Radio and PodcastLive Radio & PodcastsOpening Radio and Podcast...
Radio and PodcastLive Radio & PodcastsFetching podcast shows and categories...
Radio and PodcastLive Radio & PodcastsFetching podcast episodes...
A family friendly show about security awareness. Topics include developer security, and security awareness in general.
Ever read a security advisory that told you to “use a VPN” to protect a Bluetooth device? In this episode we talk about how bad or inaccurat...
In this episode James gives an overview of the new OWASP Top 10 2025. He shares some insights into the history, changes, and additional thou...
In this episode, James talks about the difference between end-to-end encryption and the standard encryption in transit most web applications...
Have you ever felt that feeling of thinking your account has been compromised? It can be a scary feeling. But what about when it didn't...
In this episode, James shares a story about fixing a flat tire on an E-Scooter and how it relates to security. He shows how the combination...
In this episode, I go over what Double-ClickJacking is and what you can potentially do about it to reduce the risk to your applications. Wil...
In this episode, I talk about how security is a part of everyone's role and the labeling of "Security Culture". I share some ideas on h...
In this episode I talk about assigning responsibility for secure development and how the dev and security teams should be working together t...
In this episode I talk about the evolving world of ransomware. I discuss a few examples of unique tactics the malicious actors are using to...
In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application componen...
In this episode we talk about the spell check feature of the browser and how it could present a risk to sensitive data. Link to article refe...
Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this...
Chrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesi...
It was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you...
In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead? Fo...
In this episode, James talks about investing in the development teams to increase application security priorities. For more info go to https...
In this episode, James talks about some of the risks and recommendations around security questions and their implementation. For more info g...
Does your application give away details about it server, framework, or other components? How is this information used by an attacker? Check...
Would you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credential stuffing, there m...
James discusses how implementation matters with security controls and how it changes priorities. This came about after reading the following...
I talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previous year and goals....
In this episode James talk about the Dunkin Donuts Perks breach. This is an interesting situation as the accounts were access using the vict...
In this episode James talks about what credential stuffing is, how if affects your apps, and how you can look to defend against it. For more...
James talks about the Facebook breach and shares some insights into how you can take steps to prevent this type of incident in your applicat...
I sit down with Eric Johnson to talk about security in the IDE and other fun topics. A bit longer than usual, but full of great information....
James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world. Julien (@jvehent) is...
The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd pa...
In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability d...
In this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you...
In this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help i...
In this episode, James talks about what it means to shift left in the SDLC. For more info go to https://www.developsec.com or follow us on t...
In this episode we talk about efail and the HYPE around security news. For more info go to https://www.developsec.com or follow us on twitte...
** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. For schedules a...
In this episode we talk about treating security flaws as defects and embedded vs. built-in security. Do you treat security flaws differently...
In this episode we talk about the MyFitnessPal breach and some of the key points that we as developers, security, and users can take away fr...
In this episode we talk about penetration testing and what you need to know to get the most out of the activity. Tune in to hear some of our...
In this episode we talk about secure code review with a mention of static analysis. Do you know the difference? What is the issue of doing o...
In this episode James talks about 2-factor authentication, why we use it, and maybe why we don't. Is your 2-factor implementation getti...
The new OWASP Top 10 2017 is out. We look at some of the changes and how you can effectively use the list to better your security program. W...
James sits down with Perry Krug, from Couchbase to discuss some important steps to take to secure your database. Perry Krug - https://twitte...
Welcome to 2018! Another year down and time for many of us to start making promises to ourselves of things we will start doing in this new y...
In this episode, James talks with Tim Medin regarding Meteor and security. If you develop with Meteor or have to test it, there is a lot of...
You have heard about the Apple Sign-in Bug on High Sierra. Now lets talk about how we can use this example to better our current development...
In this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not. Links: OWASP Depen...
In this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this information can be u...
You know your development language and platform, but do you really know the ins and outs of web application technology? How well do you know...
In this episode, James talks about authorization and some common areas where it poses a risk. He also goes over some techniques to help test...
The Equifax breach was a major news story. James talks about some of the security controls mentioned and how to start a conversation within...
We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags. James talks about t...
We use a lot of platforms and frameworks when we develop an application. These platforms may provide security features, but do you know whic...