DevelopSec: Developing Security Awareness

We are too quick to just give generic recommendations for resolving security vulnerabilities.  We need to make sure that the application teams understand why these are vulnerabilities and why they ar…

When a developer was presented with a but they tried to say that it wasn't an issue because it was found by a tester using a Mac.  "We don't support Macs"   James talks about how this is a fundamenta…

James reflects on the current way we expect application teams to get security training and potential short falls.  Is there a better way?  Listen as I talk through some different points on the topic.…

How do you get your secure coding information?  Do you pull code snippets from the internet?  Who doesn't.  How many of those actually use secure coding best practices.  We have a challenge where mos…

Do you use an application inventory in your application security program?  James discusses what an application inventory is and why it is important.  Here is a list of a few tools that can be used to…

Penetration tests provide a measuring stick for security, but are you missing out on additional value?  James discusses ways to use the pen test results to get more value out of a penetration test.

J…

James discusses what authentication is and some things to look out for. 

For more info go to https://www.developsec.com or follow us on twitter (@developsec).

Presented by Jardine Software Inc. (http…

In this episode, James Jardine talks about some of the things you need to consider when trying to implement a static analysis program. It is more than just a tool you drop in.  To build a successful …

James Jardine discusses CSRF chaining, using the combination of multiple CSRF requests to perform a task. Typically we believe that CSRF can only be done with one request, but with a little javascrip…

In this episode, James talks about what CSRF is, why it is a risk, and different ways to protect against it.  CSRF is #8 on the OWASP Top 10 https://www.owasp.org/index.php/Top_10_2013-A8-Cross-Site_…

James discusses Open Redirects, or on the OWASP Top 10 what is referred to as Unvalidated Redirects and Forwards (https://www.owasp.org/index.php/Top_10_2013-A10-Unvalidated_Redirects_and_Forwards)  …

James discusses Hacking, what is it, why is it important.  It is more than what you see in the media of the bad guys hacking computers.  It is a curiosity, a hobby, an interesting in pushing limits. …

James discussing some things to consider this holiday season when searching for that perfect gift.  It is important to understand the privacy policy (what is collected and how it is used) as well as …

James Jardine provides an overview of Dynamic Analysis and why it is important.  Like any automation, there are pros and cons.   Listen to find out why dynamic analysis is useful. 

Some links to some…

Join James Jardine as he discusses what Response Splitting/Header Injection is and how it works.  He also discusses how ASP.Net helps defend against this attack. 

This is a quick overview of the vulne…

Hi and welcome to the DevelopSec newscast for October 20th, 2015.  I am James Jardine and I wanted to take a few moments to talk about some recent news stories over the past week.

• Apple removes severa…

James breaks down a few news stories from the previous week.  The following stories were discussed, including some brief points.

• Microsoft Accidentally pushes test patch http://www.zdnet.com/article/…

James breaks down a few news stories from the previous week.  The following stories were discussed, including some brief points.

• $1 million bounty for iOS 9 hack http://www.wired.com/2015/09/spy-agenc…

James talks about HTTP Strict Transport Security (HSTS) and what it is for.  For more information, check out the corresponding post https://www.developsec.com/2015/09/17/http-strict-transport-securit…

Just recently, the FTC released "Start with Security: A Guide for Busines" which is a set of 10 items businesses can do to help secure their assetts.  The full guide can be found at https://www.ftc.g…