Ranked #1
Ep. 112: Application Fingerprinting
Ep. 112: Application Fingerprinting
Does your application give away details about it server, framework, or other components? How is this information used b... Read more
22 Jan 2019
•
21mins
Ranked #2
Ep. 102: Intro to Web Security Policies
Ep. 102: Intro to Web Security Policies
In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked a... Read more
26 Jun 2018
•
16mins
Similar Podcasts
Ranked #3
Ep. 93: Code Review
Ep. 93: Code Review
In this episode we talk about secure code review with a mention of static analysis. Do you know the difference? What is ... Read more
9 Mar 2018
•
25mins
Ranked #4
Ep. 81: JavaScript in HREF and SRC (XSS)
Ep. 81: JavaScript in HREF and SRC (XSS)
We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags.... Read more
18 Sep 2017
•
20mins
Ranked #5
Ep. 104: Securing Devops with Julien Vehent
Ep. 104: Securing Devops with Julien Vehent
James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world. ... Read more
30 Aug 2018
•
45mins
Ranked #6
Ep. 76: Validation - Client vs. Server
Ep. 76: Validation - Client vs. Server
Are you thinking about client vs. server-side input validation? Curious why each is important and when to use them? Ja... Read more
19 Jun 2017
•
13mins
Ranked #7
Ep. 86: Vulnerable 3rd Party Components
Ep. 86: Vulnerable 3rd Party Components
In this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not... Read more
23 Nov 2017
•
18mins
Ranked #8
Ep. 94: Penetration Testing
Ep. 94: Penetration Testing
In this episode we talk about penetration testing and what you need to know to get the most out of the activity. Tune in... Read more
2 Apr 2018
•
26mins
Ranked #9
Ep. 77: Interactive Application Security Testing
Ep. 77: Interactive Application Security Testing
In this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach th... Read more
7 Jul 2017
•
14mins
Ranked #10
Ep. 88: Meteor Security with Tim Medin
Ep. 88: Meteor Security with Tim Medin
In this episode, James talks with Tim Medin regarding Meteor and security. If you develop with Meteor or have to test it... Read more
11 Dec 2017
•
42mins
Ranked #11
Ep. 85: Open Redirect Revisited
Ep. 85: Open Redirect Revisited
In this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this ... Read more
17 Nov 2017
•
25mins
Ranked #12
Ep. 99: Shifting Left in the SDLC
Ep. 99: Shifting Left in the SDLC
In this episode, James talks about what it means to shift left in the SDLC. For more info go to https://www.developsec... Read more
30 May 2018
•
19mins
Ranked #13
Ep. 78: MySpace Lessons - Looking At Account Recovery
Ep. 78: MySpace Lessons - Looking At Account Recovery
James talks about a recent vulnerability report regarding MySpace's Account Recovery system (https://www.wired.com/story... Read more
24 Jul 2017
•
19mins
Ranked #14
Ep. 111: Authentication Alerts
Ep. 111: Authentication Alerts
Would you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credenti... Read more
14 Jan 2019
•
16mins
Ranked #15
Ep. 107: Credential Stuffing
Ep. 107: Credential Stuffing
In this episode James talks about what credential stuffing is, how if affects your apps, and how you can look to defend ... Read more
9 Nov 2018
•
18mins
Ranked #16
Ep. 110: Implementation Matters
Ep. 110: Implementation Matters
James discusses how implementation matters with security controls and how it changes priorities. This came about after r... Read more
7 Jan 2019
•
19mins
Ranked #17
Ep. 109: 2018 Reflection
Ep. 109: 2018 Reflection
I talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previ... Read more
2 Jan 2019
•
27mins
Ranked #18
EP. 97: Gmail / Netflix Potential Scam
EP. 97: Gmail / Netflix Potential Scam
** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. ... Read more
23 Apr 2018
•
18mins
Ranked #19
DevelopSec Podcast #91 - OWASP Top 10 2017 Thoughts
DevelopSec Podcast #91 - OWASP Top 10 2017 Thoughts
The new OWASP Top 10 2017 is out. We look at some of the changes and how you can effectively use the list to better your... Read more
9 Feb 2018
•
28mins
Ranked #20
Ep. 103: Is 3rd Party Authentication Right For Your Application?
Ep. 103: Is 3rd Party Authentication Right For Your Application?
The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. ... Read more
16 Aug 2018
•
18mins