ASW #232 - Josh Grossman
Application Security Weekly (Audio) - A podcast by Security Weekly Productions - Tuesdays
Categories:
In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is starting to be used within the security industry. We will also discuss some of the practicalities and pitfalls of trying to get development teams to include security activities and considerations in their day-to-day work and examples of how Josh has seen this “in the wild”. Segment Resources: Josh's personal website, https://joshcgrossman.com Josh's mastodon handle, https://infosec.exchange/@JoshCGrossman OWASP ASVS site, https://owasp.org/asvs More detailed talk about ASVS v4.0.3, https://www.youtube.com/watch?v=zqj4YuoAlcA The most recent, stable version of the standard (v4.0.3), https://github.com/OWASP/ASVS/tree/v4.0.3/4.0 The “bleeding edge”/in-progress version, https://github.com/OWASP/ASVS/tree/master/5.0 Loom provides transparency on mishandling cookies, GitHub moves to require 2FA, TPM reference implementation includes a buffer overflow, Dropbox shares their security engineer ladder, multiple flaws in a smart intercom Visit https://www.securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/asw232