Tag Archives: appsec

AppSec EU 2017 Belfast - Featured

AppSec EU 2017 Belfast in 10 Minutes or Less

AppSec EU 2017 Belfast in 10 Minutes or Less

The Project Summit at AppSec EU 2017 in Belfast was a good time to catch up with the project leads to see what progress they’ve made in the past year and to hear about their upcoming plans. Each of these recordings is 10 minutes or less, so put some headphones on and have a go.

Jaya Baloo - Featured Image

AppSec EU 2017, Belfast – Keynote Preview with Jaya Baloo

“Why does OWASP even exist? Why do we even have this idea of understanding common issues, common problems. There are resources to help us do it better next time. I feel we are not learning at the curve where we should be, considering the resources available to us.” — Jaya Baloo As CISO of KPN,

Culture Hacking

Culture Hacking at RSAC 2017 with Shannon Lietz

On Monday, February 13, Shannon Lietz gave a quick, 20 minute overview of her investigations and implementation of Culture Hacking at Intuit. Below is the extended version of that presentation, including audio and the slide deck. Shannon will continue this discussion at her keynote presentation during AppSec EU 2017 in Belfast.     Culture Hacker:

WebGoat Project - Featured Image

2016 AppSec USA – An Update on the WebGoat Project

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. It is one of the most used projects at OWASP. With the current team headed by Bruce Mayhew, Nanne Baars and Jason White, work is moving forward on the creation of new content for creating training lessons for

2016 State of the Software Supply Chain Report

2016 State of the Software Supply Chain Report Released

The 2nd Annual State of the Software Supply Chain Report has been released, containing information on open source download patterns from over 3000 organizations. The report is a Sonatype research project, analyzing data from over 31 billion downloads from the Central Repository and other open source repositories. Listen to the OWASP 24/7 Podcast below to

Brandon Holcomb - Innovator's Journey to DevOps

Brandon Holcomb – An Innovator’s Journey to DevOps

Brandon Holcomb, VP Technology, Global Platforms at Equifax, is worried about scaling IT projects at large enterprises. As head of infrastructure at Equifax, and previously at Home Depot, Holcomb has led large, transformational projects while concentrating on the ability of the new systems to scale. He has discovered that most issues are created by lack of

AppSecEU 2016 - Logo

Interviews and Insights from AppSecEU 2016

At AppSecEU 2016 in Rome, Italy, I sat down with project leads and session leaders to hear what they were working on and what they would like the community to know about their projects and plans. Interviews will be added to this list as they become available, so check back each day to see the


DevOps Connect: Rugged DevOps at RSA

Live blog from DevOps Connect – get the slides now by emailing mmiller@sonatype.com Note: this page does not auto-refresh It is time for me to sign off. The Rugged DevOps sessions at DevOps connect were, well rugged. They brought reality to DevOps implementations and make sure security plays the role that it needs to in application

Andrew van der Stock

OWASP Application Security Verification Standard Project w/ Andrew van der Stock [PODCAST]

The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls. The primary aim of the OWASP ASVS Project is to normalize the range in the coverage and level of rigor available in the market when it comes to performing Web application security verification using a commercially-workable open