285 This creates an opportunity to discuss password storage and the storage of security answers. Find out what we can takeaway from this incident. For more info go to https://www.developsec.com or follow us on twitter (@develop...
Ep. 59: All About Cookie Protection 14.12.2016 23:06
It is the holiday season. It is appropriate to talk about cookies. Not the kind that you bake, but the ones in your applications. James talks about the security mechanisms for cookies and clarifies what they are for. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provi...
Ep. 58: "Untrusted" Data 16.11.2016 21:40
Have you heard someone mention "untrusted" data? Applications take data from multiple data sources and we are often confused on what should be trusted or not. In this episode, James Jardine talks about untrusted data and some thoughts for moving past it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://...
Ep. 57: Source Code Review 04.11.2016 21:59
Are you an organization looking to do source code review? Are you trying to hire a pen tester with source code review as a duty? James talks about Secure Code Review and some common implementations. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Presented by Jardine Software Inc. ( https://www.jardinesoftware.com ) Jardine Software provides application s...
Ep. 56: Security Contacts 26.10.2016 12:32
Do you have a clear path for users to contact you about potential security issues in your application or device? Is there a potential for the communication to be lost in the mix? James talks about how it is important for users to have a clear path to communication when it comes to reporting security issues. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Pr...
Ep. 55: Scoping an application security assessment (Applications) 28.09.2016 12:03
Having a penetration test performed against your applications? Do you have mobile and web applications performing the same functionality? James talks about the reason behind doing these assessments at the same time vs. separate. See why testing your entire offering can add benefit to your security assessment. Link to DerbyCon Presentation For more info go to https://www.developsec.com or follo...
Similar podcasts
Replaio is not a podcast publisher; show names, artwork and audio belong to their authors and are distributed through public RSS feeds.