2015 AppSec California Post Mortem with Richard Greenberg and Neil Matatall

Tags

, , ,

What does it take to put on a successful conference? How much work is involved? In this segment, I sit down with Neil Matatall and Richard Greenberg, co-organizers of AppSec California 2015. We talk about how they came up with the idea and what resources were needed to pull off such a successful event.

Listen to the full interview with Neil and Richard

AppSec California

 

AppSec California

 

AppSec California

AppSec California

John Melton and the OWASP AppSensor Project

Tags

, , ,

Listen to the full recording on SoundCloud

The OWASP AppSensor Project has just released version 2.0. In this broadcast we speak with John Melton, project code lead, on the latest features in the release and what the future looks like for the project.

About John Melton
John is one of the co-leaders for the OWASP AppSensor project and leads the software implementation. For his day job, he is a principal security researcher for WhiteHat Security, working in the SAST space. His background is in software and security engineering.

 

Moxie Marlinspike on Open Source Security for Mobile Devices

Tags

, ,

Moxie Marlinspike is the founder of Open Whisper Systems which is both a large community of Open Source contributors, as well as a small team of dedicated developers. Together, the members of Open Whisper Systems is working to advance the state of the art for secure communication, while simultaneously making it easy for everyone to use.

Moxie works on secure protocols, Android clients, and server software. He has been contributing to Open Whisper Systems since it was Whisper Systems, formerly ran the product security team at Twitter, started the first cloud-based password cracking service. He has also published a number of attacks on secure protocols like SSL and MS-CHAPv2.

He has been a keynote speaker at past OWASP and other security conferences.

The WebGoat Project with Rick Lawson and Jason White

Tags

, ,

The WebGoat Project has developed a free online tool used to test and uncover application flaws that might otherwise go unnoticed. In this episode of OWASP 24/7, we talk with two of the WebGoat team members, Rick Lawson and Jason White, about how WebGoat is being used and future plans.

More about WebGoat
WebGoat for J2EE is written in Java and therefore installs on any platform with a Java virtual machine. There are installation programs for Linux, OS X Tiger and Windows. Once deployed, the user can go through the lessons and track their progress with the scorecard

To find out more about WebGoat, you can follow Jason on twitter (@misfir3) and on LinkedIn

Kevin E. Greene on OWASP and the SWAMP Project

Tags

, , , ,

During a meeting at AppSec USA 2014 in Denver, the SWAMP team presented its case for working with OWASP to support a marketplace for security tools. I sat down with Kevin E. Greene from DHS S&T, Cybersecurity Division to talk about what SWAMP is an how OWASP and its various projects might become involved.

Listen to the interview with Kevin E. Greene

About Kevin E. Greene

Software Assurance Program Manager responsible for oversight and management of research and development projects focused on improving the testing, analysis, and evaluation techniques used in software quality assurance tools. In addition, responsible for building a Software Assurance Marketplace (SWAMP) which will provide continuous software assurance services.

The SWAMP (www.cosalab.org) will serve as a national marketplace that will provide a collaborative research infrastructure to advance improvements in software development activities, as well as improvements in software quality assurance tools in the area of precision, soundness, and scalability.

Oracle OpenWorld / JavaOne – Larry Ellison says Security is Job One

Tags

, , , ,

Larry Ellison - 2014 Oracle OpenWorld Larry Ellison laid out his game plan for Oracle during the opening keynote at Oracle OpenWorld and it can be summed up on one word: Security. While he talked a lot about where Oracle has been, its growth curve and the hundreds of applications now available as SaaS, Paas, and IaaS, the main message was this:

Security in the cloud is job one. There is nothing more important in the modern cloud than security of data.

With data retention doubling every year, the problem of security of that data is only going to get harder. Listen to the keynote as Ellsion outlines his plans for the future of your data and how he intends to make it safe. View the Entire Keynote with Larry Ellison.

OWASP 2014 Board Candidate Interviews [AUDIO]

Tags

, ,

The OWASP 2014 Board Candidate interviews are now on YouTube. I have uploaded them to the OWASP 24/7 Pocast Series and they should be in your feed if you subscribe to the series. As a convenience, I have embedded them below, where you can listen, comment or download for listening when you have time. — Mark

Listen to the interview with Jim Manico, Timur Khrotko

 

Listen to the interview with Andrew van der Stock, Nigel Phair, Abbas Naderi

 

Listen to the interview with Israel Bryski, Matt Konda, Bil Corry and Tahir Khan