Is there truly no such thing as “done” with application security? Are our Sisyphean hosts therefore doomed to ever push this rock up the mountain, just to discuss ways to push it up again? Lo, join us here (Noon EDT) to bear witness to their cursed fates:
Conversation
Replying to
Tune in now: and are all set to go. Also join the slack here to discuss more in depth with the Absolute AppSec community: join.slack.com/t/absoluteapps
1
Central Europe! Sign up for practical secure-code review training ! Here's a blog write-up on what you'll get from the secure-code methodology Seth and Ken teach devs and other security professionals:
1
1
More info on Deepsec in Vienna here.
1
Here is more background on the absolute appsec blog regarding the secure-code review methodology.
1
First topic of the show is related to security training and David Wheeler's comments on writing secure software:
1
As points out in his discussion of security implementations at GH, it's a matter of having the subject matter expert concerning a codebase and/or a pull request to add security concerns as part of the manifold concerns they have to ruminate on.
1
The curiosity mindset is the most effective basis for security implementation. - (Because curious devs will be the ones interested in possible edge cases to new code deployments as well as the potential solutions.)
1
1
Next topic: Internet of Things/physical infrastructure security controls being looked at by the US Gov't:
1
More info on White House initiatives discussed in the fact sheet here:
Show additional replies, including those that may contain offensive content
Show