Sign up to save your podcasts
Or
Share ASW #232 - Josh Grossman
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
ASW #232 - Josh Grossman
In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this "in the wild".
Segment Resources:
- Josh's personal website, https://joshcgrossman.com
- Josh's mastodon handle, https://infosec.exchange/@JoshCGrossman
- OWASP ASVS site, https://owasp.org/asvs
- More detailed talk about ASVS v4.0.3, https://www.youtube.com/watch?v=zqj4YuoAlcA
- The most recent, stable version of the standard (v4.0.3), https://github.com/OWASP/ASVS/tree/v4.0.3/4.0
- The "bleeding edge"/in-progress version, https://github.com/OWASP/ASVS/tree/master/5.0 Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw232
View all episodes
By Security Weekly Productions
4.9
1212 ratings
In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this "in the wild".
Segment Resources:
- Josh's personal website, https://joshcgrossman.com
- Josh's mastodon handle, https://infosec.exchange/@JoshCGrossman
- OWASP ASVS site, https://owasp.org/asvs
- More detailed talk about ASVS v4.0.3, https://www.youtube.com/watch?v=zqj4YuoAlcA
- The most recent, stable version of the standard (v4.0.3), https://github.com/OWASP/ASVS/tree/v4.0.3/4.0
- The "bleeding edge"/in-progress version, https://github.com/OWASP/ASVS/tree/master/5.0 Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom
Visit https://www.securityweekly.com/asw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/secweekly
Like us on Facebook: https://www.facebook.com/secweekly
Show Notes: https://securityweekly.com/asw232
More shows like Application Security Weekly (Audio)
View all
Security Now (Audio)
2,007 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
373 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
650 Listeners
CyberWire Daily
1,031 Listeners
The Application Security Podcast
36 Listeners
Business Security Weekly (Audio)
3 Listeners
Click Here
420 Listeners
Darknet Diaries
8,116 Listeners
Cybersecurity Today
176 Listeners
CISO Series Podcast
191 Listeners
Defense in Depth
74 Listeners
Cybersecurity Headlines
138 Listeners
Risky Bulletin
45 Listeners
Hacker And The Fed
168 Listeners