In this automatic episode of the Exploring Information Security podcast, Jimmy Byrd joins the show to discuss his DerbyCon talk, "Security automation in your continuous integration pipeline."

Jimmy (@jimmy_byrd) is the lead developer at Binary Defense. Recently, he was accepted to speak at DerbyCon. He will be speaking Saturday September 24, 2016, in the stable talk track. His topic is on integrating security into the automation part of the software development life cycle (SDLC).

Jimmy's DerbyCon talk is available here.

In this episode we discuss:

What is the SDLC?
What is continuous integration?
Why getting security automated in the SDLC is important
How to get security automated in the SDLC

More resources:

Jimmy Byrd's website
Binary Defense Systems
Slides for the talk
OWASP AppSec Pipeline (Project has been renamed to Glue)
OWASP Zed Attack Proxy
Talking AppSec to 11: Pipeline, DevOps, and making things better - Matt Tesauro - Appsec CA 2016
Design Approaches for Security Automation - Peleus Uhley - AppSec California 2016

[RSS Feed] [iTunes]

Originally posted on September 11, 2014.

In the seventh edition of the Exploring Information Security (EIS) podcast, I talk with Zed Attack Proxy (ZAP) creator and project lead Simon Bennetts.

Simon is the project lead for ZAP an OWASP Open Web Application Security Project. He has a developer background and originally built the tool to help developers build better applications. The tool was so good that it caught the eye of the security community and is now used by developers, people just getting into security and veteran pen testers. You can follow him on Twitter @psiinon and find out more on the tool by going to the project site on OWASP.

In this interview we cover:

What is ZAP and how did the project get started?
Who should utilize ZAP?
What skill level is need to start using ZAP?
Where should ZAP be used?
How you can get involved in the project.

[RSS Feed] [iTunes]