Application Security WeeklySubscribe
DevOps, Threat modeling

Securing Modern Web Apps: Development Techniques are Changing – Tom Hudson – ASW #161

August 9, 2021

Sponsored By

sponsor Visit https://securityweekly.com/detectify for more information!

The use of web apps, SPAs, and APIs are growing steadily and traditional scanning methods don’t provide enough coverage. The appsec tools need to innovate and become smarter and more contextual in order to test modern apps and APIs at scale. Tom Hudson, Security Research Team Lead at Detectify, will give a peek into how Detectify is innovating to help solve these modern app and API developer challenges.

Segment Resources:

- Sign up for updates and be the first to know about Detectify API scanning open beta: https://www.detectify.com/api
- Blog post announcing Detectify’s plans to expand scanner to fuzz public-facing APIs: https://blog.detectify.com/2021/08/03/detectify-fuzzing-public-facing-apis/

This segment is sponsored by Detectify.

Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/asw for all the latest episodes!

Full Episode Show Notes

Securing Modern Web Apps: Development Techniques are Changing

Guests

Tom Hudson

Tom Hudson - Security Research Team Lead at Detectify

@tomnomnom

Tom Hudson started his career as a software engineer and got into security when a former employer invited him to the company bug bounty program. The experience landed him on the HackerOne scoreboard. Since then, Tom has become a prominent figure in the hacker community, known for his many hacking tools that he hosts on Github.

Hosts

John Kinsella

John Kinsella - Chief Architect at Accurics

@johnlkinsella

John Kinsella is the Chief Architect for Accurics
Mike Shema

Mike Shema - Product Security Lead at Square

@Codexatron

Mike Shema is the Product Security Lead of Square

Announcements

  • SC Media debuts its all-new SC digital experience, fully integrated with Security Weekly podcast content and more. The new site increases the scope and scale of original content resources from editorial staff, contributors, and the far-reaching CyberRisk Alliance network. Visit www.scmagazine.com to check out the new look!

  • Join us August 26th at 11am eastern to learn how to implement cloud security that actually works. If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Related

DevOps
How this work-from-home era transformed security awareness, tech development forever

By necessity, vendors are turning their attention not just to bolstering security in the short term and building reputations in the long term. With office technology, particularly with no secondary security in place at home, exposure can mean losing the trust of entire industries worried about regulations and consumer goodwill. Vendors are therefore left to address current threats, but also predict future ones – convincing customers that you've already considered what they don't know to worry about yet.

DevOps
Three ways ASOC improves the efficiency of DevSecOps

Application security orchestration and correlation (ASOC) tools streamline software security testing and remediation by integrating with a wide range of testing tools, orchestrating when and how tests are conducted, and correlating their findings. ASOC tools empower security teams to expedite the AppSec process without sacrificing quality.

prestitial ad