OWASP articles

Greg Anderson, OWASP 2017

Expanding Community Engagement at OWASP w/ Greg Anderson [Podcast]

Expanding Community Engagement at OWASP w/ Greg Anderson [Podcast]

Newly elected to the OWASP board, Greg Anderson is interested in how to expand the OWASP community. I talked with him about what he hopes to accomplish in his tenure on the board, the first initiatives he would like to implement and on various ideas for working with OWASP chapters, projects and events. About Greg

Caroline Wong and Paula Thrasher at DOES 2017

Thoughts on Security in the Modern Software Supply Chain with Caroline Wong and Paula Thrasher

Caroline Wong, Vice President at Cobalt.io, Paula Thrasher, Director Digital Services, CSRA, and I were having lunch at DevOps Enterprise Summit when the conversation took an interesting turn. Paula and Caroline had been on a panel the previous day and didn’t get a chance to do a deep dive into any of the topics. As we

Jaya Baloo - Featured Image

AppSec EU 2017, Belfast – Keynote Preview with Jaya Baloo

“Why does OWASP even exist? Why do we even have this idea of understanding common issues, common problems. There are resources to help us do it better next time. I feel we are not learning at the curve where we should be, considering the resources available to us.” — Jaya Baloo As CISO of KPN,

WebGoat Project - Featured Image

2016 AppSec USA – An Update on the WebGoat Project

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is one of the most used projects at OWASP. With the current team headed by Bruce Mayhew, Nanne Baars and Jason White, work is moving forward on the creation of new content for creating training lessons for

Core Rules Project - Chaim Sanders

AppSec USA 2016: Core Rule Set Project Update w/ Chaim Sanders [AUDIO]

The OWASP ModSecurity Core Rule Set Project‘s goal is to provide an easily “pluggable” set of generic attack detection rules that provide a base level of protection for any web application. Chaim Sanders,Ryan Barnett, Christian Folini and Walter Hop are the team coordinating the project. During 2016 AppSec USA, I spoke with Chaim Sanders about

IP Expo London 2016 - Shannon Lietz, Chris Swan and Mark Miller

The Future of DevSecOps w/ Shannon Lietz and Chris Swan, Live From IP Expo London

This is a live recording from 2016 IP Expo London, with Shannon Lietz (Intuit), Chris Swan (CSC) and host Mark Miller (Sonatype) discussing the future of security as it relates to DevOps. Shannon and Chris are real world practitioners, bringing stories from the trenches. We initially start with where the term DevSecOps came from the

OWASP 24-7 - 2016 Board Interviews - 04

2016 OWASP Board Election Interviews – Part Four of Four – Members, Projects, Conferences, Chapters

Today’s OWASP 24/7 Podcast is the fourth in a series of four, talking with prospective 2016 board members. Today’s question is, “What is more important to you as a candidate 1) Members 2) Projects 3) Conferences 4) Chapters ” The format for today’s Q&A with potential board members is simple. We ask a single question.

Top