AppSec Stats Flash: A Monthly Podcast on the State of Application Security

There are two sides to any story - and it is no different here for Healthcare. While the applications in this sector are vulnerable, they still aren't as vulnerable as Retail applications. At the same time, consumers have personal responsibilities while using web and mobile applications in order to prevent data theft.Additional Links:WhiteHat Security 2017 Application Security Statistics ReportStay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.

The Alice and Bob characters were invented by Ron Rivest, Adi Shamir, and Leonard Adleman in their 1978 paper "A Method for Obtaining Digital Signatures and Public-key Cryptosystems". Alice and Bob were also joined by an additional cast of characters as needed to keep the explanation of cryptographic systems lively and relatable. The famous Cryptographic couple have now ventured into Application Security. In her book, "Alice and Bob Learn Application Security", my guest today Tanya Janca, has done a fantastic job of discussing 10 topics across 3 sections to address the subject of AppSec. Tune in to the podcast as we discuss the practitioner aspects of being a security minded developer.Special Guest: Tanya Janca, CEO and Founder of We Hack PurpleTanya Janca, also known as SheHacksPurple, is the best-selling author of ‘Alice and Bob Learn Application Security’. She is also the founder of We Hack Purple, an online learning academy, community and podcast that revolves around teaching everyone to create secure software. Tanya has been coding and working in IT for over twenty years, won countless awards, and has been everywhere from startups to public service to tech giants (Microsoft, Adobe, & Nokia). She has worn many hats; startup founder, pentester, CISO, AppSec Engineer, and software developer. She is an award-winning public speaker, active blogger & streamer and has delivered hundreds of talks and trainings on 6 continents. She values diversity, inclusion, and kindness, which shines through in her countless initiatives.community.wehackpurple.comacademy.wehackpurple.comaliceandboblearn.comChecklists:Secure Design Conceptshttps://newsletter.wehackpurple.com/foundational-security-conceptsPCI-DSS for Devs!https://newsletter.wehackpurple.com/pci-dss-for-devsAPI Security Best Practiceshttps://newsletter.wehackpurple.com/api-securityApplication Security Activitieshttps://newsletter.wehackpurple.com/appsec-activitiesAzure Hardening Best Practicehttps://newsletter.wehackpurple.com/azure-hardeningError Handling and Logginghttps://newsletter.wehackpurple.com/errors-and-loggingSecure Coding Guidelineshttps://newsletter.wehackpurple.com/secure-coding-guidelinesTips For Getting Into InfoSechttps://newsletter.wehackpurple.com/getting-into-infosecWeb App Security Requirementshttps://newsletter.wehackpurple.com/web-app-security-requirementsMore Links!Check out other episodes of Security in the Fast Lane: https://www.whitehatsec.com/security-in-the-fastlane/Check out our other podcast, AppSec Stats Flash: https://www.whitehatsec.com/appsec-stats-flash/To learn more about NTT Application Security, visit us at www.whitehatsec.com

Download the supporting report hereDid the pandemic accelerate the adoption of technology in the education sector? This month we focus on education as we go back to school!Stay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.

Special Guest: Jeremiah Grossman, Founder of WhiteHat Security and current Founder and CEO at Bit DiscoveryLinks for further reading & listening:https://www.scientificamerican.com/article/rumsfelds-wisdom/https://uxdesign.cc/the-knowns-and-unknowns-framework-for-design-thinking-6537787de2c5https://www.nasa.gov/centers/ivv/ppt/172585main_SoftwareAssuranceSymposium_OConnor.pptCheck out other episodes of Security in the Fast Lane: https://www.whitehatsec.com/security-in-the-fastlane/Check out our other podcast, AppSec Stats Flash: https://www.whitehatsec.com/appsec-stats-flash/To learn more about NTT Application Security, visit us at www.whitehatsec.com

Download the supporting report hereRising Windows of Exposure, increasing time to fix, falling remediation rates and pedestrian vulnerabilities make it easy for hackers to exploit vulnerabilities in business applications.Stay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.Links for further reading & listening:Researchers find vulnerabilities in Wodify gym management web applicationSecurity in the Fast Lane - EP.3 with special guest Matias Madou, CTO and Founder of Secure Code WarriorAppSec Stats Flash - EP.6, The Case for Two-Speed AppSec

Download the accompanying report here.Applications are more vulnerable than last year. Time to fix serious vulnerabilities is increasing. Remediation rates are decreasing and the types of vulnerabilities that applications suffer from have not changed. Applications are now the path of least resistance for attackers to breach an enterprise. This is our Kobayashi Maru moment. The question is – what will Captain Kirk do?Stay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.

Download the supporting report hereIn this episode, we make a case for “Two Speed” Application Security to address the disparate needs of Legacy Applications and newer Greenfield Applications. In addition, hear about some simple takeaways for end users to protect themselves from potential application security vulnerabilities.Stay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.Links for further reading & listening:APIs Aren’t Just for Tech Companies by Tiffany Xingyu Wang and Matt McLartySecurity in the Fast Lane Podcast

Download the supporting report hereHackers are not always an adversary – they can be heroes too. This month we dive into the hacker mindset and review the insightful data points and trends that our teams are finding and analyzing. Special Guest: Casey Ellis, Founder and CTO at BugcrowdStay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.

Download the supporting report hereRead about the SAP CVE: SAP Security Notes March 2020: Two Critical Patches Released to Protect Solution Manager from CyberattacksWatch Simon Sinek's Ted Talk: Start with Why - How Great Leaders Inspire ActionLet’s talk about how a security program’s culture and team can work together to form the foundation of good AppSec for organizations – leading to a change in perception and branding of cybersecurity.Special Guest: Cindi Carter, Global Technology ExecutiveStay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.

Download the supporting report hereApplications are part of complex, connected systems with unpredictable amounts of interactions between other applications and APIs. Are our security programs strong enough to prevent supply chain type attacks?Stay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.

Download the supporting report here.Learn more about HTTP Strict Transport Security.It's 2021 and we have more detailed security breach data than ever. Then how is the state of application security still so dismal and what if we look at it with a different intent? In this volume, we discuss how application security, both for web and mobile, can be a multidimensional challenge and how the data in front of us can be the answers we need to make improvements.Stay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.

Download the supporting report here.In this month’s AppSec Stats Flash, we will dive into the first 3 key metrics when evaluating the current state of application security as well as broach the topic of shared responsibility for security as is implied by DevSecOps.Stay tuned for more upcoming episodes and reports on the AppSec Stats Flash website.