Preview Mode Links will not work in preview mode

DevelopSec: Developing Security Awareness

Jul 31, 2017

James talks about the risk of USB thumb drives and their risk using the recent BCBS marketing campaign as an example. (http://www.fiercehealthcare.com/privacy-security/bcbs-alabama-re-evaluates-usb-marketing-campaign-amid-security-concerns).  

For more info go to https://www.developsec.com or follow us on twitter (


Jul 24, 2017

James talks about a recent vulnerability report regarding MySpace's Account Recovery system (https://www.wired.com/story/myspace-security-account-takeover/).  He talks about considerations around account recovery and the need to revisit this type of functionality on a regular basis.

For more info go to


Jul 7, 2017

In this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach that is similar to both dynamic and static analysis. Listen in to learn more about it.

The video version of this can be found at https://youtu.be/KHSlDletm9I

For more info go to


Jun 19, 2017

Are you thinking about client vs. server-side input validation?  Curious why each is important and when to use them?  James talks about the basic concepts and how to apply them to create more secure applications.

A video version of this podcast is now available at: https://youtu.be/irO1TOC6-i8

For more info go to


Jun 5, 2017

In this episode I sit down with Geurt van Wijk from IDdriven to discuss IAM and IDaaS. Geurt has many years of experience around Identity and shares some great insights into considerations when working with it. If you typically think of Identity as just a user with credentials and some typical roles, you will want to...