CISOs want to enable the business. But sometimes we must stand our ground and explain our position with rationale. So, how do we convince other people to act without telling their baby is ugly? Join us, as we discuss having difficult conversations.
New TLDs are already old news, fuzzing eBPF validators, Microsoft sets to kill bug classes, draft RFC to track location trackers, a top ten list with directory traversal on it, conference videos from Real World Crypto and BSidesSF, and an attack tree generator from markdown.
The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model for modern appsec awareness? What if we put that attention and effort elsewhere? Maybe we could have secure defaults instead. Or lint...
What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? This segment answers these questions and more.
Book -- https://securitychaoseng.com
Blog -- https://kellyshortridge.com/blog/posts/
The use of AI to assist in software development introduces new risks into application security. Here's how to use AppSec testing tools and methods such as SAST, DAST and SCA to make sure your AI-generated code is clean.