What is application security?

December 6, 2015

In this tenacious edition of the Exploring Information Security podcast, I talk with Frank Catucci of Qualys as we answer the questions: "What is application security?"

Frank (@en0fmc) has a lot of experience with application security. His current role is the director for web application security and product management at Qualys. He's also the chapter leader for OWASP Columbia, SC. He lives and breathes application security.

In this episode we discuss:

What is applications security?
Why is application security important?
Where application security should be integrated
Resources for getting into application security

[RSS Feed] [iTunes]

My DerbyCon talk - The Blue Team Starter Kit

October 12, 2015

In this special episode of the Exploring Information Security (EIS) podcast, my Blue Team Starter Kit talk from DerbyCon.

I had the wonderful opportunity to speak at DerbyCon this year. The overall experience was amazing and I am thankful and honored to speak at such a great event. I was placed in the stables track with a 20-25 minute talk, which makes the recording perfect for this podcast. A huge shoutout and thanks to Adrian Crenshaw for all his work in recording talks for conferences. The information security community would be lesser without him.

In my talk I discuss several challenges and tools to meet those challenges, including:

Research - Google
Staying up on the latest news - Twitter
Application security - OWASP ZAP
Forensics - Mandiant Redline
Computer hardening - Microsoft EMET
Patch management - Admin Arsenal PDQ Deploy

[RSS Feed] [iTunes]

How to ZAP your websites

September 7, 2015

Originally posted on September 11, 2014.

In the seventh edition of the Exploring Information Security (EIS) podcast, I talk with Zed Attack Proxy (ZAP) creator and project lead Simon Bennetts.

Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.

In this interview we cover:

What is ZAP and how did the project get started?
Who should utilize ZAP?
What skill level is need to start using ZAP?
Where should ZAP be used?
How you can get involved in the project.

[RSS Feed] [iTunes]