OWASP 24/7


1 Likes     1 Followers     3 Subscribers

Sign up / Log in to like, follow, recommend and subscribe!

OWASP 24/7 is a recorded series of discussions with project leads within OWASP. Each week, we talk about the new projects that have come on board, updates to existing projects and interesting bits of trivia that come across our desk.
🇬🇧 English
last modified
2019-08-25 18:51
last episode published
2019-08-23 22:10
publication frequency
14.64 days
OWASP 24/7 author  
Dockercast owner  
Number of Episodes
Detail page



Date Thumb Title & Description Contributors
23.08.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

2019 Global AppSec Conference DC w/ Ben Pick

OWASP supports a global conference in North America each year, bringing together the projects, teams and chapters who make this one of the largest security tribes in the world. In this episode of the DevSecOps Podcast Series, I speak with Ben Pick one ...
DevSecOps Podcast Series author
27.06.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

2019 State of the Software Supply Chain Report

The 2019 State of the Software Supply Chain Report was released on June 25th. The report is an analysis of the answers from over 5500 participants, allowing data researchers the ability to extrapolate what the most productive enterprises are doing when...
DevSecOps Podcast Series author
15.05.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

The Vanity of Diversity

Let's not talk around the subject here... women are under represented when it comes to speaking or participating in tech conferences. It's a male dominated culture. When I saw Lani Rosales had published, "The Ultimate list of Austin women who can spea...
DevSecOps Days author
8.05.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Create and Manage Internal Tech Conferences

I produced my first concert at the San Anselmo Playhouse in 1979. It was the first in a series of events that has lasted 40 years. I have produced more than 300 events and participated in many hundreds more as a speaker and participant. As the producer...
DevSecOps Days author
6.05.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Securing the Software Supply Chain - Live Panel for International Conference on Cyber Engagement

In April 2019, I was invited to host a panel at the International Conference on Cyber Engagement in Washington DC, to discuss "Securing the Software Supply Chain". On the panel were four of the top voices in software supply chain management: - Edna C...
DevSecOps Days author
1.05.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Tel Aviv and the 2019 Global AppSec Conference

When I think of Tel Aviv, I imagine a robust, young culture, living a good, fun life. Not only is the culture conducive to a young life style, its tech industry continues to gain traction. As Wired Magazine said last August, "Israeli startups have alwa...
DevSecOps Days author
16.04.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Persectives on the "Sec" in DevSecOps w/ Tanya Janca

If you've read the Phoenix Project, you'll remember Brent, the indispensable cog on the operations team. Brent was a good guy, he wanted to do the right things, all of the right things, but was pulled in all directions because of the lack of a unified ...
DevSecOps Days author
9.04.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

2019 Open Security Summit Preview

Three years ago there was an idea floating around OWASP... a core community was looking for a way to have an isolated week, where security project working groups could get together, with no distractions, and work on projects they felt were important. F...
DevSecOps Days author
2.04.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

What is an SBOM and Why Should You Care? w/ Allan Friedman

Open-source components and their use within the software supply chain has become ubiquitous within the past few years. Current estimates are that 80-90% of new software applications consist of open-source components and frameworks. Section A9 of the OW...
DevSecOps Days author
18.03.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

What is Chaos Engineering, an Interview with Casey Rosenthal

"Chaos engineering is an empirical practice of setting up experiments to figure out where your system is vulnerable so that you can know that ahead of time and proactively fix some of these vulnerabilities in your system." -- Casey Rosenthal In this b...
DevSecOps Days author
13.03.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Ladies of London Hacking Society w/ Eliza-May Austin

The Ladies of London Hacking Society was created by Eliza-May Austin in an act of frustration.Having nowhere to turn to meet other women within the security industry in the UK,Eliza-May fired off an online post lamenting the lack of local community sup...
DevSecOps Days author
12.02.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Anticipating Failure through Threat Modeling w/ Adam Shostack

What am I working on? What can go wrong? What am I going to do about it? Did I do a good job? These are the four questions at the heart of threat modeling In this episode, I speak with Adam Shostack, author of Threat Modeling: Designing for Security. ...
DevSecOps Days author
7.02.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

We Are All Special Snowflakes with Chris Roberts

This is the sixth episode in an eight part series, talking with the authors of "Epic Failures in DevSecOps". In this segment, I speak with Chris Roberts about his chapter, "We are all special snowflakes", diving into topics as diverse as the failure of...
DevSecOps Days author
18.01.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

A Concise Introduction to DevSecOps

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise Introduction to DevSecOps...
DevSecOps Days author
15.01.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

What's In Store for the AppSec Cali Conference w/ Richard Greenberg

As if there aren't enough reasons to go to Southern California in the middle of a New York winter, AppSec Cali opens it's doors for its 6th Annual OWASP conference on January 22, 2019. In this broadcast, I speak with Richard Greenberg, one of the core ...
DevSecOps Days author
10.01.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Epic Failures in DevSecOps w/ Aubrey Stearn

Aubrey Stearn is the Technical Lead for the Enterprise Cloud Platform at Nationwide. In the broadcast we talk with Aubrey about her chapter, "The Tale of the Burning Programme", in the recently released "Epic Failures in DevSecOps" book. Aubrey talks ...
DevSecOps Days author
2.01.2019 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Strategic Asymetry - Leveling the Playing Field w/ Chetan Conikee

"In the past when we were writing software, it was our engineers and our organizations that had total cost of ownership of that software. But now, that has fundamentally changed. Engineers are using open source software and deploying the entire applica...
DevSecOps Days author
18.12.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Threat Modeling - A Disaster Story with Edwin Kwan

We continue the "Epic Failures in DevSecOps" series by speaking with Edwin Kwan on his chapter, "Threat Modeling - A Disaster Story". Edwin is Application and Software Security Team Lead at Tyro Payments. In our discussion, we talk about the three thin...
DevSecOps Days author
14.12.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

The DevSecOps Unicorn Rodeo w/ Stefan Streichsbier

Stefan Streichsbier talks about his chapter, "Unicorn Rodeos", in the just released book, "Epic Failures in DevSecOps". We start with where did the chapter name come from and what does it mean, then lead into his three main points for hanging on for th...
DevSecOps Days author
10.12.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

The DevSecOps Experiment

DJ Schleen talks about his upcoming 15 part video series, "The DevSecOps Experiment", where he will walk through the set setup of a software supply chain, including building in security during every step of the process. This is a lab workshop type se...
DevSecOps Days author
3.12.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Open Source Vulnerabilities - Who is Ultimately Responsible

In this broadcast, I speak with Chris Roberts and Derek Weeks about lines of responsibility and npm package highjacking in light of the event-stream vulnerability announcement last week. The announcement of the event-stream npm package vulnerability h...
DevSecOps Days author
27.11.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

event-stream: Analysis of a Compromised npm Package

Once again, the pattern of taking over a known package and modifying it with malicious intent has happened. In this case, it's with the event-stream module in the npm repository. In this broadcast I speaker with Thomas Hunter, Software Developer at Int...
DevSecOps Days author
2.11.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Spy vs Spy in Application Security: Harvesting Adversaries

"The guy who wrote wifi software with SSID never imagined that someone could use that SSID to transmit data by writing two smaller applications to leverage it. We are constantly going to be in this [type of] battle. Ultimately we've got to find a way t...
DevSecOps Days author
31.10.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Moving from Projects to Products w/ Mik Kersten

"If you look inside a large enterprise IT organization, they have this very bizarre and broken layer that's completely separating the way that business thinks in terms of products, budgets and costs, and the way IT people know the way they need to inno...
DevSecOps Days author
29.10.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

The Journey to Open Source at Capital One w/ Tapabrata "Topo" Pal

Why would you allow open source usage in your company. What are the compelling reasons to take the risk. In this discussion, I talk with Topo Pal and Derek Weeks about the industry perception of open source and what's really happening behind the curtai...
DevSecOps Days author
17.09.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

The Future of Software and DevOps / with Sacha Labourey

"The compensation, the incentives that people have are very much anchored in short term objectives that do not take into account the vision for the bigger transformations that are happening within the market." -- Sacha Labourey, CEO, CloudBees Sacha ...
DevSecOps Days author
17.09.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

How to Build Chapter Engagement at OWASP

While at 2018 AppSec EU, I spoke with Sam Stepanyan and Grigorios Fragkos, chapter leaders of one of OWASP's largest chapters. The conversation centered around what does it take to grow a community, what does it take to lead a chapter.
DevSecOps Days author
15.07.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

A Message from the Executive Producer

This is Mark Miller, Executive Producer. 4 years ago I took over the creation and curation of the OWASP podcast series. In that time, there have been 118 episodes, with a combined listenership of over 269,000 plays. The series began as a way to speak w...
DevSecOps Days author
19.06.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

2018 AppSec EU London - Conference Preview

In this episode, I speak with the organizing committee of 2018 AppSec EU, hearing about what's planned and why you should consider attending this international conference in London.
OWASP 24/7 author
20.03.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Steps to Responsible Disclosure with Bas van Schaik,Man Yue Mo and Brian Fox

On March 1, 2018, the team at Semmle announced a critical vulnerability in the Pivotal Spring framework. The vulnerability was found by security researcher Man Yue Mo at Semmle — the team behind lgtm.com. In this episode of OWASP 24/7, I speak with r...
OWASP 24/7 author
26.02.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

RSAC 2018 - Preview of Opening Session for DevOps Connect: DevSecOps Day

Shannon Lietz, Caroline Wong and Paula Thrasher will give the opening remarks at DevOps Connect: DevSecOps Days on April 16 at the RSAC Conference in San Francisco. On today's show, I talk with Shannon, Caroline and Paula, on what they hope to accompli...
OWASP 24/7 author
7.02.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

HackNYC 2018: Preview with Kevin E. Greene

Prior to his work as Principal Software Assurance Engineer at MITRE, Kevin E. Greene was R&D Program Manager for the Department of Homeland Security. He is currently on the organizing committee for HackNYC, helping to organize talks and sessions ar...
OWASP 24/7 author
1.02.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

HackNYC 2018: Preview with Dr. Bill Curtis

In May, at HackNYC 2018 in New York City, Dr. Bill Curtis' team of Tracie Gerardi and Lev Lesokhin will deliver a presentation on putting an end to "Technical Debt". I spoke with Dr. Curtis about his work in the creation of various maturity models, the...
OWASP 24/7 author
12.01.2018 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

The OpenChain Project with Shane Coughlan

The OpenChain Project identifies key recommended processes for effective open source management. The project builds trust in open source by making open source license compliance simpler and more consistent. In this broadcast, I speak with Shane Coughla...
OWASP 24/7 author
30.11.2017 http://i1.sndcdn.com/avatars-000058237903-5qc6ry-original.jpg

Expanding Community Engagement at OWASP w/ Greg Anderson

Newly elected to the OWASP board, Greg Anderson is interested in how to expand the OWASP community. I talked with him about what he hope to accomplish in his tenure on the board, the first initiatives he would like to implement and on various ideas for...
OWASP 24/7 author

Thoughts on Security in the Modern Software Supply Chain

Caroline Wong, Paula Thrasher and I were having lunch at DevOps Enterprise Summit when the conversation took an interesting turn. Paula and Caroline had been on a panel the previous day and didn't get a chance to do a deep dive into any of the topics. ...
OWASP 24/7 author

Security Processes at the Apache Software Foundation w/ Mark Thomas and Brian Fox

In our continuing series on the Struts2 vulnerability announcement and the breach at Equifax, we spoke with Mark Thomas, Director, Apache Software Foundation, and Brian Fox, CTO, Sonatype to clarify the processes ASF goes through when a vulnerability i...
OWASP 24/7 author

Struts2 Vulnerabilities: Who Is Responsible?

A conversation on the ramifications of recent Struts2 announcements, the exploit at Equifax and the responsibility of companies using open source software. David Blevins, CEO, TomiTribe Brian Fox, CTO, Sonatype
OWASP 24/7 author

What you should know about the latest Struts2 vulnerability announcement

What you should know about the latest struts2 vulnerability announcement w/ Brian Fox, CTO Sonatype, and Matthew Konda , Chair, OWASP Board of Directors. If you're a developer and concerned about security, a struts2 vulnerability announcement came ou...
OWASP 24/7 author

OWASP Hacker Kids in Bangalore

Most of us want to help kids become proficient in programming and cybersecurity, but don't know how to get started or have time to manage such a project. Prashant Kv figured he'd put a team together with Vandana Verma and Rupali Dash and give it a shot...
OWASP 24/7 author

Less than 10 Minutes Series: OWASP DockerHub with Simon Bennetts

Earlier this week, Simon Bennetts from the OWASP ZAP Project announced the official availability of the OWASP DockerHub for housing projects. I caught up with Simon soon after to hear how ZAP was utilizing DockerHub and the benefits of containerization...
OWASP 24/7 author

Less than 10 Minutes Series - ModSecurity Core Rule Set Project

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the ModSecurity Core Rule Set Project with project co-lead Christian Folini. The OWASP ModSecurity CRS Project's goal is to provide a...
OWASP 24/7 author

Less than 10 Minutes Series: OWASP Summit 2017

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the OWASP Summit 2017 with conference organizer Sebastien (Seba) Deleersnyder. OWASP Summit 2017 is a 5-day participant driven event, d...
OWASP 24/7 author

Less than 10 Minutes Series: WebGoat Project

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the WebGoat Project with project co-leads Jason White and Nanne Baars. WebGoat is a deliberately insecure web application maintained by...
OWASP 24/7 author

Less than 10 Minutes Series: Vicnum Project

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Vicnum Project with project lead Nicole Becher. The Vicnum Project is a collection of intentionally vulnerable web applications. Vi...
OWASP 24/7 author

Less than 10 Minutes Series: Defect Dojo Project

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Defect Dojo Project with project lead Greg Anderson. The Defect Dojo is an open source vulnerability management tool that streamlin...
OWASP 24/7 author

Less than 10 Minutes Series: Virtual Village Project

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Virtual Village Project with project lead Evin Hernandez. The Virtual Village provides users with access to numerous operating syst...
OWASP 24/7 author

Less than 10 Minutes Series: The Juice Shop Project

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the Juice Shop Project with project lead Bjoern Kimminich. The Juice Shop is an intentionally insecure webapp for security training, wr...
OWASP 24/7 author

AppSec EU 2017, Belfast Keynote Preview with Jaya Baloo

"Why does OWASP even exist? Why do we even have this idea of understanding common issues, common problems. There are resources to help us do it better next time. I feel we are not learning at the curve where we should be, considering the resources avai...
OWASP 24/7 author

Struts 2 Vulnerability Analysis

Brian Fox and Shannon Lietz talk about the recent announcement of the struts 2 vulnerability: What is it, how can it affect you, what you can do about it. You can view this broadcast as video on YouTube: https://www.youtube.com/watch?v=EzRKOudJPtQ
OWASP 24/7 author