Application Security Weekly Subscribe

DevSecOps, Vulnerability Management, Application security

Findings From the 2021 AppSec Shift Left Progress Report – Manish Gupta – ASW #165

September 13, 2021

Data from the ShiftLeft customer report shows that companies that have rebuilt their core testing processes around faster and more accurate static analysis are able to release more secure code at scale, scan more frequently, fixes earlier in the software development life cycle, have less security debt, and maintain more security fixes overall.

Segment Resources:

http://shiftleft.io/resources/appsec-shift-left-progress-report-2021?utmsource=cyberriskalliance&utmmedium=podcast

This segment is sponsored by ShiftLeft.

Visit https://securityweekly.com/shiftleft to learn more about them!

Sponsored By

Full episode and show notes

Announcements

Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Related

Application security

Arg Parsing in Rust, End of Life Hardware, CSRB & MS, Chrome’s V8 Sandbox – ASW #281

April 15, 2024

A Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end of life hardware, CSRB recommends practices and processes for Microsoft, Chrome’s V8 Sandbox increases defense, and more!

Application security

Demystifying Security Engineering Career Tracks – Karan Dwivedi – ASW #281

April 15, 2024

There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security taking on engineering roles and creating solutions to problems that orgs face. We talk about the breadt...

Application security

OWASP Breach, Types of Prompt Injection, Device-Bound Sessions, ASVS & APIs – ASW #280

April 8, 2024

OWASP leaks resumes, defining different types of prompt injection, a secure design example in device-bound sessions, turning an ASVS requirement into practice, Ivanti has its 2000s-era Microsoft moment, HTTP/2 CONTINUATION flood, and more!