The OWASP Podcast Series
Activity Overview
Episode publication activity over the past year
Episodes
The Future of DevSecOps w/ Shannon Lietz and Chris Swan, Live From IP Expo London
09 Oct 2016
Contributed by Lukas
This is a live recording from 2016 IP Expo London, with Shannon Lietz (Intuit), Chris Swan (CSC) and host Mark Miller (Sonatype) discussing the future...
2016 Board Election Interviews - Part Four of Four - Members, Projects, Conferences, Chapters
19 Sep 2016
Contributed by Lukas
Today's podcast is the fourth in a series of four, talking with prospective 2016 board members. Today's question is, "What is more important to you as...
2016 Board Election Interviews - Part Three of Four - Most Important Issues
18 Sep 2016
Contributed by Lukas
Today's podcast is the third in a series of four, talking with prospective 2016 board members. Today's question is, "What is the single most important...
2016 Board Election Interviews - Part Two of Four - Vendor Neutrality
15 Sep 2016
Contributed by Lukas
Today's podcast is the second in a series of four, talking with prospective 2016 board members. Today's question is, "Do you consider vendor neutralit...
2016 OWASP Board Election Interviews - Part One of Four - Developer Participation
14 Sep 2016
Contributed by Lukas
Today's podcast is the first in a series of four, talking with prospective 2016 board members. Today's question is, "What kind of action plan do you ...
AppSec USA 2016 Pre-Conference Update
09 Sep 2016
Contributed by Lukas
From October 11 - 14, 2016, appsec professionals from around the world will gather in Washington DC to participate in one of this year's main OWASP ev...
Security as Part of Continuous Delivery with Sacha Labourey
18 Aug 2016
Contributed by Lukas
Continuing the theme of integrating security in DevOps processes, I spoke with Sacha Lebourey, CEO of Cloudbees, during a stop at CD Summit in London....
Unicorns on an Aircraft Carrier: DevOps Security at Scale with Sanjeev Sharma
21 Jul 2016
Contributed by Lukas
Sanjeev Sharma is a Distinguished Engineer at IBM. His main concern is how DevOps initiative scale in large enterprises. In this wide ranging discussi...
2016 State of the Software Supply Chain Report with Derek Weeks
11 Jul 2016
Contributed by Lukas
The "State of the Software Supply Chain Report" featured in today's show is an industry report produced by Sonatype. In the spirit of full disclosure,...
Security as Part of DevOps and Development with Jason Schmitt
06 Jul 2016
Contributed by Lukas
Jason Schmitt's passion is to assure security is built into the development process, not just as a bolt-on add-on. His experience in various aspects ...
2016 AppSecEU - Update On The ASVS Project with Andrew van der Stock
05 Jul 2016
Contributed by Lukas
The Application Security Verification Standard Project is a Flagship project at OWASP. It provides a basis for testing web application technical secu...
2016 AppSecEU - The University Challenge
01 Jul 2016
Contributed by Lukas
At 2016 AppSecEU in Rome, five teams showed up for the University Challeng. I talked with the organizers of the challenge about the history of the pro...
Jim Manico's 100th Episode, featuring Mark Miller, Executive Producer of OWASP 24/7
29 Jun 2016
Contributed by Lukas
In this episode, Jim Manico turns the tables on me for for his 100th podcast. He digs into my past, asks about my motivations for participating in OWA...
AppSec Europe 2016 - What To Expect
25 May 2016
Contributed by Lukas
What can you expect when you attend AppSec EU 2016 in Rome at the end of June? I talk with Bart de Win and Matteo Meucci, conference chair, to see who...
Communication Patterns in Open Source Component Supply Chains
15 Apr 2016
Contributed by Lukas
To understand more about communication patterns in open source supply chains, Dr. Gail Murphy and Dr. Marc Palyart undertook a study of 1,227 public ...
Active Deception as a Methodology for Cybersecurity w/ Lawrence Pingree from Gartner
21 Mar 2016
Contributed by Lukas
Lawrence Pingree and I were having a discussion in the press room at RSA Conference 2016. We talked about his work with Gartner, analyzing deception a...
DevOps, Security and Engineering at Slack
02 Mar 2016
Contributed by Lukas
Leigh Honeywell And Ari Rubenstein are Senior Staff Security Engineers at Slack. I saw Leigh on Wendy Nather's panel during RSA Conference 2016 and wa...
Security War Games with Sam Guckenheimer at Rugged DevOps RSAC 2016
29 Feb 2016
Contributed by Lukas
You just have to accept it. The hackers are going to get in. The question is, what are you going to do once they are in? In preparation for Sam Gucken...
Guns, Germs and Steel at RSAC 2016 with John Willis
26 Feb 2016
Contributed by Lukas
After John Willis' keynote session next week at Rugged DevOps during RSA Conference 2016, he says he's going to grab a front row seat because he's so ...
Equal Respect: Women in Technology with Chenxi Wang
25 Feb 2016
Contributed by Lukas
Chenxi Wang has had a diverse career in the technology industry, Before her current position as Chief Strategy Officer at Twistlock, she was Vice Pre...
DevOps: Politics, People and Process with Paula Thrasher
24 Feb 2016
Contributed by Lukas
I first met Paula Thrasher at DevOps Summit 2016 in San Francisco. Her message about people at the core of software supply chain processes resonated w...
OWASP Top 10 Proactive Controls Project with Jim Manico and Katy Anton
09 Feb 2016
Contributed by Lukas
The OWASP Top 10 Proactive Controls Project uses the OWASP Top 10 model as a way to encourage the community to participate in the building and mainten...
The OWASP WebGoat Project, version 7.0, with Bruce Mayhew
01 Feb 2016
Contributed by Lukas
The WebGoat Project started 10 years ago and has had over 1,000,000 downloads. Version 7.0 is being released this week. I caught with Bruce Mayhew, pr...
Johanna Curiel on the Growing Pains of OWASP and Management of Project Reviews
27 Jan 2016
Contributed by Lukas
Several months ago Johanna Curiel figured she'd had enough and was ready to take a break from OWASP. Recently, she came back and is working tirelessly...
2016 - What's in Store for the OWASP 24/7 Podcast Series
21 Jan 2016
Contributed by Lukas
As we move into 2016 and my second year as executive producer of OWASP 24/7, I want to give a quick overview of my objectives for the year and what yo...
OWASP Shark Tank - Could You Convince Someone to Invest in Your Project?
25 Nov 2015
Contributed by Lukas
Funding of projects. Allocation of personal time. What does it take to get a project funded with limited resources? The OWASP NYC/NJ chapters are tryi...
OWASP Application Security Verification Standard Project w/ Andrew van der Stock
01 Oct 2015
Contributed by Lukas
The OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls. The prim...
OWASP Benchmark Project w/ Dave Wichers
30 Sep 2015
Contributed by Lukas
There's been a lot of discussion around the OWASP Benchmark Project since it's latest release. Jeff Williams wrote an article and then received a resp...
OWASP Security Shepherd Project w/ Mark Denihan and Paul McCann
29 Sep 2015
Contributed by Lukas
The Security Shepherd Project is a mobile web application training platform for penetration testing. It covers the OWASP Top 10 risks from both the mo...
DevOps, Security and Development w/ Matt Tesauro, Shannon Lietz and Jez Humble
28 Sep 2015
Contributed by Lukas
When I was at AppSecUSA 2015 in San Francisco, I was standing in the hallway talking with Matt Tesauro, Shannon Lietz and Jez Humble. We decide that o...
OWASP Board Candidate Interview - Abbas Naderi, Michael Coates, Jonathan Carter
03 Sep 2015
Contributed by Lukas
Part of a three part series of interviews talking with OWASP board candidates for 2015. This segment includes candidates Abbas Naderi, Michael Coates ...
OWASP Board Candidate Interview - Bil Corry and Josh Sokol
03 Sep 2015
Contributed by Lukas
Part of a three part series of interviews talking with OWASP board candidates for 2015. This segment includes candidates Bil Corry and Josh Sokol.
OWASP Board Candidate Interview - Milton Smith, Tobias Gondrom, Tom Brennan
03 Sep 2015
Contributed by Lukas
Part of a three part series of interviews talking with OWASP board candidates for 2015. This segment includes candidates Milton Smith, Tobias Gondrom ...
OWASP Security Knowledge Framework Project w/ Glenn Ten Cate
27 Jul 2015
Contributed by Lukas
With over 20,000 downloads within it's first two months of release, the Security Knowledge Framework Projects seems to have hit a resonant chord with ...
OWASP Summer of Code Sprint 2015 with Fabio Cerullo
15 Jul 2015
Contributed by Lukas
With the OWASP Summer of Code Sprint 2015 in full swing, OWASP 24/7 caught up with project lead Fabio Cerrulo to see what the future of the project lo...
OWASP Project Funding Part 2 w/ Johanna Curiel and Claudia Casanovas
02 Jul 2015
Contributed by Lukas
In part two of our open discussion on project funding for OWASP projects, I talk with Johanna Curiel, Project Review Team Leader, and Claudia Casanov...
OWASP Project Funding w/ Josh Sokol, Dinis Cruz and Andrew van der Stock
29 Jun 2015
Contributed by Lukas
How do projects get funded at OWASP? Who should have access to those funds? What is the history of projects being funded at OWASP? In this wide rangin...
The OWASP Online Academy with John Patrick Lita and Jerry Hoff
25 Jun 2015
Contributed by Lukas
John Patrick Lita has been working on the OWASP Online Academy since February. He plans to release it to the community within the next month. In this ...
AppSec USA 2015 Overview with Ben Hagen and Michael Coates
24 Jun 2015
Contributed by Lukas
This year's AppSec USA Conference will be held in San Francisco, September 22 - 25. I spoke with Ben Hagen and Michael Coates, organizers of the event...
Paul Ritchie, Executive Director, Talks Present, Past and Future of OWASP
28 May 2015
Contributed by Lukas
Paul Richie has been executive director of OWASP since July of 2014. In our talk, I get Paul's perspective on the best ways for chapters to utilize O...
OWASP Offensive Web Testing Framework with Bharadwaj Machiraju and Abraham Aranguren
15 Apr 2015
Contributed by Lukas
In this segment, we talk with the co-coordinators of the OWASP OWTF Project. The aim of the project is to make security assessments as efficient as po...
Tobias Gondrom on the OWASP Strategic Goals for 2015
03 Apr 2015
Contributed by Lukas
In this segment of OWASP 24/7, I speak with Tobias Gondrom on the strategic goals for OWASP in 2015.
2015 AppSecEU Pre Conference Update
31 Mar 2015
Contributed by Lukas
In this broadcast, we talk with the organizing committee from AppSecEU 2015 to see what they've been working on and what you can expect when you go to...
OWASP Project Reviews with Johanna Curiel
25 Feb 2015
Contributed by Lukas
Johanna Curiel is the wizard behind the curtain that manages the evaluation of OWASP projects. In this wide ranging discussion, I talk with Johanna a...
2015 OWASP Project Summit in NYC with Tom Brennan
24 Feb 2015
Contributed by Lukas
I caught up with Tom Brennan, coordinator of the 2015 OWASP Project Summit in New York City to hear what he has in store for the 2 day event. http://...
Seba Deleersnyder Discusses SAMM (Software Assurance Maturity Model) Summit in Dublin, Ireland
19 Feb 2015
Contributed by Lukas
The first SAMM (Software Assurance Maturity Model) will be held in Dublin, Ireland on March 27 - 28, 2015. I spoke with Seba Deleersnyder, co-ordinato...
2015 AppSec California Post Mortem with Richard Greenberg and Neil Matatall
17 Feb 2015
Contributed by Lukas
What does it take to put on a successful conference? How much work is involved? In this segment, I sit down with Neil Matatall and Richard Greenberg, ...
John Melton and the OWASP AppSensor Project
13 Feb 2015
Contributed by Lukas
The OWASP AppSensor Project has just released version 2.0. In this broadcast we speak with John Melton, project code lead, on the latest features in t...
Moxie Marlinspike on Open Source Security for Mobile Devices
05 Jan 2015
Contributed by Lukas
Moxie Marlinspike is the founder of Open Whisper Systems which is both a large community of Open Source contributors, as well as a small team of dedic...
Dibbe Edwards - DevOps and Open Source at IBM
11 Dec 2014
Contributed by Lukas
At the IBM DevOps Symposium I watched as Dibbe Edwards enthralled the audience as she explained how IBM has instituted DevOps and Agile throughout the...
The WebGoat Project with Rick Lawson and Jason White
05 Nov 2014
Contributed by Lukas
The WebGoat Project has developed a free online tool used to test and uncover application flaws that might otherwise go unnoticed. In this episode of ...
Kevin E. Greene on OWASP and the SWAMP Project
17 Oct 2014
Contributed by Lukas
During a meeting at AppSec USA 2014 in Denver, the SWAMP team presented its case for working with OWASP to support a marketplace for security tools. I...
AppSec USA 2014, Denver - Damon Edwards, Matt Tesauro, Eoin Keary, Martin Knobloch
19 Sep 2014
Contributed by Lukas
I was able to get a quick update from Damon, Matt, Eoin and Martin this week at AppSec USA 2014 Denver. They each have a different perspective on what...
OWASP Board Candidate Interviews - Mateo Martinez
19 Sep 2014
Contributed by Lukas
With the OWASP board elections of 2014 upon us, we are doing a series of interviews so that you can come "face-to-face" with prospective board members...
OWASP Board Candidate Interviews - Jim Manico, Timur Khrotko
16 Sep 2014
Contributed by Lukas
With the OWASP board elections of 2014 upon us, we are doing a series of interviews so that you can come "face-to-face" with prospective board members...
OWASP Board Candidate Interviews - Andrew van der Stock, Nigel Phair, Abbas Naderi
16 Sep 2014
Contributed by Lukas
With the OWASP board elections of 2014 upon us, we are doing a series of interviews so that you can come "face-to-face" with prospective board members...
OWASP 2014 Board Candidate Interviews - Israel Bryski, Matt Konda, Bil Corry and Tahir Khan
16 Sep 2014
Contributed by Lukas
With the OWASP board elections of 2014 upon us, we are doing a series of interviews so that you can come “face-to-face” with prospective board mem...
Jonathan Carter - OWASP and Mobile Security
15 Aug 2014
Contributed by Lukas
On the day before Black Hat 2014 kicked off, I was able to sit with Jonathan Carter to talk about his work and the projects he participates on in OWA...
Sarah Baso - The Final Interview
29 Jul 2014
Contributed by Lukas
Sarah Baso is leaving OWASP at the end of the month. As executive director, she has been at the helm of the organization, helping to set up and run OW...
Wait! Wait! Don't pwn me! from AppSec Europe 2014
18 Jul 2014
Contributed by Lukas
It's become a regular thing at AppSec: test the experts on their knowledge of current software security news events. This session was recorded at AppS...
Eoin Keary on Women in Security and Growing an OWASP Chapter
14 Jul 2014
Contributed by Lukas
Eoin (pronounced Owen for you Yankees) Keary runs a software security practice in Ireland. In his "spare time", he is a global board member for OWASP....
Achim Hoffmann and the o-Saft Project for Scanning SSL Connections
01 Jul 2014
Contributed by Lukas
Achim Hoffman is a researcher who has created a tool for listing information about remote target's SSL certificate and testing the remote target again...
OWASP Top 10 Privacy Risks Project with Florian Stahl and Stefan Burgmair
29 Apr 2014
Contributed by Lukas
The OWASP Top 10 Privacy Risks Project aims to develop a top 10 list for privacy risks in web applications because currently there is no such catalog ...
The Run Up to a Massive Cyber Security Month with Tom Brennan
25 Apr 2014
Contributed by Lukas
In anticipation of Security Awareness Month in October, Tom Brennan is planning an event featuring a cross section of various cyber groups in New York...
Wolfgang Goerlich on a Real World Example of The Phoenix Project in Action
17 Apr 2014
Contributed by Lukas
At 2014 SOURCE Boston, Josh Corman told me that Wolfgang Goerlich had an interesting DevOps story to tell. I sat down and spoke with Wolfgang and was ...
Dwayne Melancon - What InfoSec Can Learn from Video Games
08 Apr 2014
Contributed by Lukas
Dwayne Melancon, CTO of Tripwire, has an interesting idea: turn your team into gamers, let them build their internal images and support that vision. T...
Melissa Elliot on the HeartBleed Bug at Yahoo
08 Apr 2014
Contributed by Lukas
The HeartBleed bug is running rampant on many major sites such as Chase and Yahoo while people are scrambling madly to find solutions. At the SOURCE B...
2014 AppSec APAC - Post Mortem (English)
01 Apr 2014
Contributed by Lukas
In March 2014, Rio Okada and his team in Japan organized the first AppSec APAC event in Japan. I called Rio to ask how the event went. Joining the co...
The OWASP Hacky Easter Challenge with Ivan Bütler
27 Mar 2014
Contributed by Lukas
Ivan Bütler and his team at the Hacking Lab have whipped up a fun challenge for the Easter season. The Hacky Easter Challenge is a white-hat hacking ...
The OWASP Top Ten Proactive Controls Project with Jim Bird
24 Mar 2014
Contributed by Lukas
The OWASP Top Ten Proactive Controls Project is spearheaded by Jim Bird and Jim Manico. According to Jim Bird, it is a list of security techniques tha...
The OWASP Cornucopia Project with Colin Watson
21 Mar 2014
Contributed by Lukas
For his most recent project at OWASP, Colin Watson has taken the concept of Microsoft's 'Elevation of Privilege' card game and transformed it as a pro...
The OWASP WebSpa Project with Yiannis Pavlosoglou and Jim Manico
03 Mar 2014
Contributed by Lukas
The OWASP WebSpa Project The OWASP WebSpa project is a tool implementing the novel idea of web knocking. The term web knocking stems from port knock...
2014 AppSec APAC - History and Overview (Japanese and English)
20 Feb 2014
Contributed by Lukas
I was able to have a wonderful conversation with Riotaro Okada and Robert Dracea this morning, talking about the upcoming AppSec APAC conference in To...
AppSec Europe 2014 - What To Expect with Host Adrian Winckles
19 Feb 2014
Contributed by Lukas
The planning for AppSec Europe 2014, Cambridge is in full swing. I caught up with conference manager Adrian Winckles to see how things are shaping up.
AppSec USA 2013 – Mark Arnold Talks about the Boston OWASP Chapter
18 Feb 2014
Contributed by Lukas
Mark Arnold helps run a very successful OWASP chapter in Boston. In this extended discussion, I talk with Mark about why the chapter is doing so well,...
OWASP Statement on the Security of the Internet 2014
31 Jan 2014
Contributed by Lukas
Not making a statement can be a statement in its own right." -- Tobias Gondrom Earlier this week, OWASP released a statement after an internal deba...
AppSec APAC 2014 with Tobias Gondrom – What To Expect
14 Jan 2014
Contributed by Lukas
The OWASP team in Japan are putting the finishing touches on the big AppSec APAC Conference that is being held in March 2014. I spoke with Tobias Gond...
AppSec USA 2013 - Larry Conklin and the Code Review Book Project
13 Jan 2014
Contributed by Lukas
"I am a developer and one of the things I hate are code reviews." -- Larry Conklin Larry Conklin is a developer and as a developer, he HATES code r...
AppSec USA 2013: Jim Manico - Life after OWASP Podcasting
07 Jan 2014
Contributed by Lukas
"For an organization to really mature around application security, they need to be building security into their software from day one." -- Jim Manico ...
AppSec USA 2013 - Abbas Naderi and the OWASP PHP Security Project
19 Dec 2013
Contributed by Lukas
"There are a lot of security flaws in websites like Facebook and WordPress applications. Most of those flaws are because the developers first create t...
AppSec USA 2013: Zed Attack Proxy Project with Simon Bennetts
13 Dec 2013
Contributed by Lukas
"You can't automate all tests. There are a lot of things you can't find automatically. You have to have somebody who knows what they are looking for."...
AppSec USA 2013 - Michael Coates on the AppSensor Project
10 Dec 2013
Contributed by Lukas
Michael Coates has a vision: smart applications that come to their own defense. "We need to get to that point where we realize that our apps are in...
AppSec USA 2013 - The OWASP Application Security CISO Guide with Marco Morana and Tobias Gondrom
02 Dec 2013
Contributed by Lukas
"The CISCO Guide provides guidance and visibility to CISOs on how to initiate an application security program, how to make the business case, how to m...
AppSec USA 2013 - The Purpose of OWASP, an Interview with Co-Founder Dennis Groves
26 Nov 2013
Contributed by Lukas
Many people in the OWASP community don't know Dennis Groves... and that's a surprise since he is one of the co-founders of the movement. I was able to...
AppSec USA 2013 - OWASP Panel on Using Components with Known Vulnerabilities
26 Nov 2013
Contributed by Lukas
Last week at AppSec USA in New York City (November 20, 2013), I moderated a panel with Jeff Williams and Ryan Berg talking about the latest addition t...
AppSec USA 2013 - Wait, Wait... Don't Pwn Me!
25 Nov 2013
Contributed by Lukas
On today's segment, we're going to take a different approach from our normal format. I was at the AppSec USA Conference in New York City last week and...
Tom Brennan - What to expect at AppSecUSA 2013
08 Nov 2013
Contributed by Lukas
In this segment, I talk with Tom Brennan, the organizer of AppSecUSA 2013 in New York City. The conversation centers around what's going on in New Yor...
Kelly Santalucia - Growing OWASP and the Outreach Programs
07 Nov 2013
Contributed by Lukas
In this segment of OWASP 24/7, I talk with Kelly Santalucia about what it takes to grow OWASP, how she's working with the outreach foundation, the out...
Kate Hartmann - The Future of Virtual Chapter Meetings
05 Nov 2013
Contributed by Lukas
Kate Hartmann is Operations Director of OWASP. She is responsible for creating and maintaining the platform for the OWASP organization Kate has a uniq...
Sarah Baso - What does it take to support 43,000 members in 100+ countries?
31 Oct 2013
Contributed by Lukas
Sarah Baso is the Executive Director of OWASP. Her day to day responsibilities include managing a membership of over 43,000 people in 100+ countries. ...
Samantha Groves - Getting the Most from OWASP Projects
30 Oct 2013
Contributed by Lukas
As the Projects Manager for all projects at OWASP (the Open Web Application Security Project), Samantha Groves has deep visibility into the 140 or so ...