Artwork

コンテンツは Chris Lindsey によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Chris Lindsey またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal
Player FM -ポッドキャストアプリ
Player FMアプリでオフラインにしPlayer FMう!

Maturing your AppSec Program - Moving beyond the basics

37:01
 
シェア
 

Manage episode 435297251 series 3589650
コンテンツは Chris Lindsey によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Chris Lindsey またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal

In this episode of Secrets of AppSec Champions, host Chris Lindsey and guest Toby Jackson dive into the strategies and best practices for maturing an application security (AppSec) program. Toby underscores the necessity of validating video messages, with the same rigor applied to emails and texts, to mitigate security threats. Emphasizing the growing menace of SIM card hijacking and SMS interception, both experts advocate for regular reviews of security processes and procedures. They also stress the critical role of education in an organization's security posture, championing the integration of security awareness training into HR programs and developer education to identify and resolve vulnerabilities.

The discussion moves to the importance of leadership understanding security vulnerabilities, where Chris and Toby recommend clearly communicating the potential impacts to ensure informed decision-making. Both suggest maintaining thorough documentation and sharing attack findings with development teams to help them address weaknesses effectively. When it comes to penetration testing, they advise addressing issues identified by Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools before external pen tests. This ensures a more thorough assessment and prioritizes fixing high-risk applications first, while also advocating for long-term security planning that aligns with business goals and maintenance of strong inter-team relationships.

Chris and Toby explore the evolving landscape of security tools, AI, and their implications. They caution about the potential for AI in security to automate routine tasks while warning of data privacy risks. Policies and procedures must be in place to safeguard intellectual property and manage AI use, underlining the need for leadership involvement in AI-related decisions. The conversation underscores the importance of keeping security tools up to date and having cross-team communication, supported by security champions. To wrap up, the podcast encourages listeners to subscribe, rate, and review the show, reinforcing the value of community engagement in the ongoing discourse on application security.

Key Topics with timestamps:
00:00 Decoding Application Security: Maturing Your Program

05:52 The Importance of Detail-Oriented Security Leadership

07:49 Strategies for Evaluating and Securing Applications

12:25 Evaluating and Maturing Penetration Testing Tools

13:28 Importance of Regularly Reassessing Security Tools

18:34 Security Tools and AI Analysis Vendors Importance

22:28 Importance of Maturity, Communication, and Planning in Security Testing

25:31 Implementing Internal Keywords for Identity Verification

27:34 Integrating Security Awareness into HR Training Plans

32:54 The Impact of Pen Tests on Application Security

35:36 Advancing Security: Insights and Progress with Toby

05:52 The Importance of Detail-Oriented Security Leadership

07:49 Strategies for Evaluating and Securing Applications

12:25 Evaluating and Maturing Penetration Testing Tools

13:28 Importance of Regularly Reassessing Security Tools

18:34 Security Tools and AI Analysis Vendors Importance

22:28 Importance of Maturity, Communication, and Planning in Security Testing

25:31 Implementing Internal Keywords for Identity Verification

27:34 Integrating Security Awareness into HR Training Plans

32:54 The Impact of Pen Tests on Application Security

35:36 Advancing Security: Insights and Progress with Toby

  continue reading

10 つのエピソード

Artwork
iconシェア
 
Manage episode 435297251 series 3589650
コンテンツは Chris Lindsey によって提供されます。エピソード、グラフィック、ポッドキャストの説明を含むすべてのポッドキャスト コンテンツは、Chris Lindsey またはそのポッドキャスト プラットフォーム パートナーによって直接アップロードされ、提供されます。誰かがあなたの著作物をあなたの許可なく使用していると思われる場合は、ここで概説されているプロセスに従うことができますhttps://ja.player.fm/legal

In this episode of Secrets of AppSec Champions, host Chris Lindsey and guest Toby Jackson dive into the strategies and best practices for maturing an application security (AppSec) program. Toby underscores the necessity of validating video messages, with the same rigor applied to emails and texts, to mitigate security threats. Emphasizing the growing menace of SIM card hijacking and SMS interception, both experts advocate for regular reviews of security processes and procedures. They also stress the critical role of education in an organization's security posture, championing the integration of security awareness training into HR programs and developer education to identify and resolve vulnerabilities.

The discussion moves to the importance of leadership understanding security vulnerabilities, where Chris and Toby recommend clearly communicating the potential impacts to ensure informed decision-making. Both suggest maintaining thorough documentation and sharing attack findings with development teams to help them address weaknesses effectively. When it comes to penetration testing, they advise addressing issues identified by Dynamic Application Security Testing (DAST) and Static Application Security Testing (SAST) tools before external pen tests. This ensures a more thorough assessment and prioritizes fixing high-risk applications first, while also advocating for long-term security planning that aligns with business goals and maintenance of strong inter-team relationships.

Chris and Toby explore the evolving landscape of security tools, AI, and their implications. They caution about the potential for AI in security to automate routine tasks while warning of data privacy risks. Policies and procedures must be in place to safeguard intellectual property and manage AI use, underlining the need for leadership involvement in AI-related decisions. The conversation underscores the importance of keeping security tools up to date and having cross-team communication, supported by security champions. To wrap up, the podcast encourages listeners to subscribe, rate, and review the show, reinforcing the value of community engagement in the ongoing discourse on application security.

Key Topics with timestamps:
00:00 Decoding Application Security: Maturing Your Program

05:52 The Importance of Detail-Oriented Security Leadership

07:49 Strategies for Evaluating and Securing Applications

12:25 Evaluating and Maturing Penetration Testing Tools

13:28 Importance of Regularly Reassessing Security Tools

18:34 Security Tools and AI Analysis Vendors Importance

22:28 Importance of Maturity, Communication, and Planning in Security Testing

25:31 Implementing Internal Keywords for Identity Verification

27:34 Integrating Security Awareness into HR Training Plans

32:54 The Impact of Pen Tests on Application Security

35:36 Advancing Security: Insights and Progress with Toby

05:52 The Importance of Detail-Oriented Security Leadership

07:49 Strategies for Evaluating and Securing Applications

12:25 Evaluating and Maturing Penetration Testing Tools

13:28 Importance of Regularly Reassessing Security Tools

18:34 Security Tools and AI Analysis Vendors Importance

22:28 Importance of Maturity, Communication, and Planning in Security Testing

25:31 Implementing Internal Keywords for Identity Verification

27:34 Integrating Security Awareness into HR Training Plans

32:54 The Impact of Pen Tests on Application Security

35:36 Advancing Security: Insights and Progress with Toby

  continue reading

10 つのエピソード

すべてのエピソード

×
 
Loading …

プレーヤーFMへようこそ!

Player FMは今からすぐに楽しめるために高品質のポッドキャストをウェブでスキャンしています。 これは最高のポッドキャストアプリで、Android、iPhone、そしてWebで動作します。 全ての端末で購読を同期するためにサインアップしてください。

 

クイックリファレンスガイド