Author Archives: Mark Miller

Jaya Baloo - Featured Image

AppSec EU 2017, Belfast – Keynote Preview with Jaya Baloo

AppSec EU 2017, Belfast – Keynote Preview with Jaya Baloo

“Why does OWASP even exist? Why do we even have this idea of understanding common issues, common problems. There are resources to help us do it better next time. I feel we are not learning at the curve where we should be, considering the resources available to us.” — Jaya Baloo As CISO of KPN,

Struts2 Live Updates

Apache Struts Vulnerability: Live Updates

Update: Here’s the recording of Brian Fox and Shannon Lietz talking about Apache Struts 2 and the new vulnerability announcement. We’re keeping an eye on the latest news for the Apache struts2 vulnerability that was announced earlier this week. In addition a live broadcast talking to several top security experts in the industry, we’ve got

DevOps Connect Speakeres_RSA

Full Program for DevOps Connect: DevSecOps Track at RSAC 2017

Next week, Monday, February 13, DevOps.com and Sonatype are co-hosting the DevOps Connect: DevSecOps track at RSAC 2017 in San Francisco. This is the largest security conference in the world, including DevOps sessions all day Monday, plus more placed throughout the conference agenda. I’m linking to a download of the full, printable program for the

DevOps Connect at RSAC 2017 - Featured Image

Speakers and Schedule for DevOps Connect: DevSecOps at RSAC 2017

For the third year in a row, DevOps.com and Sonatype are co-organizers of DevOps Connect at RSAC 2017 in San Francisco, Monday, February 13. As automated security continues to gain traction as an integral part of the DevOps pipeline, we are concentrating on DevSecOps as this year’s theme. The day’s sessions start at 10:00 am with a keynote

WebGoat Project - Featured Image

2016 AppSec USA – An Update on the WebGoat Project

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is one of the most used projects at OWASP. With the current team headed by Bruce Mayhew, Nanne Baars and Jason White, work is moving forward on the creation of new content for creating training lessons for

Core Rules Project - Chaim Sanders

AppSec USA 2016: Core Rule Set Project Update w/ Chaim Sanders [AUDIO]

The OWASP ModSecurity Core Rule Set Project‘s goal is to provide an easily “pluggable” set of generic attack detection rules that provide a base level of protection for any web application. Chaim Sanders,Ryan Barnett, Christian Folini and Walter Hop are the team coordinating the project. During 2016 AppSec USA, I spoke with Chaim Sanders about

IP Expo London 2016 - Shannon Lietz, Chris Swan and Mark Miller

The Future of DevSecOps w/ Shannon Lietz and Chris Swan, Live From IP Expo London

This is a live recording from 2016 IP Expo London, with Shannon Lietz (Intuit), Chris Swan (CSC) and host Mark Miller (Sonatype) discussing the future of security as it relates to DevOps. Shannon and Chris are real world practitioners, bringing stories from the trenches. We initially start with where the term DevSecOps came from the

Top