Application Security Weekly Subscribe

DevSecOps, Security Staff Acquisition & Development, Cloud Security

Bringing AppSec to a Modern CI Pipeline – Manish Gupta – ASW #152

May 24, 2021

Appsec in a modern CI pipeline needs a combination of tools, collaboration, and processes to be successful. Importantly, it also needs to scale. We can't just shift responsibility left and assume that will be successful. So, how can an appsec team bring tools and security knowledge to developers?

This segment is sponsored by ShiftLeft.

Visit https://securityweekly.com/shiftleft to learn more about them!

Sponsored By

Full episode and show notes

Announcements

We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Related

Application security

Arg Parsing in Rust, End of Life Hardware, CSRB & MS, Chrome’s V8 Sandbox – ASW #281

April 15, 2024

A Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end of life hardware, CSRB recommends practices and processes for Microsoft, Chrome’s V8 Sandbox increases defense, and more!

Application security

Demystifying Security Engineering Career Tracks – Karan Dwivedi – ASW #281

April 15, 2024

There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadt...

Application security

OWASP Breach, Types of Prompt Injection, Device-Bound Sessions, ASVS & APIs – ASW #280

April 8, 2024

OWASP leaks resumes, defining different types of prompt injection, a secure design example in device-bound sessions, turning an ASVS requirement into practice, Ivanti has its 2000s-era Microsoft moment, HTTP/2 CONTINUATION flood, and more!