Application Security Weekly Subscribe

Vulnerability Management, Application security, AI/ML, API security, DevOps

State Of Application Security 2024 – Sandy Carielli, Janet Worthington – ASW #290

July 8, 2024

Full Audio

View Show Index

Segments

1. State Of Application Security 2024 – Sandy Carielli, Janet Worthington – ASW #290

Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous speed.

Segment resources

https://www.forrester.com/blogs/ludicrous-speed-because-light-speed-is-too-slow-to-secure-your-apps/
They're also conducting a survey on how orgs use Top 10 lists. Provide your response at https://forrester.co1.qualtrics.com/jfe/form/SV_9Z7ARUQjuzNQf0q

Announcements

You're invited to InfoSec World 2024 at Disney’s Coronado Springs Resort in Lake Buena Vista, FL, from September 23-25. Join top cybersecurity experts for this premier event! Save 25% on your pass by using code ISW24-SW25 when you register at securityweekly.com/infosecworld2024. Don’t miss out on this exclusive opportunity!

Guests

Sandy Carielli

Principal Analyst at Forrester Research

https://www.forrester.com/

Sandy is a principal analyst at Forrester advising security and risk professionals on application security, with a particular emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery lifecycle, protection of applications in production environments, and remediation of hardware and software flaws.

Janet Worthington

Senior Analyst for Security at Forrester Research

Janet Worthington is a Senior Analyst for Security & Risk at Forrester. Janet covers product security, software supply chain, Open Source security, and DevSecOps. Janet’s background is in product management and application security.

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

2. Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters – ASW #290

Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more!

Announcements

We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Related

Vulnerability Management

Highlights from BlackHat/DefCon, Vulnerabilities, and Cyber Marketing Challenges – ESW #372

August 15, 2024

In this conversation, the hosts discuss patchless patching, vulnerabilities in the Windows TCP/IP stack, and the trustworthiness of Microsoft. They highlight the challenges of marketing in the cybersecurity industry and the importance of building trust with customers. The conversation also touches on the need for vendors to prioritize security and ...

Vulnerability Management

LPE FTW – PSW #839

August 14, 2024

This week: Option ROMS are a novel way to compromise a system at the lowest level, Sinkclose opens AMD processors up to attacks, at home in your firmware exploiting SMM complete with examples, Sonos speakers get hacked and enable attackers to listen in on your conversations, DEF CON badges use new chips and are not without controversy, lasers that...

Vulnerability Management

DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet… – SWN #406

August 13, 2024

DEFCON Hijinx, AMD, Ukraine, FreeBSD, OpenVPN, the Pwnie Awards, Josh Marpet, and more, on this Edition of the Security Weekly News.