The Application Security Podcast

Jeff Williams -- The Tech of Runtime Security


Listen Later

Jeff Willams of Contrast Security joins Chris and Robert on the Application Security Podcast to discuss runtime security, emphasizing the significance of Interactive Application Security Testing (IAST) in the modern DevOps landscape. After reflecting on the history of OWASP, the conversation turns to the challenges organizations face in managing their application security (AppSec) backlogs. Jeff highlights the alarming number of unresolved issues that often pile up, emphasizing the inefficiencies of traditional security tools.

Jeff champions IAST, and here are a few highlights that he shares. IAST is ideally suited for DevOps by seamlessly transforming regular test cases into security tests. IAST can provide instant feedback, leading to a Mean Time To Repair (MTTR) of just three days across numerous applications. Unlike Static Application Security Testing (SAST) or Dynamic Application Security Testing (DAST), which can take hours or even days, IAST can complete security testing during the build, fitting within the tight SLAs of modern pipelines.

IAST offers developers comprehensive insights, which aids in a better understanding and quicker resolution of the identified issues. It is also adaptable, as IAST can detect vulnerabilities before they are exploited. Jeff argues that IAST's ability to work with existing test cases and provide rapid feedback makes it a perfect fit for the fast-paced DevOps environment.

Jeff emphasizes that while runtime security can be a game-changer, it doesn't replace other essential aspects of AppSec programs, such as training. In conclusion, Jeff Williams champions IAST as a revolutionary tool in the application security domain. Its adaptability, efficiency, and depth of insights make it a must-have in the toolkit of modern developers and security professionals.


Links:

  • Jeff on LinkedIn: https://www.linkedin.com/in/planetlevel/
  • Java Observability Toolkit (JOT): https://github.com/planetlevel/jot
  • Identified by John Wilander: https://www.amazon.com/IDENTIFIED-hacker-thriller-headlines-newspapers/dp/B09NRF399J
  • Venture in Security article about circle stickers:  https://ventureinsecurity.net/p/solving-the-circle-sticker-problem

FOLLOW OUR SOCIAL MEDIA:

➜Twitter: @AppSecPodcast
➜LinkedIn: The Application Security Podcast
➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast

Thanks for Listening!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

...more
View all episodesView all episodes
Download on the App Store

The Application Security PodcastBy Chris Romeo and Robert Hurlbut

  • 5
  • 5
  • 5
  • 5
  • 5

5

36 ratings


More shows like The Application Security Podcast

View all
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

626 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

312 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,879 Listeners

The Blindboy Podcast by Blindboyboatclub

The Blindboy Podcast

1,764 Listeners

The Doctor's Kitchen Podcast by Dr Rupy Aujla

The Doctor's Kitchen Podcast

623 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners