Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Blog Pricing
Podcast Image

DevelopSec: Developing Security Awareness

Technology News Education

Activity Overview

Episode publication activity over the past year

Episodes

Showing 1-100 of 133
Page 1 of 2 Next → »»

When Security Recommendations Miss The Point

30 Jan 2026

Contributed by Lukas

Ever read a security advisory that told you to “use a VPN” to protect a Bluetooth device? In this episode we talk about how bad or inaccurate rec...

Ep. 128: OWASP Top 10 2025

21 Jan 2026

Contributed by Lukas

In this episode James gives an overview of the new OWASP Top 10 2025. He shares some insights into the history, changes, and additional thoughts on th...

Ep. 127: Importance of Terminology

14 Jan 2026

Contributed by Lukas

In this episode, James talks about the difference between end-to-end encryption and the standard encryption in transit most web applications implement...

Ep. 126: Avoiding Panic and Misunderstandings with Proper Authentication Failure Reporting

06 Jan 2026

Contributed by Lukas

Have you ever felt that feeling of thinking your account has been compromised? It can be a scary feeling. But what about when it didn't really h...

Ep. 125: From Flat Tires to AppSec: The Power of Tools and Process

31 Dec 2025

Contributed by Lukas

In this episode, James shares a story about fixing a flat tire on an E-Scooter and how it relates to security. He shows how the combination of tools, ...

Ep. 124: Double-ClickJacking

24 Feb 2025

Contributed by Lukas

In this episode, I go over what Double-ClickJacking is and what you can potentially do about it to reduce the risk to your applications. Will this be...

Ep. 123: Goals of Security Culture - Sort of?

18 Feb 2025

Contributed by Lukas

In this episode, I talk about how security is a part of everyone's role and the labeling of "Security Culture". I share some ideas on h...

Ep. 122: Integrating Security Responsibilities into Development

10 Feb 2025

Contributed by Lukas

In this episode I talk about assigning responsibility for secure development and how the dev and security teams should be working together to accompli...

Ep. 121 - Evolving Ransomware: Unique Tactics for Payment

07 May 2024

Contributed by Lukas

In this episode I talk about the evolving world of ransomware. I discuss a few examples of unique tactics the malicious actors are using to put pressu...

Ep. 120: Addressing Root Cause - Vulnerable Components

31 Jan 2023

Contributed by Lukas

In this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated...

Ep. 119: Risks of SpellCheck

19 Jan 2023

Contributed by Lukas

In this episode we talk about the spell check feature of the browser and how it could present a risk to sensitive data.   Link to article reference...

Ep. 118: Log4J Sparking Thought on Vulnerable Components

19 Dec 2021

Contributed by Lukas

Log4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, ...

Ep. 117: How Browsers are Helping with Security

09 Feb 2020

Contributed by Lukas

Chrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is...

Ep. 116: Chrome Retires XSS Auditor

15 Nov 2019

Contributed by Lukas

It was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a deve...

Ep. 115: Is CSRF Really Dead?

06 Nov 2019

Contributed by Lukas

In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead?For more info...

Ep. 114: Investing in People for Better Application Security

29 Oct 2019

Contributed by Lukas

In this episode, James talks about investing in the development teams to increase application security priorities.For more info go to https://www.deve...

Ep. 113: What is your mother's maiden name?

28 May 2019

Contributed by Lukas

In this episode, James talks about some of the risks and recommendations around security questions and their implementation. For more info go to http...

Ep. 112: Application Fingerprinting

22 Jan 2019

Contributed by Lukas

Does your application give away details about it server, framework, or other components?  How is this information used by an attacker? Check out this...

Ep. 111: Authentication Alerts

14 Jan 2019

Contributed by Lukas

Would you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credential stuffing, there must be a w...

Ep. 110: Implementation Matters

07 Jan 2019

Contributed by Lukas

James discusses how implementation matters with security controls and how it changes priorities. This came about after reading the following story:  ...

Ep. 109: 2018 Reflection

02 Jan 2019

Contributed by Lukas

I talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previous year and goals. I also tal...

Ep. 108: Dunkin Donuts Breach, Maybe??

12 Dec 2018

Contributed by Lukas

In this episode James talk about the Dunkin Donuts Perks breach. This is an interesting situation as the accounts were access using the victim's ...

Ep. 107: Credential Stuffing

09 Nov 2018

Contributed by Lukas

In this episode James talks about what credential stuffing is, how if affects your apps, and how you can look to defend against it.  For more info g...

Ep. 106: Facebook Breach Take-aways and Insights

04 Oct 2018

Contributed by Lukas

James talks about the Facebook breach and shares some insights into how you can take steps to prevent this type of incident in your applications.  F...

Ep. 105: Interview with Eric Johnson

20 Sep 2018

Contributed by Lukas

I sit down with Eric Johnson to talk about security in the IDE and other fun topics. A bit longer than usual, but full of great information. You can ...

Ep. 104: Securing Devops with Julien Vehent

30 Aug 2018

Contributed by Lukas

James sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world. Julien (@jvehent) i...

Ep. 103: Is 3rd Party Authentication Right For Your Application?

16 Aug 2018

Contributed by Lukas

 The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd party to a...

Ep. 102: Intro to Web Security Policies

26 Jun 2018

Contributed by Lukas

In this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure ...

Ep. 101: You're not always right and that is ok

18 Jun 2018

Contributed by Lukas

In this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn...

Ep. 100: Choosing Security Tools

07 Jun 2018

Contributed by Lukas

In this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify se...

Ep. 99: Shifting Left in the SDLC

30 May 2018

Contributed by Lukas

In this episode, James talks about what it means to shift left in the SDLC.  For more info go to https://www.developsec.com or follow us on twitter ...

Ep. 98: Efail and News Hype

15 May 2018

Contributed by Lukas

In this episode we talk about efail and the HYPE around security news.    For more info go to https://www.developsec.com or follow us on twitter (...

EP. 97: Gmail / Netflix Potential Scam

23 Apr 2018

Contributed by Lukas

** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. For schedules and informa...

Ep. 96: Security Flaws as Defects

16 Apr 2018

Contributed by Lukas

In this episode we talk about treating security flaws as defects and embedded vs. built-in security. Do you treat security flaws differently? What bar...

Ep. 95: MyFitnessPal Breach Take-Aways

09 Apr 2018

Contributed by Lukas

In this episode we talk about the MyFitnessPal breach and some of the key points that we as developers, security, and users can take away from it.  ...

Ep. 94: Penetration Testing

02 Apr 2018

Contributed by Lukas

In this episode we talk about penetration testing and what you need to know to get the most out of the activity. Tune in to hear some of our thoughts ...

Ep. 93: Code Review

09 Mar 2018

Contributed by Lukas

In this episode we talk about secure code review with a mention of static analysis. Do you know the difference? What is the issue of doing one over th...

Ep. 92: 2-Factor Authentication

06 Mar 2018

Contributed by Lukas

In this episode James talks about 2-factor authentication, why we use it, and maybe why we don't. Is your 2-factor implementation getting in your...

DevelopSec Podcast #91 - OWASP Top 10 2017 Thoughts

09 Feb 2018

Contributed by Lukas

The new OWASP Top 10 2017 is out. We look at some of the changes and how you can effectively use the list to better your security program. We are als...

Ep. 90: 5 Steps to Help Secure Your Database

16 Jan 2018

Contributed by Lukas

 James sits down with Perry Krug, from Couchbase to discuss some important steps to take to secure your database.   Perry Krug - https://twitter.c...

Ep. 89: New Year's Resolutions

04 Jan 2018

Contributed by Lukas

 Welcome to 2018! Another year down and time for many of us to start making promises to ourselves of things we will start doing in this new year. In ...

Ep. 88: Meteor Security with Tim Medin

11 Dec 2017

Contributed by Lukas

In this episode, James talks with Tim Medin regarding Meteor and security. If you develop with Meteor or have to test it, there is a lot of informatio...

Ep. 87: Apple Sign-in Bug Take-Aways

01 Dec 2017

Contributed by Lukas

You have heard about the Apple Sign-in Bug on High Sierra. Now lets talk about how we can use this example to better our current development processes...

Ep. 86: Vulnerable 3rd Party Components

23 Nov 2017

Contributed by Lukas

In this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not.Links: OWASP Dependancy Chec...

Ep. 85: Open Redirect Revisited

17 Nov 2017

Contributed by Lukas

In this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this information can be used in you...

Ep. 84: Understanding the Technology

31 Oct 2017

Contributed by Lukas

You know your development language and platform, but do you really know the ins and outs of web application technology? How well do you know HTTP, HTM...

Ep. 83: Authorization Overview

18 Oct 2017

Contributed by Lukas

In this episode, James talks about authorization and some common areas where it poses a risk. He also goes over some techniques to help test authoriza...

Ep. 82: Equifax Take-aways

29 Sep 2017

Contributed by Lukas

The Equifax breach was a major news story. James talks about some of the security controls mentioned and how to start a conversation within your organ...

Ep. 81: JavaScript in HREF and SRC (XSS)

18 Sep 2017

Contributed by Lukas

We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags.  James talks about this uniq...

Ep. 80: Understanding Security of Your Platforms

23 Aug 2017

Contributed by Lukas

We use a lot of platforms and frameworks when we develop an application. These platforms may provide security features, but do you know which ones? Ja...

Ep. 79: Marketing with USB Drives

31 Jul 2017

Contributed by Lukas

James talks about the risk of USB thumb drives and their risk using the recent BCBS marketing campaign as an example. (http://www.fiercehealthcare.com...

Ep. 78: MySpace Lessons - Looking At Account Recovery

24 Jul 2017

Contributed by Lukas

James talks about a recent vulnerability report regarding MySpace's Account Recovery system (https://www.wired.com/story/myspace-security-account...

Ep. 77: Interactive Application Security Testing

07 Jul 2017

Contributed by Lukas

In this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach that is similar to both dynamic ...

Ep. 76: Validation - Client vs. Server

19 Jun 2017

Contributed by Lukas

Are you thinking about client vs. server-side input validation?  Curious why each is important and when to use them?  James talks about the basic co...

Ep. 75: IAM with Geurt van Wijk

05 Jun 2017

Contributed by Lukas

In this episode I sit down with Geurt van Wijk from IDdriven to discuss IAM and IDaaS. Geurt has many years of experience around Identity and shares s...

Ep. 74: Audio Driver Key Logger Lessons Learned

24 May 2017

Contributed by Lukas

It was recently reported that an audio driver on HP systems was logging key strokes to a local file.  Accidental?  Malicious?  Instead, we talk abo...

Ep. 73: Identity with Vittorio Bertocci

17 May 2017

Contributed by Lukas

I sat down with Vittorio Bertocci from Microsoft at the Microsoft Build 2017 conference in Seattle Washington.  Vittorio shared some great insights i...

Ep. 72: Where to Perform Output Encoding

11 May 2017

Contributed by Lukas

Over the years I have had many people ask about encoding before storing data in the database.  Here are my thoughts and recommendations.For more info...

Ep. 71: Sub Resource Integrity

17 Apr 2017

Contributed by Lukas

Do you use hosted content on a CDN? How do you know the file hasn't been modified?  James describes Sub Resource Integrity and how it is used to...

Ep. 70: Considering security when selecting an application platform

27 Mar 2017

Contributed by Lukas

Do you struggle with trying to pick the most secure application platform? Are you focusing on the right questions? James talks about ways to look at a...

Ep. 69: Concurrent User Sessions

10 Mar 2017

Contributed by Lukas

Do you allow users to login into their accounts across multiple browsers or devices? Does this raise a security concern? James talks about how to hand...

Ep. 68: How the AWS disruption can help us

03 Mar 2017

Contributed by Lukas

I am sure you have heard about the AWS service disruption that occurred.  Have you seen how we can learn from this when we look at our own tools and ...

Ep. 67: Clearing up HTTPOnly and Secure Cookie Attributes

24 Feb 2017

Contributed by Lukas

I hear a lot of people struggling with HTTPOnly and Secure attributes on cookies. The names may be confusing to some. Change your viewpoint and it may...

Ep. 66: Forgot Username

22 Feb 2017

Contributed by Lukas

We always talk about Forgot Password... But what about Forgot Username? Listen in as James discusses why protecting this functionality is important an...

Ep. 65: Security Questions: Good or Bad?

15 Feb 2017

Contributed by Lukas

In this episode, James talks about security questions, or secret questions. We see them used in many different places. People complain they are horrib...

Ep. 64: Using Stolen Passwords to Protect User Accounts

23 Jan 2017

Contributed by Lukas

A few months ago, it was announced that some companies buy stolen passwords off of the black market to help protect their users.  This is done by det...

Ep. 63: Remember Me Feature: Security Considerations

17 Jan 2017

Contributed by Lukas

Are you, or have you, implemented a remember me feature for your application?  What do you remember, username, password, or both?  James talks about...

Ep. 62: MongoDB Ransomware Attacks

10 Jan 2017

Contributed by Lukas

Do you use MongoDB?  If so, is it exposed to the internet?  Recent news (listed below) had shown that a large number of MongoDB instances are being ...

Ep. 61: Multi-factor Authentication

05 Jan 2017

Contributed by Lukas

Implementing multi-factor authentication isn't just about a second factor.  There are many considerations that need to be included.  One in par...

Ep. 60: Yahoo Breach Takeaways

15 Dec 2016

Contributed by Lukas

Yahoo has announced yet another breach from back in 2013 affecting a very large number of user accounts. https://investor.yahoo.net/ReleaseDetail.cfm?...

Ep. 59: All About Cookie Protection

14 Dec 2016

Contributed by Lukas

It is the holiday season.  It is appropriate to talk about cookies.  Not the kind that you bake, but the ones in your applications.  James talks ab...

Ep. 58: "Untrusted" Data

16 Nov 2016

Contributed by Lukas

Have you heard someone mention "untrusted" data?  Applications take data from multiple data sources and we are often confused on what shoul...

Ep. 57: Source Code Review

04 Nov 2016

Contributed by Lukas

Are you an organization looking to do source code review?  Are you trying to hire a pen tester with source code review as a duty?  James talks about...

Ep. 56: Security Contacts

26 Oct 2016

Contributed by Lukas

Do you have a clear path for users to contact you about potential security issues in your application or device?  Is there a potential for the commun...

Ep. 55: Scoping an application security assessment (Applications)

28 Sep 2016

Contributed by Lukas

Having a penetration test performed against your applications?  Do you have mobile and web applications performing the same functionality?  James ta...

Ep. 54: WAFs and Pen Testing

21 Sep 2016

Contributed by Lukas

Your pen tester want you to white list them in your WAF?  What should you do?  Why do they ask?  James breaks it down for you in this episode.For m...

Ep. 53: Chrome Changing Secure Notifications

15 Sep 2016

Contributed by Lukas

We talk HTTP/HTTPS all the time.  Google just announced that in January they are going to change how they display their secure/not secure indicators ...

Login Forms and HTTPS

07 Sep 2016

Contributed by Lukas

Are your login forms secure?  Are you sure?  In this episode James talks about potential risks with presenting your login forms when using HTTPS and...

Ep. 52: Importance of UI to Security

05 Sep 2016

Contributed by Lukas

The user interface plays a big part in the security of an application.  We often only look at flaws such as XSS, but here James provides an example o...

Ep. 51: Everything is a target

29 Aug 2016

Contributed by Lukas

James discusses how all applications, big or small, are a potential target and need to have secure coding practices.  We often only look at our big a...

Ep. 50: How Serious is Username Enumeration

28 Jul 2016

Contributed by Lukas

In this episode, James talks about what Username Enumeration is, how it can be used by attackers, and some ways to help reduce the risk of it.  For ...

Ep. 49: Should Password Change Invalidate Access Tokens?

25 Jul 2016

Contributed by Lukas

Interesting question was raised around changing a password and the need to invalidate all the access tokens for the associated mobile devices.  James...

Ep. 48: Pokemon Go Security Discussions

18 Jul 2016

Contributed by Lukas

Pokemon Go has taken the world by storm and as always, it brings up some things to talk about regarding security.  In this episode James talks about ...

Ep. 47: Account Lockouts and auto-unlock

17 Jun 2016

Contributed by Lukas

A question came in regarding auto-unlock of accounts and account lockout in general.  James discusses his thoughts on this process and how he approac...

Ep. 46: Password Confirm Boxes

10 Jun 2016

Contributed by Lukas

A question came in around the need for the password confirm box on registration screens and the security implications.  In this episode I respond to ...

Ep. 45: The importance of WHY

03 Jun 2016

Contributed by Lukas

We are too quick to just give generic recommendations for resolving security vulnerabilities.  We need to make sure that the application teams unders...

Ep. 44: "We don't support Macs"

27 May 2016

Contributed by Lukas

When a developer was presented with a but they tried to say that it wasn't an issue because it was found by a tester using a Mac.  "We don&...

Ep. 43: Reflecting on Current AppSec Training

21 May 2016

Contributed by Lukas

James reflects on the current way we expect application teams to get security training and potential short falls.  Is there a better way?  Listen as...

Ep. 42: The Need for Better Secure Code Examples

24 Apr 2016

Contributed by Lukas

How do you get your secure coding information?  Do you pull code snippets from the internet?  Who doesn't.  How many of those actually use sec...

Ep. 41: Why You Need an Application Inventory

19 Apr 2016

Contributed by Lukas

Do you use an application inventory in your application security program?  James discusses what an application inventory is and why it is important. ...

Ep. 40: Getting More Value from Pen Tests

08 Mar 2016

Contributed by Lukas

Penetration tests provide a measuring stick for security, but are you missing out on additional value?  James discusses ways to use the pen test resu...

Ep. 39: Authentication

29 Feb 2016

Contributed by Lukas

James discusses what authentication is and some things to look out for.   For more info go to https://www.developsec.com or follow us on twitter (@...

Ep. 38: Static Analysis: Tips for Successful Program

07 Feb 2016

Contributed by Lukas

In this episode, James Jardine talks about some of the things you need to consider when trying to implement a static analysis program. It is more than...

Ep. 37: CSRF Chaining

26 Jan 2016

Contributed by Lukas

James Jardine discusses CSRF chaining, using the combination of multiple CSRF requests to perform a task. Typically we believe that CSRF can only be d...

Ep. 36: Intro to Cross Site Request Forgery (CSRF)

07 Jan 2016

Contributed by Lukas

In this episode, James talks about what CSRF is, why it is a risk, and different ways to protect against it.  CSRF is #8 on the OWASP Top 10 https://...

Ep. 35: An Introduction to Open Redirects

15 Dec 2015

Contributed by Lukas

James discusses Open Redirects, or on the OWASP Top 10 what is referred to as Unvalidated Redirects and Forwards (https://www.owasp.org/index.php/Top_...

Ep. 34: Importance of Hacking

11 Dec 2015

Contributed by Lukas

James discusses Hacking, what is it, why is it important.  It is more than what you see in the media of the bad guys hacking computers.  It is a cur...

Ep. 33: Holiday Gift Security Considerations

24 Nov 2015

Contributed by Lukas

James discussing some things to consider this holiday season when searching for that perfect gift.  It is important to understand the privacy policy ...

Ep. 32: Dynamic Analysis: An Overview

21 Nov 2015

Contributed by Lukas

James Jardine provides an overview of Dynamic Analysis and why it is important.  Like any automation, there are pros and cons.   Listen to find out ...

Ep. 31: Response Splitting and Header Injection

09 Nov 2015

Contributed by Lukas

Join James Jardine as he discusses what Response Splitting/Header Injection is and how it works.  He also discusses how ASP.Net helps defend against ...
Page 1 of 2 Next → »»