The OWASP Security Shepherd Project is a mobile web application training platform for penetration testing. It covers the OWASP Top 10 risks from both the mobile and web projects.
This recording was made at AppSecUSA 2015 during the Project Summit.
On the day before Black Hat 2014 kicked off, I was able to sit with Jonathan Carter to talk about his work and the projects he participates on in OWASP. The audio recording is a bit raw because the sound was cranked up in a conference full of people. What Jonathan has to say should more than compensate.
About Jonathan Carter
Jonathan Carter is an application security professional with over 15 years of security expertise within Canada, United States, Australia, and England. As a Software Engineer, Jonathan produced software for online gaming systems, payment gateways, SMS messaging gateways, and other solutions requiring a high degree of application security.
Jonathan’s technical background in artificial intelligence and static code analysis has lead him to a diverse number of security roles: Enterprise Security Architect, Web Application Penetration Tester, Fortify Security Researcher, and Security Governance lead. He is currently Arxan’s Technical Director.
Resources mentioned in this podcast
When it comes to mobile security, you’d be hard pressed to find a more knowledgeable source than Jack Mannino, co-leader of the OWASP Mobile Security Project. During the Software Quality and Assurance Forum sponsored by the Department of Homeland Security last month, Jack and I sat down to talk about his work with OWASP and the mobile initiative.
“The ecosystem is arguably just as much of a risk as the actual application security itself. They go hand in hand.” — Jack Mannino
Our discussion included ideas on how to move security closer to the beginning of the development project, and why many companies are choosing not to do that.
“You’ll see pushback from a product or project manager if security impacts their ability go live. They are willing to accept the risks in order to just go live.” — Jack Mannino
Listen to the Full Interview: Jack Mannino – Build Security into Mobile