Sign up to save your podcasts
Or
Share Down the Rabbithole - Episode 3 - "QA and Security, Can we make it work?"
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Down the Rabbithole - Episode 3 - "QA and Security, Can we make it work?"
Synopsis
Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance. That conversation spilled over into an OWASP conversation, which lead Glenn, Rohit and I to sit down and record this conversation we had - as we appear to be of like mind. While it's not trivial to incorporate security testing into quality assurance, it's not impossible, and in fact, more practical than you may think.
In this segment we discuss what security testing in a QA team looks like, how it's potentially split up, and whether we can really and truly make it work. Glenn provides his practical perspective being an implementer of this methodology, while Rohit and I provide an across-the-industry discussion and commentary.
I think you'll find this podcast episode fascinating, especially if you're struggling with the QA/Security relationship.
Guests
- Rohit Sethi - VP Product Development at SD Elements (http://www.sdelements.com)
Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project. - Glenn Leifheit - Lead Information Security Consultant at FICO (http://www.fico.com)
Glenn Leifheit, CISSP, CSSLP is a Senior Security Architect at FICO. He has worked in developing, managing, architecting and securing large scale applications for over 15 years. His day is spent rolling out an Enterprise secure software development lifecycle and managing PCI requirements as well as secure software reviews. Glenn is active in the Technology community as the Co-Chair of (ISC)2 Application Security Advisory Board, President of TechMasters Twin Cities, as an active member of IASA (International Association of Software Architects) and OWASP (Open Web Application Security Project) as well as a regional speaker evangelizing secure software. Glenn's blog is located at www.glennleifheit.com.
Links
- No links for this podcast...
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
View all episodes
By Rafal (Wh1t3Rabbit) Los
4.3
9797 ratings
Synopsis
Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance. That conversation spilled over into an OWASP conversation, which lead Glenn, Rohit and I to sit down and record this conversation we had - as we appear to be of like mind. While it's not trivial to incorporate security testing into quality assurance, it's not impossible, and in fact, more practical than you may think.
In this segment we discuss what security testing in a QA team looks like, how it's potentially split up, and whether we can really and truly make it work. Glenn provides his practical perspective being an implementer of this methodology, while Rohit and I provide an across-the-industry discussion and commentary.
I think you'll find this podcast episode fascinating, especially if you're struggling with the QA/Security relationship.
Guests
- Rohit Sethi - VP Product Development at SD Elements (http://www.sdelements.com)
Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project. - Glenn Leifheit - Lead Information Security Consultant at FICO (http://www.fico.com)
Glenn Leifheit, CISSP, CSSLP is a Senior Security Architect at FICO. He has worked in developing, managing, architecting and securing large scale applications for over 15 years. His day is spent rolling out an Enterprise secure software development lifecycle and managing PCI requirements as well as secure software reviews. Glenn is active in the Technology community as the Co-Chair of (ISC)2 Application Security Advisory Board, President of TechMasters Twin Cities, as an active member of IASA (International Association of Software Architects) and OWASP (Open Web Application Security Project) as well as a regional speaker evangelizing secure software. Glenn's blog is located at www.glennleifheit.com.
Links
- No links for this podcast...
Have something to say? Let's hear it.
Support the show
>>> Please consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast
More shows like Down the Security Rabbithole Podcast (DtSR)
View all
Hacked
190 Listeners
Security Now (Audio)
2,011 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
373 Listeners
Risky Business
374 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
655 Listeners
CyberWire Daily
1,023 Listeners
Smashing Security
318 Listeners
Click Here
418 Listeners
Darknet Diaries
8,041 Listeners
Cybersecurity Today
181 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
189 Listeners
Defense in Depth
74 Listeners
Cyber Security Headlines
138 Listeners
Risky Bulletin
44 Listeners