State Of Application Security 2024 – Sandy Carielli, Janet Worthington – ASW #290
Full Audio
View Show IndexSegments
1. State Of Application Security 2024 – Sandy Carielli, Janet Worthington – ASW #290
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous speed.
Segment resources
- https://www.forrester.com/blogs/ludicrous-speed-because-light-speed-is-too-slow-to-secure-your-apps/
- They're also conducting a survey on how orgs use Top 10 lists. Provide your response at https://forrester.co1.qualtrics.com/jfe/form/SV_9Z7ARUQjuzNQf0q
Announcements
You're invited to InfoSec World 2024 at Disney’s Coronado Springs Resort in Lake Buena Vista, FL, from September 23-25. Join top cybersecurity experts for this premier event! Save 25% on your pass by using code ISW24-SW25 when you register at securityweekly.com/infosecworld2024. Don’t miss out on this exclusive opportunity!
Guests
Sandy is a principal analyst at Forrester advising security and risk professionals on application security, with a particular emphasis on the collaboration among security and risk, application development, operations, and business teams. Her research covers topics such as proactive security design, security testing in the software delivery lifecycle, protection of applications in production environments, and remediation of hardware and software flaws.
Janet Worthington is a Senior Analyst for Security & Risk at Forrester. Janet covers product security, software supply chain, Open Source security, and DevSecOps. Janet’s background is in product management and application security.
Hosts
2. Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters – ASW #290
Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet
- 2. regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server | Qualys Security Blog
- 3. Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
- 4. CyberSecPolitics: Automated LLM Bugfinders
- 5. Investing to deliver more | Blog – PortSwigger
