Application Security Weekly Subscribe

Application security, DevSecOps

Doing Application Security Right – Farshad Abasi – ASW #188

March 14, 2022

Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no attention to Application Security. Security providers usually tack-on AppSec services to their existing menu of offering without understanding the domain, and their team of professionals have little or no experience with software development or inner workings of modern application architectures. As the world turns Digital at a rapid pace accelerated by the recent pandemic, applications become common place in our lives, providing attackers more opportunities to exploit these poorly protected applications. As such, it is important to know what is actually required to build and run software securely, and how to do application security right.

Segment Resources: https://forwardsecurity.com/2022/03/07/application-security-for-busy-tech-execs/

Full episode and show notes

Announcements

Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Founder and CEO at Forward Security

Farshad Abasi is the Founder and CEO of Forward Security, bringing over 27 years of industry experience to the forefront of cybersecurity innovation. His professional journey includes key technical roles at Intel and Motorola, evolving into senior security positions as the Principal Security Architect for HSBC Global, and Head of IT Security for the Canadian division. Farshad’s commitment to the field extends to his role as an instructor at BCIT, where he imparts his wealth of knowledge to the next generation of cybersecurity experts.

At Forward Security, Farshad leads the development of the Eureka DevSecOps platform and the delivery of comprehensive security services. His diverse experience, ranging from startups to large enterprises, informs Forward Security’s approach to delivering adaptive, reliable solutions.

Engaged actively in the cybersecurity community through roles in BSides Vancouver/MARS, OWASP Vancouver/AppSec PNW, and as a CISSP designate, Farshad’s vision and leadership continue to drive the industry forward. Under his guidance, Forward Security is setting new standards in application and cloud security

Hosts

Tech Lead at Block

Senior Engineering Leader at AWS

Related

Vulnerability Management

2024 End-of-Year News and Wrapup – ESW #388

December 19, 2024

As we wrap up the year, we have an honest discussion about how important security really is to the business. We discuss some of Katie's predictions for AppSec in 2025, as well as "what sucks" in security!

Ancient Curl Bug, AWS re:Invent, Malware in NPM, Census III Report, MS OTP – ASW #311

December 16, 2024

Curl's oldest bug yet, RCPs (and more!) from AWS re:Invent, possible controls for NPM's malware proliferation, insights and next steps on protecting top 500 packages from the Census III report, the flawed design choice that made Microsoft's OTP (successfully) brute-forceable, and more! 00:00 - Intro & Cyber Resilience Insights 01:20 - The 25-Y...

Application security

Applying Usability and Transparency to Security – Hannah Sutor – ASW #311

December 16, 2024

Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those improvements didn't arise from a narrow security view. Hannah Sutor talks about the importance of balancing security with usability, the importance of engaging with users when determining defaults, and se...