[SC-L] OWASP Podcast 95 is live!
I'm very pleased to announce that OWASP Podcast 95 is live! Special thanks to Thomas Herlea who helped edit and produce this show. This episode features Dan J. Bernstein, a computer science research professor from the university of Illinois. He is speaking on Cryptography Worst Practices. Dan is a very sharp and controversial character. I hope you enjoy. Direct download: https://www.owasp.org/download/jmanico/owasp_podcast_95.mp3 RSS Feed: https://www.owasp.org/download/jmanico/podcast.xml Thanks for listening! Aloha, Jim Manico OWASP Board Member @Manicode ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
[SC-L] Top 5 Reasons to Implement Threat Modeling
Hi Secure Coders, As always, the Verizon Data Breach report highlighted some interesting stats on attacks and breaches over the last year. And, no surprise that hacking accounts for a high chunk of those attack vectors, with SQL Injection still prominent. In order to build software securely, we cannot stress enough the importance of proactively threat modeling applications and we’ve identified 5 of the top reasons to do so. Avoiding a single breach is a good enough reason alone to implement threat modeling but hey, for you skeptics out there, we've compiled a handful of other key considerations as well. Here's the blog post: http://myappsecurity.com/5-reasons-threat-modeling/ Please take a look – any and all feedback is welcome! Thanks, Reef Dsouza Product Manager MyAppSecurity http://www.myappsecurity.com/ LinkedIn http://www.linkedin.com/in/reefdsouza ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___
[SC-L] Silver Bullet 87: James Walden
hi sc-l, Last month, Cigital consultant Joe Harless suggested that I interview his NKU professor James Walden. It was a good idea. Thanks Joe. I have known James for years. He uses Software Security in some of his classes and he thinks about software security all day. Trained as a particle physicist, James is one of the leaders in academic software security. We talk about all sorts of things, top ten lists, breaking versus fixing, bugs and flaws. James teaches a Secure Software Engineering course that is right up our ally here at sc-l. Have a listen: http://www.cigital.com/silver-bullet/show-087/ And if you have a suggestion for a Silver Bullet episode, let me know! gem company www.cigital.com justiceleague www.cigital.com/justiceleague book www.swsec.com ___ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates ___