Name: OWASP Offensive Web Testing Framework with Bharadwaj Machiraju and Abraham Aranguren by The OWASP Podcast Series in devsecops
Duration: 20 min 1 s
Description: In this segment, we talk with the co-coordinators of the OWASP OWTF Project. The aim of the project is to make security assessments as efficient as possible by automating the manual, uncreative part of pen testing.

devsecops

In this episode, Matt Tesauro hosts Adam Shostack to talk about threat modeling - not only what it is but what Adam has learned from teaching numerous teams how to do threat modeling. Learn what makes a good threat model and some news about a new book from Adam to help further the spread of threat modeling with the end goal of more threat modeling and fewer security surprises.  Enjoy!

Show Links:
- Threats Book site: https://threatsbook.com/
- Resources on Adam’s website: https://shostack.org/resources

OWASP Podcast

Threat Modeling using the Force with Adam Shostack - OWASP Podcast e001

The OWASP Top Ten Proactive Controls Project is spearheaded by Jim Bird and Jim Manico. According to Jim Bird, it is a list of security techniques that should be included in every software development project. I spoke with him about the evolution of the project and how he envisions it being used by the OWASP community, and specifically by developers. 

<b>Resources for this Broadcast</b>
<a href="https://www.owasp.org/index.php/OWASP_Proactive_Controls">OWASP Top Ten Proactive Controls Project </a>
<a href="ca.linkedin.com/pub/jim-bird/3/4b2/646">Jim Bird on LinkedIn</a>

<b>About Jim Bird</b>
Jim Bird is a software development manager and CTO with more than 25 years of experience in software engineering, with a special focus on high-integrity and high-reliability systems. Jim is currently the co-founder and CTO of a major US-based institutional trading service, where he is responsible for managing the company’s technology group and IT security programs. Jim has worked as a consultant to IBM and to major stock exchanges and banks globally. He was also the CTO of a technology firm (now part of NASDAQ OMX) that built custom IT solutions for stock exchanges and central banks in more than 30 countries. Jim is an active contributor to OWASP, helps out as a member of the SANS Analysts program on application security, and rants about Agile software development, project management and application security topics on his blog “Building Real Software.

The OWASP Top Ten Proactive Controls Project  with Jim Bird

In this segment, we talk with the co-coordinators of the OWASP OWTF Project. The aim of the project is to make security assessments as efficient as possible by automating the manual, uncreative part of pen testing.

OWASP Offensive Web Testing Framework with Bharadwaj Machiraju and Abraham Aranguren

Annotations and transcribed highlights: http://www.brainpickings.org/2015/06/16/neil-gaiman-how-stories-last

Recorded at the Long Now Foundation (http://longnow.org/) on June 9, 2015. 

Follow @https://soundcloud.com/longnow and subscribe to the podcast of their excellent seminars on long-term thinking on iTunes: https://itunes.apple.com/us/podcast/seminars-about-long-term-thinking/id186908455?mt=2

MORE / TRANSCRIPT

Neil Gaiman on how stories last

The OWASP Top 10 Proactive Controls Project uses the OWASP Top 10 model as a way to encourage the community to participate in the building and maintenance of a Top 10 project aimed at developers. In this interview, I talk with Jim Manico and Katy Anton on the history of the project, how they anticipate it being utilized, and how they have worked with the community do decide the criteria for building the list of controls.

OWASP Top 10 Proactive Controls Project with Jim Manico and Katy Anton

Jason Schmitt's passion is to assure security is built into the development process, not just as a bolt-on add-on.  His experience in various aspects of software security has led him on a path through mobile, application and cloud security. In our conversation, Jason talks about the value OWASP provides to the community as well as what he perceives as a critical time for the integration between DevOps and security. 

About Jason Schmitt

Jason Schmitt is vice president and general manager of HPE Security  Products, Fortify for Hewlett Packard Enterprise. He is responsible for driving the growth of Fortify’s  software security business and managing all operational functions  within the group.  Schmitt has extensive experience in product management,  development and marketing for all types of web and security  technologies. His expertise ranges from cloud-based secure web  gateways, to application security and mobile security consulting  services, to network-based video surveillance.

Security as Part of DevOps and Development with Jason Schmitt

The inclusion of security as an integral piece of the DevOps puzzle continues to gain traction. In this episode of the DevSecOps Days Podcast Series, I speak with Curtis Yanko and Scott McCarty about their new book, "A Concise Introduction to DevSecOps". We discuss why they wrote the book, who the audience is that will benefit from it and why enterprises should be considering security as part of the software development environment.

with Curtis Yanko and Scott McCarty

A Concise Introduction to DevSecOps

The OWASP Podcast Series is a recorded series of discussions with thought leaders and practitioners who are working on securing the future for coming generations.

OWASP Offensive Web Testing Framework with Bharadwaj Machiraju and Abraham Aranguren

The OWASP Podcast Series

Related tracks