Application Security Best Practices – James Manico – ASW #125
Managing passwords is a critical developer task. Developers tasked with building or augmenting legacy authentication systems have a daunting task when facing modern adversaries. This session will review some of the changes suggested in NIST SP800-63b the "Digital Identity Guideline on Authentication and Lifecycle Management regarding password policy".
Jim Manico is the founder of Manicode Security, a company dedicated to providing expert training in secure coding and AI security engineering to software developers. In addition to leading Manicode, Jim is actively involved in the tech-startup ecosystem as an investor and advisor. His portfolio includes notable companies such as Semgrep, EdgeScan, Nucleus Security, Defect Dojo, RAD Security, Akto, Inspectiv, Levo.ai, and Phoenix Security. He is also a limited partner investor with Aviso Ventures and Grossman Ventures, bringing software-security expertise to the venture-capital domain.
A recognized figure in the software-development community, Jim is best known for advancing secure-software practices. He authored Iron-Clad Java: Building Secure Web Applications (Oracle Press) and holds the title of Java Champion. Jim gives back to the application-security community through his volunteer work with the OWASP Foundation, co-leading the OWASP Artificial Intelligence Security Verification Standard (AISVS), the OWASP Application Security Verification Standard (ASVS), and the OWASP Cheat Sheet Series.
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Fortinet SIEM RCE, Facebook Bug Bounty, & Anti-Virus Vulnerabilities – ASW #125
Redefining Impossible: XSS without arbitrary JavaScript, API flaws in an "unconventional" smart device, Facebook Bug Bounty Announces "Hacker Plus", Anti-Virus Vulnerabilities, and Chrome Introduces Cache Partitioning!
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
It's official! Security Weekly, in partnership with CyberRisk Alliance, is excited to present Security Weekly Unlocked on December 10, 2020. The inaugural edition of Security Weekly Unlocked also celebrates Security Weekly's 15th Anniversary. Visit securityweekly.com/unlocked to submit your presentation & register for free!
