• Your First 90 Days in a New AppSec Role

  • 2024/07/31
  • 再生時間: 48 分
  • ポッドキャスト

Your First 90 Days in a New AppSec Role

  • サマリー

  • 📋 Show Notes
    Secrets of AppSec Champions: Laying the Foundation of Application Security

    In the inaugural episode of the multi-part series 'Decoding Application Security,' host Chris Lindsey and guest Anthony Israel-Davis, Product Security Manager at Fortra, dive into the fundamentals of building a successful application security program for large teams. They discuss essential first steps when starting at a new company, the importance of understanding the company culture, and the critical role of security champions. The conversation covers various aspects of application security, including the implementation of SCA, SAST, and DAST tools, the nuances of API and container security, and the importance of building strong relationships with developers and QA teams. Ultimately, the episode emphasizes the incremental and strategic approach necessary for managing and mitigating risks effectively in a complex software development environment.

    ❇️ Key Topics with Timestamps
    00:00 Introduction to Software Building

    00:59 Meet the Expert: Anthony Israel Davis

    01:08 First Steps in a New Company

    02:57 Understanding the Application Environment

    04:54 Building a Solid Security Foundation

    11:29 The Role of Static Analysis (SAST)

    17:12 Empowering Teams with Security Mindset

    22:07 Collaboration with QA for Security

    24:47 Ensuring a Clean Build: Developer and QA Collaboration

    26:17 Dynamic Scanning Explained

    27:32 Regression Testing and DAST

    28:05 Understanding DAST Results and Fuzzing

    33:24 API Testing: A Critical Component

    37:02 Containerization and Security

    42:12 Building a Secure Development Process

    46:39 Final Thoughts and Key Takeaways

    続きを読む 一部表示

あらすじ・解説

📋 Show Notes
Secrets of AppSec Champions: Laying the Foundation of Application Security

In the inaugural episode of the multi-part series 'Decoding Application Security,' host Chris Lindsey and guest Anthony Israel-Davis, Product Security Manager at Fortra, dive into the fundamentals of building a successful application security program for large teams. They discuss essential first steps when starting at a new company, the importance of understanding the company culture, and the critical role of security champions. The conversation covers various aspects of application security, including the implementation of SCA, SAST, and DAST tools, the nuances of API and container security, and the importance of building strong relationships with developers and QA teams. Ultimately, the episode emphasizes the incremental and strategic approach necessary for managing and mitigating risks effectively in a complex software development environment.

❇️ Key Topics with Timestamps
00:00 Introduction to Software Building

00:59 Meet the Expert: Anthony Israel Davis

01:08 First Steps in a New Company

02:57 Understanding the Application Environment

04:54 Building a Solid Security Foundation

11:29 The Role of Static Analysis (SAST)

17:12 Empowering Teams with Security Mindset

22:07 Collaboration with QA for Security

24:47 Ensuring a Clean Build: Developer and QA Collaboration

26:17 Dynamic Scanning Explained

27:32 Regression Testing and DAST

28:05 Understanding DAST Results and Fuzzing

33:24 API Testing: A Critical Component

37:02 Containerization and Security

42:12 Building a Secure Development Process

46:39 Final Thoughts and Key Takeaways

Your First 90 Days in a New AppSec Roleに寄せられたリスナーの声

カスタマーレビュー:以下のタブを選択することで、他のサイトのレビューをご覧になれます。