Skip to main content
60 Sec on AppSec

60 Sec on AppSec

By Enso Security

Everything you wanted to know about AppSec but were afraid to ask. All in 60 seconds.
Currently playing episode

Why do we need an API inventory and how to build it! with Ashwani Mahajan, Staff Application Security Engineer at SoFi

60 Sec on AppSec May 18, 2023

00:00
02:17
Why do we need an API inventory and how to build it! with Ashwani Mahajan, Staff Application Security Engineer at SoFi

Why do we need an API inventory and how to build it! with Ashwani Mahajan, Staff Application Security Engineer at SoFi

Learn why an API inventory is necessary in order to identify risks to the overall risk posture.


May 18, 202302:17
How to get the most value from AppSec scanning tools, with Josh Grossman, CTO at Bounce Security

How to get the most value from AppSec scanning tools, with Josh Grossman, CTO at Bounce Security

Listen-in to get Josh's 4 practical tips for getting the best value out of your scanning tools

May 07, 202302:27
The Evolution of AppSec and DevSecOps, with Frank Kim, CISO-in-Residence at YL Ventures

The Evolution of AppSec and DevSecOps, with Frank Kim, CISO-in-Residence at YL Ventures

CISO Frank Kim takes listeners on a quick journey from waterfall to DevSecOps, and all the challenges and triumphs in-between! 

Mar 26, 202302:56
Can DAST alone truly scale? with Dan Drees, Head of Sales at Detectify

Can DAST alone truly scale? with Dan Drees, Head of Sales at Detectify

In theory DAST is great, but what about in practice? Dan discusses shift left, DAST and the evolution of EASM. 

Feb 05, 202302:53
What is Content-Security-Policy Header (CSP)? with Bhavani Gaddam, Jr. Application Security Engineer, Copart

What is Content-Security-Policy Header (CSP)? with Bhavani Gaddam, Jr. Application Security Engineer, Copart

What is Content-Security-Policy and how does it defend against cross-site scripting attacks? 

Jan 23, 202301:24
What is a Security Champion? with Chris Romeo, CEO of Kerr Ventures

What is a Security Champion? with Chris Romeo, CEO of Kerr Ventures

Security champions will remain a hot topic in 2023. Chris Romeo breaks down for us why security champion programs are so important, and why they are so hard to get right. 

Jan 03, 202301:35
What is SBOM (Software Bill Of Material) and why it is important for security teams? with Chirag Prajapati, Application Security Engineer, Copart

What is SBOM (Software Bill Of Material) and why it is important for security teams? with Chirag Prajapati, Application Security Engineer, Copart

How does the SBOM provide the needed visibility and allow teams to gain control over their code base? 

Oct 31, 202201:34
Are we accurately implementing Shift Left? with Rajendra Umadas, Senior Platform Security Manager at ActBlue

Are we accurately implementing Shift Left? with Rajendra Umadas, Senior Platform Security Manager at ActBlue

There are many great reasons to move security left, but are we implementing it in a way that truly reduces cost?

Aug 08, 202201:57
What is Iac and IaC Security? with Lior Samuni, Director of R&D, Orca Security

What is Iac and IaC Security? with Lior Samuni, Director of R&D, Orca Security

How does IaC increase productivity and what are the security risks ?

Jul 18, 202202:00
What is the OWASP Top 10? with Akira Brand, Developer Relations, Bright Security

What is the OWASP Top 10? with Akira Brand, Developer Relations, Bright Security

How did the OWASP Top 10 come to be an industry standard? 

Are your applications guaranteed safe if you don't have one of the listed vulnerabilities? 

Jul 04, 202201:52
Should we rethink the way we train application developers? with Connie Matthews Reynolds, Founder and CEO of ReynCon, LLC.

Should we rethink the way we train application developers? with Connie Matthews Reynolds, Founder and CEO of ReynCon, LLC.

How can better security training allow organizations to set up more secure applications and establish sound relationships between the business and security? 

Jun 26, 202201:23
What are Dependency Confusion Attacks ? with Roei Hadashi, Application Security Researcher, Enso Security

What are Dependency Confusion Attacks ? with Roei Hadashi, Application Security Researcher, Enso Security

What are dependency confusion attacks, why are they so dangerous, and why are they here to stay? 

Jun 12, 202202:16
How can we build and improve relationships between security and developers? with Ryan Gurney CISO-in-Residence, YL Ventures

How can we build and improve relationships between security and developers? with Ryan Gurney CISO-in-Residence, YL Ventures

it's all about building in-person, human relationships. 

May 29, 202203:03
What is Application Relationship Management? with Kate Kuehn, SVP Alliances, vArmour

What is Application Relationship Management? with Kate Kuehn, SVP Alliances, vArmour

What is Application Relationship Management and what are the security consequences when we don't properly understand those relationships?

May 16, 202203:11
What are CI/CD Pipelines? with Omer Yaron, Head of Research, Enso Security

What are CI/CD Pipelines? with Omer Yaron, Head of Research, Enso Security

What are CI/CD Pipelines and why are they significant for Application Security ?

May 09, 202201:33
What is Security by Design? with Clayton Pummill, Co-founder, St. Louis Cyber Interest Group (STLCIG)

What is Security by Design? with Clayton Pummill, Co-founder, St. Louis Cyber Interest Group (STLCIG)

What is Security by Design and why is addressing security ad-hoc no longer sustainable?

Apr 24, 202201:45
What is SAST? with Florin Coada, Product Manager, HCL AppScan

What is SAST? with Florin Coada, Product Manager, HCL AppScan

What is SAST, and why does it enable you to find vulnerabilities much quicker compared to other tools?

Apr 17, 202201:43
What is Threat Modeling? with Ryan Frillman, Technology Information Security Officer, Equifax

What is Threat Modeling? with Ryan Frillman, Technology Information Security Officer, Equifax

What is Threat Modeling and what does it mean for technology and security? 

Apr 10, 202201:36
What is SSRF? with Barak Tawily, CTO & Co-founder, Enso Security

What is SSRF? with Barak Tawily, CTO & Co-founder, Enso Security

What is SSRF, why is mitigation so tricky, and what are the best ways to mitigate attacks?

Apr 04, 202201:57
What is Enterprise Application Security Posture? with David Matousek, Director of Product & Strategy, Cybersecurity Engineering, John Hancock Financial Services

What is Enterprise Application Security Posture? with David Matousek, Director of Product & Strategy, Cybersecurity Engineering, John Hancock Financial Services

What is Enterprise Application Security Posture and why is it crucial to continuously monitor your application portfolio risk? 

Mar 27, 202201:44
Who Owns AppSec? with James Robinson, Deputy Chief Information Security Officer at Netskope

Who Owns AppSec? with James Robinson, Deputy Chief Information Security Officer at Netskope

Who actually owns AppSec within an organization? It's all about who can influence security the most. 

Mar 20, 202202:25
How do we take the guesswork out of application security? with Saket Modi, Co-Founder & CEO, Safe Security

How do we take the guesswork out of application security? with Saket Modi, Co-Founder & CEO, Safe Security

How do we identify, manage, measure and mitigate application security risk? 

Mar 10, 202201:42
What is Secrets Sprawl? with Mackenzie Jackson, Developer Advocate, GitGuardian

What is Secrets Sprawl? with Mackenzie Jackson, Developer Advocate, GitGuardian

What is Secret Sprawl and why is it so common? The answer lies in how we build our modern applications. 

Mar 05, 202201:29
What is DAST? with Tanya Janca, Founder & CEO at We Hack Purple Academy

What is DAST? with Tanya Janca, Founder & CEO at We Hack Purple Academy

What is DAST and how does it interact with your applications? 

Feb 26, 202201:36
What is Shift Left? with Vickie Li, Developer Evangelist, Shift Left

What is Shift Left? with Vickie Li, Developer Evangelist, Shift Left

How to Shift Left and why does it matter? 

Feb 20, 202201:36
What is SBOM? with Steve Springett, Senior Manager of Product Security, Service Now & Chair, CycloneDX Working Group, OWASP

What is SBOM? with Steve Springett, Senior Manager of Product Security, Service Now & Chair, CycloneDX Working Group, OWASP

What is a SBOM and how do you get started? It's more than just a simple list of ingredients. 

Feb 12, 202201:52
What is Application Security? with Andy Ellis, Operating Partner, YL Ventures

What is Application Security? with Andy Ellis, Operating Partner, YL Ventures

Welcome to 60 Seconds on AppSec by Enso Security where we will provide you with the answers to the questions you were afraid to ask on AppSec, all under 60 seconds. On our first podcast, we welcome Andy Ellis, Operating Partner of YL Ventures to answer the central question -- What is Application Security? 

Jan 30, 202201:29