Container security, DevOps, Application Isolation, Bug bounties, Security Research

ASW #154

June 14, 2021



We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way.
Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity level.
A the end we will cover how you can engage with the SAMM community and provide an overview of what happened at our latest SAMM User Day which happened on May 27th.

Segment Resources:
https://owaspsamm.org/
https://github.com/OWASPsamm
https://app.slack.com/client/T04T40NHX/C0VF1EJGH
https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g
https://twitter.com/OwaspSAMM
https://www.linkedin.com/company/18910344/admin/ Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

OWASP SAMM – Software Assurance Maturity Model

Guests

Sebastian Deleersnyder

Sebastian Deleersnyder – CTO at Toreon

@Sebadele

Seba is co-founder, CTO of Toreon and a proponent of application security as a holistic endeavor. He started the Belgian OWASP chapter, was a member of the OWASP Foundation Board and performed several public presentations on Application Security. Seba also co-organized the yearly security & hacker BruCON conference and trainings in Belgium.

With a background in development and many years of experience in security, he has trained countless developers to create software more securely. He has led OWASP projects such as OWASP SAMM, thereby truly making the world a little bit safer. Now he is adapting application security models to the evolving field of DevOps and is also focused on bringing Threat Modeling to a wider audience.

Hosts

John Kinsella

John Kinsella – Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Product Security Lead at Square

@Codexatron

Mike Shema is the Product Security Lead of Square

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Join us June 24 at 11 AM ET to learn how web application firewalls can help mitigate exposure in a complex threat landscape. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand



This week in the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more! Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics

Hosts

John Kinsella

John Kinsella – Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics

Mike Shema

Mike Shema – Product Security Lead at Square

@Codexatron

Mike Shema is the Product Security Lead of Square

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!

prestitial ad