60 Sec on AppSec
By Enso Security
60 Sec on AppSec May 18, 2023
Why do we need an API inventory and how to build it! with Ashwani Mahajan, Staff Application Security Engineer at SoFi
Learn why an API inventory is necessary in order to identify risks to the overall risk posture.
How to get the most value from AppSec scanning tools, with Josh Grossman, CTO at Bounce Security
Listen-in to get Josh's 4 practical tips for getting the best value out of your scanning tools
The Evolution of AppSec and DevSecOps, with Frank Kim, CISO-in-Residence at YL Ventures
CISO Frank Kim takes listeners on a quick journey from waterfall to DevSecOps, and all the challenges and triumphs in-between!
Can DAST alone truly scale? with Dan Drees, Head of Sales at Detectify
In theory DAST is great, but what about in practice? Dan discusses shift left, DAST and the evolution of EASM.
What is Content-Security-Policy Header (CSP)? with Bhavani Gaddam, Jr. Application Security Engineer, Copart
What is Content-Security-Policy and how does it defend against cross-site scripting attacks?
What is a Security Champion? with Chris Romeo, CEO of Kerr Ventures
Security champions will remain a hot topic in 2023. Chris Romeo breaks down for us why security champion programs are so important, and why they are so hard to get right.
What is SBOM (Software Bill Of Material) and why it is important for security teams? with Chirag Prajapati, Application Security Engineer, Copart
How does the SBOM provide the needed visibility and allow teams to gain control over their code base?
Are we accurately implementing Shift Left? with Rajendra Umadas, Senior Platform Security Manager at ActBlue
There are many great reasons to move security left, but are we implementing it in a way that truly reduces cost?
What is Iac and IaC Security? with Lior Samuni, Director of R&D, Orca Security
How does IaC increase productivity and what are the security risks ?
What is the OWASP Top 10? with Akira Brand, Developer Relations, Bright Security
How did the OWASP Top 10 come to be an industry standard?
Are your applications guaranteed safe if you don't have one of the listed vulnerabilities?
Should we rethink the way we train application developers? with Connie Matthews Reynolds, Founder and CEO of ReynCon, LLC.
How can better security training allow organizations to set up more secure applications and establish sound relationships between the business and security?
What are Dependency Confusion Attacks ? with Roei Hadashi, Application Security Researcher, Enso Security
What are dependency confusion attacks, why are they so dangerous, and why are they here to stay?
How can we build and improve relationships between security and developers? with Ryan Gurney CISO-in-Residence, YL Ventures
it's all about building in-person, human relationships.
What is Application Relationship Management? with Kate Kuehn, SVP Alliances, vArmour
What is Application Relationship Management and what are the security consequences when we don't properly understand those relationships?
What are CI/CD Pipelines? with Omer Yaron, Head of Research, Enso Security
What are CI/CD Pipelines and why are they significant for Application Security ?
What is Security by Design? with Clayton Pummill, Co-founder, St. Louis Cyber Interest Group (STLCIG)
What is Security by Design and why is addressing security ad-hoc no longer sustainable?
What is SAST? with Florin Coada, Product Manager, HCL AppScan
What is SAST, and why does it enable you to find vulnerabilities much quicker compared to other tools?
What is Threat Modeling? with Ryan Frillman, Technology Information Security Officer, Equifax
What is Threat Modeling and what does it mean for technology and security?
What is SSRF? with Barak Tawily, CTO & Co-founder, Enso Security
What is SSRF, why is mitigation so tricky, and what are the best ways to mitigate attacks?
What is Enterprise Application Security Posture? with David Matousek, Director of Product & Strategy, Cybersecurity Engineering, John Hancock Financial Services
What is Enterprise Application Security Posture and why is it crucial to continuously monitor your application portfolio risk?
Who Owns AppSec? with James Robinson, Deputy Chief Information Security Officer at Netskope
Who actually owns AppSec within an organization? It's all about who can influence security the most.
How do we take the guesswork out of application security? with Saket Modi, Co-Founder & CEO, Safe Security
How do we identify, manage, measure and mitigate application security risk?
What is Secrets Sprawl? with Mackenzie Jackson, Developer Advocate, GitGuardian
What is Secret Sprawl and why is it so common? The answer lies in how we build our modern applications.
What is DAST? with Tanya Janca, Founder & CEO at We Hack Purple Academy
What is DAST and how does it interact with your applications?
What is Shift Left? with Vickie Li, Developer Evangelist, Shift Left
How to Shift Left and why does it matter?
What is SBOM? with Steve Springett, Senior Manager of Product Security, Service Now & Chair, CycloneDX Working Group, OWASP
What is a SBOM and how do you get started? It's more than just a simple list of ingredients.
What is Application Security? with Andy Ellis, Operating Partner, YL Ventures
Welcome to 60 Seconds on AppSec by Enso Security where we will provide you with the answers to the questions you were afraid to ask on AppSec, all under 60 seconds. On our first podcast, we welcome Andy Ellis, Operating Partner of YL Ventures to answer the central question -- What is Application Security?