Shows
Becoming WilkinsonThe adventures of James Jardine. From Banker to Online Content Creator!In this engaging conversation, James Jardine shares his transformative journey from a corporate banking career in Southern California to embarking on adventurous road trips and working on a fishing boat in Alaska. He discusses the challenges and experiences he faced at sea, including a harrowing incident involving a capsizing boat. The conversation also touches on personal growth, the importance of saying yes to new opportunities, and the exciting new venture of creating content together on platforms like OnlyFans. As they reflect on their past adventures and future plans, both James and Wilkinson emphasize the value of living life to...2024-11-1739 min
DevelopSec: Developing Security AwarenessEp. 120: Addressing Root Cause - Vulnerable ComponentsIn this episode we talk about addressing the root cause of an issue versus the symptoms. How can the process of keeping application components updated be improved? For more info go to https://www.developsec.com or follow us on twitter (@developsec). DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Transcript:In this episode, James talks about root cause analysis versus treating the symptoms. Tacklin...2023-01-3116 min
DevelopSec: Developing Security AwarenessEp. 118: Log4J Sparking Thought on Vulnerable ComponentsLog4J has been the talk of the town recently and everyone is focused on the technical details of the specific vulnerabilities found. In this episode, James talks about the overarching ideas around dealing with vulnerable components. Are you vulnerable? If so, what needs to be done?For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to s...2021-12-1924 min
Legaltech Tapas10. Clarilis - James Quinn InterviewEpisode summary: A short summary of Clarilis a new breed of doc automation tool, as well as an interview with James Quinn, Clarilis CEO.Episode transcript (What does Clarilis do?)This week we are talking about one of the first disruptive technologies ever introduced to lawyers, document automation, one that many lawyers are now very familiar with, but still not all have adopted. For that, we will be learning about Clarilis and how they are approaching doc automation in their own way, as well as speaking with James Quinn, Clarilis CEO to get his...2020-09-1822 min
The Lost KingsThe big lie that changed my path 🗣️🚶🏾♀️The funniest segment in the first episode includes the culmination scripture. James: 1:12 📓
---
Send in a voice message: https://podcasters.spotify.com/pod/show/david-jardine/message
Support this podcast: https://podcasters.spotify.com/pod/show/david-jardine/support2020-04-0535 min
DevelopSec: Developing Security AwarenessEp. 117: How Browsers are Helping with SecurityChrome has announced a few changes that we need to watch out for in the near future. We previously talked about the default value for samesite that is coming up fast. I wrote about this here: https://www.jardinesoftware.net/2019/10/28/samesite-by-default-in-2020/Also, they are getting ready to start blocking mixed content downloads: https://blog.chromium.org/2020/02/protecting-users-from-insecure.html For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. Deve...2020-02-0913 min
The InfoSec Career PodcastInterview with James JardineIf you are a developer and are wondering if there is a place for you in security, check out this episode. James Jardine, of Jardine Software, joins us to talk about what interested him in security and how he carved out his place in the field. I’ve known James for a long time and he’s got a lot of great experiences to share. As always, please subscribe and share with others!2020-02-0700 min
DevelopSec: Developing Security AwarenessEp. 116: Chrome Retires XSS AuditorIt was recently announced that Chrome was dropping the XSS Auditor in Chrome 78. What does that mean and how does that change things for you as a developer? https://www.chromium.org/developers/design-documents/xss-auditorFor more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.Send us a te...2019-11-1514 min
DevelopSec: Developing Security AwarenessEp. 115: Is CSRF Really Dead?In 2020, Chrome will default the SameSite attribute to Lax on all cookies. SameSite helps mitigate CSRF, but does that mean CSRF is Dead?For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https://www.developsec.com or follow u...2019-11-0615 min
DevelopSec: Developing Security AwarenessEp. 114: Investing in People for Better Application SecurityIn this episode, James talks about investing in the development teams to increase application security priorities.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The D...2019-10-2924 min
DevelopSec: Developing Security AwarenessEp. 113: What is your mother's maiden name?In this episode, James talks about some of the risks and recommendations around security questions and their implementation. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https://www.developsec.com or follow us on X (@de...2019-05-2821 min
DevelopSec: Developing Security AwarenessEp. 112: Application FingerprintingDoes your application give away details about it server, framework, or other components? How is this information used by an attacker? Check out this episode to learn more.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to...2019-01-2221 min
DevelopSec: Developing Security AwarenessEp. 111: Authentication AlertsWould you know if someone authenticated to your account? With the breaches we see in the news, and attacks like credential stuffing, there must be a way to be alerted to account access. James talks about authentication alerts, what they are, and why you may want to use them.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. C...2019-01-1416 min
DevelopSec: Developing Security AwarenessEp. 110: Implementation MattersJames discusses how implementation matters with security controls and how it changes priorities. This came about after reading the following story: https://www.theverge.com/2018/12/31/18162541/vein-authentication-wax-hand-hack-starbugFor more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more inf...2019-01-0719 min
DevelopSec: Developing Security AwarenessEp. 109: 2018 ReflectionI talk about some of what happened in 2018 and what I am looking to do in 2019. I also ask you to think about your previous year and goals. I also talk about some new training I am providing. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help....2019-01-0227 min
DevelopSec: Developing Security AwarenessEp. 108: Dunkin Donuts Breach, Maybe??In this episode James talk about the Dunkin Donuts Perks breach. This is an interesting situation as the accounts were access using the victim's username and password found from another data breach. The issue: Password Reuse. Could D&D have prevented this? Listen in to hear my thoughts. Please feel free to share your thoughts as well.Article from Today: https://www.today.com/food/dunkin-reveals-security-breach-here-s-what-it-may-mean-t144139Dunkin Donuts Release: https://www.dunkindonuts.com/content/dam/dd/pdf/Security_Update.pdfFor more info go to https://www.developsec.com or follow us on tw...2018-12-1218 min
DevelopSec: Developing Security AwarenessEp. 107: Credential StuffingIn this episode James talks about what credential stuffing is, how if affects your apps, and how you can look to defend against it. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https://www.de...2018-11-0918 min
DevelopSec: Developing Security AwarenessEp. 106: Facebook Breach Take-aways and InsightsJames talks about the Facebook breach and shares some insights into how you can take steps to prevent this type of incident in your applications. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https...2018-10-0431 min
DevelopSec: Developing Security AwarenessEp. 105: Interview with Eric JohnsonI sit down with Eric Johnson to talk about security in the IDE and other fun topics. A bit longer than usual, but full of great information. You can reach out to Eric on twitter @emjohn20 or check out his site at https://www.pumascan.com. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program...2018-09-2057 min
DevelopSec: Developing Security AwarenessEp. 104: Securing Devops with Julien VehentJames sits down with Julien Vehent to discuss his new book "Securing DevOps" and talk about security in a devOps world. Julien (@jvehent) is a security architect and engineering manager with over 15 years of experience in large organizations and web companies. He is currently responsible for the operational security of Firefox's backend infrastructure at Mozilla, and is the author of Securing DevOps.Check out the book (Securing DevOps) at https://www.manning.com/books/securing-devopsSpecial 40% discount code for Developsec listeners: poddevelopsec18 For more info go to https://www.de...2018-08-3045 min
DevelopSec: Developing Security AwarenessEp. 103: Is 3rd Party Authentication Right For Your Application? The headlines are filled with credential breaches. One way to avoid being those headlines is to not store credentials. Instead, use a 3rd party to authenticate your users. While this cuts a lot of work out of your development time, it is important to understand the pros and cons to each method. James talks through some of these risks to help better understand which method might be right for you. Links from show:Ep. 92: 2-Factor Authentication - http://podcast.developsec.com/ep-92-2-factor-authenticationEp. 61: Multi-factor Authentication - http://podcast.developsec.com/ep-61-multi-factor-authenticationEp. 39: Authentication - http...2018-08-1618 min
DevelopSec: Developing Security AwarenessEp. 102: Intro to Web Security PoliciesIn this episode James introduces us to the idea of web security policies stored in a security.txt file. We have talked about vulnerability disclosure before and this ties directly into that conversation.Link to Draft: https://tools.ietf.org/html/draft-foudil-securitytxt-03Link to form to create the file: https://securitytxt.org/Link to our blog post: https://www.developsec.com/2018/06/26/overview-of-web-security-policies/For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com...2018-06-2616 min
DevelopSec: Developing Security AwarenessEp. 101: You're not always right and that is okIn this episode, James shares a story of learning from a mistake and how we can't be right every time. Hear what he learned and how you can learn too. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor m...2018-06-1820 min
DevelopSec: Developing Security AwarenessEp. 100: Choosing Security ToolsIn this episode we talk about choosing the right security tools for your environment. There are lots of vendors offering solutions to help identify security issues within our applications. The trick is to learn to identify which ones make the most sense for your environment. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact...2018-06-0726 min
DevelopSec: Developing Security AwarenessEp. 99: Shifting Left in the SDLCIn this episode, James talks about what it means to shift left in the SDLC. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). ...2018-05-3019 minDevelopSec: Developing Security AwarenessEp. 98: Efail and News HypeIn this episode we talk about efail and the HYPE around security news. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https://www.developsec.com or follow us on X (@develo...2018-05-1518 minDevelopSec: Developing Security AwarenessEP. 97: Gmail / Netflix Potential Scam** Check out our new Live Fundamentals of Application Security training starting on May 1, 2018. Don't wait to sign up. For schedules and information check out https://www.jardinesoftware.com/fundamentals-of-application-security/ **In this episode, James shares his thoughts on an interesting scam potential was brought up regarding Gmail and Netflix. A lot of the discussion is on a unique Gmail feature most haven't heard of. James breaks this down in this episode.The original story was shared at https://www.theregister.co.uk/2018/04/10/gmail_netflix_phishing_vector/ For more info go to ht...2018-04-2318 minDevelopSec: Developing Security AwarenessEp. 96: Security Flaws as DefectsIn this episode we talk about treating security flaws as defects and embedded vs. built-in security. Do you treat security flaws differently? What barriers does that create? For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more in...2018-04-1627 minDevelopSec: Developing Security AwarenessEp. 95: MyFitnessPal Breach Take-AwaysIn this episode we talk about the MyFitnessPal breach and some of the key points that we as developers, security, and users can take away from it. Tweet with Graph of Largest Breaches mentioned: https://twitter.com/EricTopol/status/979556839015661568 Link to article about the breach: https://www.cnet.com/news/millions-of-myfitnesspal-accounts-hacked-under-armour-says/ For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides appli...2018-04-0918 minDevelopSec: Developing Security AwarenessEp. 94: Penetration TestingIn this episode we talk about penetration testing and what you need to know to get the most out of the activity. Tune in to hear some of our thoughts on the topic. To take the training course survey go to https://forms.office.com/Pages/ResponsePage.aspx?id=dUTTGKfrY0SMJRLyejG00DrfDtlb8W5HpqoXHgPDektUNDgxVU9SNlVRNVhXMTY4UUxSU041MFVWTC4u For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. De...2018-04-0226 min
Purple Squad SecurityEpisode 23 – Speaking to Developers with James JardineContinuing with the theme of soft skills that any infosec professional should have, this episode will focus on developers. I sit down with James Jardine from the DevelopSec podcast to talk about how best to communicate with developers. Just like executives, developers have a different language and approach that is needed in order to communicate effectively. Trying to avoid the all-to-common animosity between developers and security, James and I discuss some strategies to help build bridges between the groups and not burn them to the ground. Some links of interest:
www.jardinesoftware.com
www.developsec.com...2018-03-111h 11DevelopSec: Developing Security AwarenessEp. 93: Code ReviewIn this episode we talk about secure code review with a mention of static analysis. Do you know the difference? What is the issue of doing one over the other, or just outright replacing actual code review with static analysis? Tune in to hear some of our thoughts on the topic. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value t...2018-03-0925 minDevelopSec: Developing Security AwarenessEp. 92: 2-Factor AuthenticationIn this episode James talks about 2-factor authentication, why we use it, and maybe why we don't. Is your 2-factor implementation getting in your way? The DevelopSec YouTube Channel - https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNw For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we c...2018-03-0621 minDevelopSec: Developing Security AwarenessEp. 90: 5 Steps to Help Secure Your Database James sits down with Perry Krug, from Couchbase to discuss some important steps to take to secure your database. Perry Krug - https://twitter.com/perrykrug Couchbase - https://twitter.com/couchbase Couchbase - https://www.couchbase.com/ CouchbaseSecurity Documents - https://developer.couchbase.com/documentation/server/current/security/security-intro.html For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec...2018-01-1644 minDevelopSec: Developing Security AwarenessEp. 89: New Year's Resolutions Welcome to 2018! Another year down and time for many of us to start making promises to ourselves of things we will start doing in this new year. In this episode James talks about some lessons we should take from 2017 and ways to use them in 2018. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact u...2018-01-0518 minDevelopSec: Developing Security AwarenessEp. 88: Meteor Security with Tim MedinIn this episode, James talks with Tim Medin regarding Meteor and security. If you develop with Meteor or have to test it, there is a lot of information packed in.More about Tim Medin (@timmedin):Red Seige website - https://www.redsiege.com/ Link to Meteor Minor and other tools Tim mentioned:https://github.com/nidemTim Medin's Bsides Orlando 2017 Presentation - Tim Medin - Mining Meteor B-Sides Orlando 2017 For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the...2017-12-1142 minDevelopSec: Developing Security AwarenessEp. 86: Vulnerable 3rd Party ComponentsIn this episode, James talks the use of 3rd party components and how to handle determining if they are vulnerable or not.Links: OWASP Dependancy Check - https://www.owasp.org/index.php/OWASP_Dependency_Check GitHub Blog - https://github.com/blog/2470-introducing-security-alerts-on-github RetireJS - https://retirejs.github.io/retire.js/ For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.DevelopSec provides application security consulting and train...2017-11-2418 minDevelopSec: Developing Security AwarenessEp. 85: Open Redirect RevisitedIn this episode, James talks about open redirect and why it matters from a security perspective. He also shows how this information can be used in your personal technology use, not just in development. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Sen...2017-11-1725 minDevelopSec: Developing Security AwarenessEp. 84: Understanding the TechnologyYou know your development language and platform, but do you really know the ins and outs of web application technology? How well do you know HTTP, HTML, etc? James talks about a few scenarios where really understanding how the technologies works helps better understand vulnerability risks.For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security progra...2017-10-3123 minDevelopSec: Developing Security AwarenessEp. 83: Authorization OverviewIn this episode, James talks about authorization and some common areas where it poses a risk. He also goes over some techniques to help test authorization. For more info go to https://www.developsec.com or follow us on twitter (@developsec). Join the conversations.. join our slack channel. Email james@developsec.com for an invitation. DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more...2017-10-1820 minDevelopSec: Developing Security AwarenessEp. 82: Equifax Take-awaysThe Equifax breach was a major news story. James talks about some of the security controls mentioned and how to start a conversation within your organization about them. Want to listen on YouTube? Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNwFor more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.DevelopSec provides application security consulting and training to add...2017-09-2925 minDevelopSec: Developing Security AwarenessEp. 81: JavaScript in HREF and SRC (XSS)We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags. James talks about this unique ability and how to protect your applications from it. The related blog post for this can be found at https://www.developsec.com/2017/09/06/javascript-in-an-href-or-src-attribute/Want to listen on YouTube? Check out our channel where we are releasing episodes starting from episode 1 at https://www.youtube.com/channel/UCdAqgfdGs0-hPa8FhsODwNwFor more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the...2017-09-1820 minDevelopSec: Developing Security AwarenessEp. 80: Understanding Security of Your PlatformsWe use a lot of platforms and frameworks when we develop an application. These platforms may provide security features, but do you know which ones? James talks about the importance of understanding your platforms and what to consider.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.DevelopSec provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. ...2017-08-2319 minDevelopSec: Developing Security AwarenessEp. 79: Marketing with USB DrivesJames talks about the risk of USB thumb drives and their risk using the recent BCBS marketing campaign as an example. (http://www.fiercehealthcare.com/privacy-security/bcbs-alabama-re-evaluates-usb-marketing-campaign-amid-security-concerns). For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.DevelopSec provides application security consulting and training to add value to your application security program. Contact ustoday to see how we can help. Send us a textFor more info go to...2017-07-3115 minDevelopSec: Developing Security AwarenessEp. 78: MySpace Lessons - Looking At Account RecoveryJames talks about a recent vulnerability report regarding MySpace's Account Recovery system (https://www.wired.com/story/myspace-security-account-takeover/). He talks about considerations around account recovery and the need to revisit this type of functionality on a regular basis.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.DevelopSec provides application security consulting and training to add value to your application security program. Contact ustoday to see how we can help.Send us...2017-07-2519 min
Business Security Weekly (Video)James Jardine, Jardine Software Inc. - Startup Security Weekly #46James Jardine is the CEO of Jardine Software and a former SANS Institute author and instructor. James possesses over 15 years of development and application security experience. Full Show Notes: https://wiki.securityweekly.com/SSWEpisode46 Visit http://securityweekly.com/category/ssw/ for all the latest episodes!2017-07-1033 minDevelopSec: Developing Security AwarenessEp. 77: Interactive Application Security TestingIn this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach that is similar to both dynamic and static analysis. Listen in to learn more about it.The video version of this can be found at https://youtu.be/KHSlDletm9IFor more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.DevelopSec provides application security consulting and training to add value to your application s...2017-07-0714 minDevelopSec: Developing Security AwarenessEp. 76: Validation - Client vs. ServerAre you thinking about client vs. server-side input validation? Curious why each is important and when to use them? James talks about the basic concepts and how to apply them to create more secure applications.A video version of this podcast is now available at: https://youtu.be/irO1TOC6-i8For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@developsec.com for an invitation.DevelopSec provides application security consulting and training to add value to you...2017-06-1913 minDevelopSec: Developing Security AwarenessEp. 75: IAM with Geurt van WijkIn this episode I sit down with Geurt van Wijk from IDdriven to discuss IAM and IDaaS. Geurt has many years of experience around Identity and shares some great insights into considerations when working with it. If you typically think of Identity as just a user with credentials and some typical roles, you will want to listen in.You can get more information about IDdrive from https://www.iddriven.comFor more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email j...2017-06-0541 minDevelopSec: Developing Security AwarenessEp. 74: Audio Driver Key Logger Lessons LearnedIt was recently reported that an audio driver on HP systems was logging key strokes to a local file. Accidental? Malicious? Instead, we talk about how to try and avoid this from happening in the future. Original Article: https://www.cnet.com/news/keylogger-discovered-on-some-hp-laptops-conexant/For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation.Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to ad...2017-05-2416 minDevelopSec: Developing Security AwarenessEp. 73: Identity with Vittorio BertocciI sat down with Vittorio Bertocci from Microsoft at the Microsoft Build 2017 conference in Seattle Washington. Vittorio shared some great insights into Identity and some new things around Azure AD and Azure AD B2C. Listen in to learn more about some of the interesting things going on. You can watch Vittorio's presentation from build at: https://channel9.msdn.com/Events/Build/2017/B8084To get more information from Vittorio, you can follow him on twitter at @vibronet or check out his website at www.cloudidentity.comAlso, check out this announcement about new aut...2017-05-1730 minDevelopSec: Developing Security AwarenessEp. 72: Where to Perform Output EncodingOver the years I have had many people ask about encoding before storing data in the database. Here are my thoughts and recommendations.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation.Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.S...2017-05-1113 minDevelopSec: Developing Security AwarenessEp. 71: Sub Resource IntegrityDo you use hosted content on a CDN? How do you know the file hasn't been modified? James describes Sub Resource Integrity and how it is used to help detect and prevent loading modified files. For details referenced in the show about commands and examples, check out our post at https://www.developsec.com/2017/04/16/sub-resource-integrity-sri/For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation.Presented by Jardine Software Inc. (https://www.jardinesoftware.com)J...2017-04-1714 minDevelopSec: Developing Security AwarenessEp. 70: Considering security when selecting an application platformDo you struggle with trying to pick the most secure application platform? Are you focusing on the right questions? James talks about ways to look at application platforms and be secure, no matter which one you choose.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Join the conversations.. join our slack channel. Email james@jardinesoftware for an invitation.Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact u...2017-03-2721 minDevelopSec: Developing Security AwarenessEp. 69: Concurrent User SessionsDo you allow users to login into their accounts across multiple browsers or devices? Does this raise a security concern? James talks about how to handle this question and analyze the root issue.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Send us a text2017-03-1021 minDevelopSec: Developing Security AwarenessEp. 68: How the AWS disruption can help usI am sure you have heard about the AWS service disruption that occurred. Have you seen how we can learn from this when we look at our own tools and processes? James talks about how we need to look at our own applications and tools and consider how time has changed the landscape. There might be more than you think.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add...2017-03-0315 minDevelopSec: Developing Security AwarenessEp. 66: Forgot UsernameWe always talk about Forgot Password... But what about Forgot Username? Listen in as James discusses why protecting this functionality is important and the ways it could be abused if not properly handled.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Send us a text2017-02-2214 minDevelopSec: Developing Security AwarenessEp. 65: Security Questions: Good or Bad?In this episode, James talks about security questions, or secret questions. We see them used in many different places. People complain they are horrible. So are they that bad that you shouldn't use them? Is it possible to help reduce the risk with security questions?For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can h...2017-02-1518 minDevelopSec: Developing Security AwarenessEp. 64: Using Stolen Passwords to Protect User AccountsA few months ago, it was announced that some companies buy stolen passwords off of the black market to help protect their users. This is done by determining if the user's password was part of that list and forcing a reset. James talks about the idea and raises some interesting questions. What do you think about the tactic?For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to...2017-01-2314 minDevelopSec: Developing Security AwarenessEp. 63: Remember Me Feature: Security ConsiderationsAre you, or have you, implemented a remember me feature for your application? What do you remember, username, password, or both? James talks about some security considerations around implementing a remember me feature for your application.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Send us...2017-01-1715 min
The Application Security PodcastRafal Los, James Jardine, and Michael Santarcangelo -- #DtSR and What Makes a Good Security Consultant?Greetings all! We have a treat for you in this episode. The crew joins Robert and me from the Down the Security Rabbit Hole Podcast. This includes Rafal Los (@wh1t3rabbit), James Jardine (@jardinesoftware), and Michael Santarcangelo (@catalyst). This is a unique conversation for me because the AppSec PodCast was born from my first interview with #DtSR. I was featured on DtSR Episode 204 in July 2016 after a friend suggested me to Raf on Twitter. (Thanks, Nigel!) The DtSR episode was entitled “On Changing Culture.” I had listened to these guys on and off for years and now had the c...2017-01-1237 minDevelopSec: Developing Security AwarenessEp. 62: MongoDB Ransomware AttacksDo you use MongoDB? If so, is it exposed to the internet? Recent news (listed below) had shown that a large number of MongoDB instances are being infected with ransomware. James talks about the issue and ways to help ensure you are not the next victim.Link to original article: http://arstechnica.com/security/2017/01/more-than-10000-online-databases-taken-hostage-by-ransomware-attackers/For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to y...2017-01-1013 minDevelopSec: Developing Security AwarenessEp. 61: Multi-factor AuthenticationImplementing multi-factor authentication isn't just about a second factor. There are many considerations that need to be included. One in particular, how do you handle the user losing their means of that second factor. James talks about thinking this through.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day adva...2017-01-0517 minDevelopSec: Developing Security AwarenessEp. 59: All About Cookie ProtectionIt is the holiday season. It is appropriate to talk about cookies. Not the kind that you bake, but the ones in your applications. James talks about the security mechanisms for cookies and clarifies what they are for. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Sen...2016-12-1423 minDevelopSec: Developing Security AwarenessEp. 58: "Untrusted" DataHave you heard someone mention "untrusted" data? Applications take data from multiple data sources and we are often confused on what should be trusted or not. In this episode, James Jardine talks about untrusted data and some thoughts for moving past it. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our...2016-11-1621 minDevelopSec: Developing Security AwarenessEp. 57: Source Code ReviewAre you an organization looking to do source code review? Are you trying to hire a pen tester with source code review as a duty? James talks about Secure Code Review and some common implementations. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Send...2016-11-0421 minDevelopSec: Developing Security AwarenessEp. 56: Security ContactsDo you have a clear path for users to contact you about potential security issues in your application or device? Is there a potential for the communication to be lost in the mix? James talks about how it is important for users to have a clear path to communication when it comes to reporting security issues. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your app...2016-10-2612 minDevelopSec: Developing Security AwarenessEp. 55: Scoping an application security assessment (Applications)Having a penetration test performed against your applications? Do you have mobile and web applications performing the same functionality? James talks about the reason behind doing these assessments at the same time vs. separate. See why testing your entire offering can add benefit to your security assessment. Link to DerbyCon PresentationFor more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Cont...2016-09-2812 minDevelopSec: Developing Security AwarenessEp. 54: WAFs and Pen TestingYour pen tester want you to white list them in your WAF? What should you do? Why do they ask? James breaks it down for you in this episode.For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Send us a textFor more info...2016-09-2116 minDevelopSec: Developing Security AwarenessEp. 53: Chrome Changing Secure NotificationsWe talk HTTP/HTTPS all the time. Google just announced that in January they are going to change how they display their secure/not secure indicators for HTTP sites that have passwords or credit cards. James talks about how this can effect you.Link to the article: https://security.googleblog.com/2016/09/moving-towards-more-secure-web.htmlFor more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application sec...2016-09-1517 minDevelopSec: Developing Security AwarenessLogin Forms and HTTPSAre your login forms secure? Are you sure? In this episode James talks about potential risks with presenting your login forms when using HTTPS and how to avoid them. We often are focused on HTTPS for the submission of credentials, but what about the loading of the form? What about frames?For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us toda...2016-09-0710 minDevelopSec: Developing Security AwarenessEp. 52: Importance of UI to SecurityThe user interface plays a big part in the security of an application. We often only look at flaws such as XSS, but here James provides an example of the lack of Input Validation messages creating a Denial of Service type situation. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our...2016-09-0511 minDevelopSec: Developing Security AwarenessEp. 51: Everything is a targetJames discusses how all applications, big or small, are a potential target and need to have secure coding practices. We often only look at our big applications from a security perspective, but in reality, all applications pose a risk. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.2016-08-2912 minDevelopSec: Developing Security AwarenessEp. 50: How Serious is Username EnumerationIn this episode, James talks about what Username Enumeration is, how it can be used by attackers, and some ways to help reduce the risk of it. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Send us a textFor more inf...2016-07-2823 minDevelopSec: Developing Security AwarenessEp. 49: Should Password Change Invalidate Access Tokens?Interesting question was raised around changing a password and the need to invalidate all the access tokens for the associated mobile devices. James talks about his view on the topic and how you can analyze your situation to determine the appropriate direction. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can...2016-07-2516 minDevelopSec: Developing Security AwarenessEp. 48: Pokemon Go Security DiscussionsPokemon Go has taken the world by storm and as always, it brings up some things to talk about regarding security. In this episode James talks about some out of the box security thoughts regarding mobile applications including app permissions, fake apps, and scams. **Link to James' interview on News4Jax talking about Pokemon Go Security Concerns http://www.news4jax.com/news/morning-show/pokemon-go-security-concerns ** For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)...2016-07-1818 minDevelopSec: Developing Security AwarenessEp. 47: Account Lockouts and auto-unlockA question came in regarding auto-unlock of accounts and account lockout in general. James discusses his thoughts on this process and how he approaches these types of questions. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Send us a textFor mor...2016-06-1710 minDevelopSec: Developing Security AwarenessEp. 45: The importance of WHYWe are too quick to just give generic recommendations for resolving security vulnerabilities. We need to make sure that the application teams understand why these are vulnerabilities and why they are important. It all starts with Why is that functionality there. James talks about the importance of understanding the WHY and how it is a building block for better secure applications. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and...2016-06-0322 minDevelopSec: Developing Security AwarenessEp. 44: "We don't support Macs"When a developer was presented with a but they tried to say that it wasn't an issue because it was found by a tester using a Mac. "We don't support Macs" James talks about how this is a fundamental misunderstanding about security and tries to clear it up. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us to...2016-05-2712 minDevelopSec: Developing Security AwarenessEp. 43: Reflecting on Current AppSec TrainingJames reflects on the current way we expect application teams to get security training and potential short falls. Is there a better way? Listen as I talk through some different points on the topic. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help. Check out our 30 day advantage.Send us a...2016-05-2122 minDevelopSec: Developing Security AwarenessEp. 42: The Need for Better Secure Code ExamplesHow do you get your secure coding information? Do you pull code snippets from the internet? Who doesn't. How many of those actually use secure coding best practices. We have a challenge where most of our books, tutorials, and even college classes don't show secure code examples, just code examples. Everywhere we turn, the code we see is insecure. James Talks about this issue and some things you can do to help change that. In the episode, James makes reference to the IT Hot Topics Conference (https://www.eiseverywhere.com/ehome/index.php?eventid=155122&). James will be p...2016-04-2421 minDevelopSec: Developing Security AwarenessEp. 41: Why You Need an Application InventoryDo you use an application inventory in your application security program? James discusses what an application inventory is and why it is important. Here is a list of a few tools that can be used to help identify some application details: Consider using OWASP Dependency Check (https://www.owasp.org/index.php/OWASP_Dependency_Check)Retire.js will help identify out dated javascript libraries (http://retirejs.github.io/retire.js/) - This is also a burp extension For more info go to https://www.developsec.com or follow us on twitter (@developsec).Pr...2016-04-1918 minDevelopSec: Developing Security AwarenessEp. 40: Getting More Value from Pen TestsPenetration tests provide a measuring stick for security, but are you missing out on additional value? James discusses ways to use the pen test results to get more value out of a penetration test. James will be providing a free webcast regarding Penetration Testing for Application Teams on March 18th, 2016. Here is the registration link: https://attendee.gototraining.com/r/3147075330537789954 For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides appl...2016-03-0816 minDevelopSec: Developing Security AwarenessEp. 39: AuthenticationJames discusses what authentication is and some things to look out for. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help.Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is...2016-02-2919 minDevelopSec: Developing Security AwarenessEp. 38: Static Analysis: Tips for Successful ProgramIn this episode, James Jardine talks about some of the things you need to consider when trying to implement a static analysis program. It is more than just a tool you drop in. To build a successful program there are other considerations. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Jardine Software provides application security consulting and training to add value to your application security program. Contact us today to see how we can help....2016-02-0739 minDevelopSec: Developing Security AwarenessEp. 37: CSRF ChainingJames Jardine discusses CSRF chaining, using the combination of multiple CSRF requests to perform a task. Typically we believe that CSRF can only be done with one request, but with a little javascript it is possible to execute multiple requests. Listen in for more information. For more info go to https://www.developsec.com or follow us on twitter (@developsec).Presented by Jardine Software Inc. (https://www.jardinesoftware.com)Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec)....2016-01-2617 minDevelopSec: Developing Security AwarenessEp. 32: Dynamic Analysis: An OverviewJames Jardine provides an overview of Dynamic Analysis and why it is important. Like any automation, there are pros and cons. Listen to find out why dynamic analysis is useful. Some links to some dynamic analysis options that are available:WhiteHat Security (http://www.whitehatsec.com)HP - Web Inspect (http://www8.hp.com/us/en/software-solutions/webinspect-dynamic-analysis-dast/)IBM App Scan (http://www-03.ibm.com/software/products/en/appscan)Veracode (http://www.veracode.com)Acunetix (https://www.acunetix.com/)Send us a text2015-11-2122 minDevelopSec: Developing Security AwarenessEp. 31: Response Splitting and Header InjectionJoin James Jardine as he discusses what Response Splitting/Header Injection is and how it works. He also discusses how ASP.Net helps defend against this attack. This is a quick overview of the vulnerability and a great starting point for anyone learning security concepts.Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is brought to you by Jardine Software Inc. 2015-11-0918 min