Podbean logo
  • Discover
  • Podcast Features
    • Podcast Hosting

      Start your podcast with all the features you need.
    • Podbean AI Podbean AI

      AI-Enhanced Audio Quality and Content Generation.
    • Blog to Podcast

      Repurpose your blog into an engaging podcast.
    • Video to Podcast

      Convert YouTube playlists to podcasts, videos to audios.
  • Monetization
    • Ads Marketplace

      Join Ads Marketplace to earn through podcast sponsorships.
    • PodAds

      Manage your ads with dynamic ad insertion capability.
    • Apple Podcasts Subscriptions Integration

      Monetize with Apple Podcasts Subscriptions via Podbean.
    • Live Streaming

      Earn rewards and recurring income from Fan Club membership.
  • Podbean App
    • Podcast Studio

      Easy-to-use audio recorder app.
    • Podcast App

      The best podcast player & podcast app.
  • Help and Support
    • Help Center

      Get the answers and support you need.
    • Podbean Academy

      Resources and guides to launch, grow, and monetize podcast.
    • Podbean Blog

      Stay updated with the latest podcasting tips and trends.
    • What’s New

      Check out our newest and recently released features!
    • Podcasting Smarter

      Podcast interviews, best practices, and helpful tips.
  • Popular Topics
    • How to Start a Podcast

      The step-by-step guide to start your own podcast.
    • How to Start a Live Podcast

      Create the best live podcast and engage your audience.
    • How to Monetize a Podcast

      Tips on making the decision to monetize your podcast.
    • How to Promote Your Podcast

      The best ways to get more eyes and ears on your podcast.

    • Podcast Advertising 101

      Everything you need to know about podcast advertising.
    • Mobile Podcast Recording Guide

      The ultimate guide to recording a podcast on your phone.
    • How to Use Group Recording

      Steps to set up and use group recording in the Podbean app.
  • All Arts Business Comedy Education
  • Fiction Government Health & Fitness History Kids & Family
  • Leisure Music News Religion & Spirituality Science
  • Society & Culture Sports Technology True Crime TV & Film
  • Live
  • How to Start a Podcast
  • How to Start a Live Podcast
  • How to Monetize a podcast
  • How to Promote Your Podcast
  • How to Use Group Recording
  • Log in
  • Start your podcast for free
  • Podcasting
    • Podcast Features
      • Podcast Hosting

        Start your podcast with all the features you need.
      • Podbean AI Podbean AI

        AI-Enhanced Audio Quality and Content Generation.
      • Blog to Podcast

        Repurpose your blog into an engaging podcast.
      • Video to Podcast

        Convert YouTube playlists to podcasts, videos to audios.
    • Monetization
      • Ads Marketplace

        Join Ads Marketplace to earn through podcast sponsorships.
      • PodAds

        Manage your ads with dynamic ad insertion capability.
      • Apple Podcasts Subscriptions Integration

        Monetize with Apple Podcasts Subscriptions via Podbean.
      • Live Streaming

        Earn rewards and recurring income from Fan Club membership.
    • Podbean App
      • Podcast Studio

        Easy-to-use audio recorder app.
      • Podcast App

        The best podcast player & podcast app.
  • Advertisers
  • Enterprise
  • Pricing
  • Resources
    • Help and Support
      • Help Center

        Get the answers and support you need.
      • Podbean Academy

        Resources and guides to launch, grow, and monetize podcast.
      • Podbean Blog

        Stay updated with the latest podcasting tips and trends.
      • What’s New

        Check out our newest and recently released features!
      • Podcasting Smarter

        Podcast interviews, best practices, and helpful tips.
    • Popular Topics
      • How to Start a Podcast

        The step-by-step guide to start your own podcast.
      • How to Start a Live Podcast

        Create the best live podcast and engage your audience.
      • How to Monetize a Podcast

        Tips on making the decision to monetize your podcast.
      • How to Promote Your Podcast

        The best ways to get more eyes and ears on your podcast.

      • Podcast Advertising 101

        Everything you need to know about podcast advertising.
      • Mobile Podcast Recording Guide

        The ultimate guide to recording a podcast on your phone.
      • How to Use Group Recording

        Steps to set up and use group recording in the Podbean app.
  • Discover
    • Log in
    Sign up free
BrakeSec Education Podcast

BrakeSec Education Podcast

News:Tech News

Josh Grossman - building Appsec programs, bridging security and developer gaps

Josh Grossman - building Appsec programs, bridging security and developer gaps

2024-04-15
Download Right click and do "save link as"

Youtube VOD: https://youtu.be/G3PxZFmDyj4

 

#appsec, #owasp, #ASVS, #joshGrossman, #informationsecurity, #SBOM, #supplychain, #podcast, #twitch, #brakesec, #securecoding, #Codeanalysis


Questions and topics:

1. The background to the topic, why is it something that interests you?
How do you convince developers to take your course?

2. What do you think the root cause of the gap is?

3. Who is causing the gaps? (‘go fast’ culture, overzealous security, GRC requirements, basically everyone?)

4. Where do gaps begin? Is it the ‘need’ to ‘move fast’?

5. What can devs do to involve security in their process? Sprint planning? SCA tools?

6. How have you seen this go wrong at organizations?

7. How important is it to have security early in the product development process?

8. What sort of challenges do you think mainstream security people face in AppSec scenarios?

9. How does Product Security differ from Application Security? (what if the product is an application?)

10. What are the key development concepts that security people need to be familiar with to effectively get involved in AppSec/ProdSec?

11.. How do you suggest a security team approach AppSec/ProdSec?
               Leadership buy-in
               Effective/valuable processes
               Tools should achieve a goal

12. SBOM - NTIA is asking for it, How to get dev teams to care.

13. Key takeaways?

Additional information / pertinent LInks (Would you like to know more?):
BlackHat Training: https://www.blackhat.com/us-24/training/schedule/index.html#accelerated-appsec--hacking-your-product-security-programme-for-velocity-and-value-virtual-37218

https://www.walkme.com/blog/leadership-buy-in/

https://www.bouncesecurity.com/

https://www.teamgantt.com/blog/raci-chart-definition-tips-and-example

https://www.cisa.gov/sbom

SCA Tools https://chpk.medium.com/top-10-software-composition-analysis-sca-tools-for-devsecops-85bd3b7512dd 

https://semgrep.dev/ 

https://www.linkedin.com/in/joshcgrossman 

https://owasp.org/www-project-application-security-verification-standard/ 

https://github.com/OWASP/ASVS/tree/master/5.0

https://owasp.org/www-project-cyclonedx/

https://joshcgrossman.com/

PyCon talk about custom security testing: https://www.youtube.com/watch?v=KuNZzDjvMlg 

Michal's Black Hat course - Accurate and Scalable: Web Application Bug Hunting: https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-37210 

https://www.blackhat.com/us-24/training/schedule/index.html#accurate-and-scalable-web-application-bug-hunting-372101705524544 

ASVS website: https://owasp.org/asvs 

Lightning talk I did recently about OWASP: https://www.bouncesecurity.com/eventspast#f86548cb37cb2a82728b1762bd1b7aee 


Show points of Contact:
Amanda Berlin: @infosystir @hackershealth 
Brian Boettcher: @boettcherpwned
Bryan Brake: https://linkedin.com/in/brakeb 
Brakesec Website: https://www.brakeingsecurity.com
Youtube channel: https://youtube.com/@brakeseced
Twitch Channel: https://twitch.tv/brakesec

view more

More Episodes

2019-046-end of the year, end of the decade, predictions, and how we've all changed
2019-12-23
2019-045-Part 2-Noid, Dave Dittrich, empowered teams, features vs. security
2019-12-18
2019-044-Noid and Dave Dittrich discusses recent keybase woes - Part 1
2019-12-10
2019-043-Bea Hughes, dealing with realistic threats in your org
2019-12-04
2019-042-CircuitSwan, Gitlabs, Job descriptions that don't suck, layer8con
2019-11-27
2019-041-circuitswan, diana initiative, diversity initiatives at conferences
2019-11-21
2019-040-vulns in cisco kit, google's project 'nightmare', healthcare data issues, TAGNW conference update
2019-11-12
2019-039-bluekeep_weaponized-npm_security_cracks-grrcon_report
2019-11-04
2019-038-Deveeshree_Nayak-risk_analysis, and OWASP WIA
2019-10-30
2019-038- Ethical dilemmas with offensive tools, powershell discussion with Lee Holmes - Part2
2019-10-22
2019-037-Lee Holmes, Powershell logging, and why there's an 'execution bypass'
2019-10-17
2019-036-RvrShell-graphql_defense-Part2
2019-10-09
2019-035-Matt_szymanski-attack and defense of GraphQL-Part1
2019-10-02
2019-034- Tracy Maleeff, empathy as a service, derbycon discussion
2019-09-22
2019-033-Part 2 of the Kubernetes security audit discussion (Jay Beale & Aaron Small)
2019-09-16
the last Derbycon Brakesec podcast
2019-09-07
2019-032-kubernetes security audit dicussion with Jay Beale and Aaron Small
2019-08-31
2019-031- Dissecting a Social engineering attack (Part 2)
2019-08-16
2019-030-news, breach of PHI, sephora data breach
2019-08-09
2019-029-dissecting a real Social engineering attack (part 1)
2019-08-01
  • ←
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • →
012345678910111213141516171819

Get this podcast on your
phone, FREE

Download Podbean app on App Store Download Podbean app on Google Play

Create your
podcast in
minutes

  • Full-featured podcast site
  • Unlimited storage and bandwidth
  • Comprehensive podcast stats
  • Distribute to Apple Podcasts, Spotify, and more
  • Make money with your podcast
Get started

It is Free

  • Podcast Services

    • Podcast Features
    • Pricing
    • Enterprise Solution
    • Private Podcast
    • The Podcast App
    • Live Stream
    • Audio Recorder
    • Remote Recording
    • Podbean AI
  •  
    • Create a Podcast
    • Video Podcast
    • Start Podcasting
    • Start Radio Talk Show
    • Create a Podcast for Spotify
    • Education Podcast
    • Church Podcast
    • Get Sermons Online
    • Free Audiobooks

  • MONETIZATION & MORE

    • Podcast Advertising
    • Dynamic Ads Insertion
    • Apple Podcasts Subscriptions
    • AI Podcast Creator
    • Blog to Podcast
    • YouTube to Podcast
    • Submit Your Podcast
    • Switch to Podbean
    • Podbean Plugins

  • KNOWLEDGE BASE

    • How to Start a Podcast
    • How to Start a Live Podcast
    • How to Monetize a Podcast
    • How to Promote Your Podcast
    • Mobile Podcast Recording Guide
    • How to Use Group Recording
    • Podcast Advertising 101

  • Support

    • Support Center
    • What’s New
    • Free Webinars
    • Podcast Events
    • Podbean Academy
    • Podbean Amplified Podcast
    • Badges
    • Resources
    • Developers

  • Podbean

    • About Us
    • Podbean Blog
    • Careers
    • Press and Media
    • Green Initiative
    • Affiliate Program
    • Contact Us
  • Privacy Policy
  • Cookie Policy
  • Terms of Use
  • Consent Preferences
  • Copyright © 2015-2026 Podbean.com