State Of Application Security 2024 – Sandy Carielli, Janet Worthington – ASW #290
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous speed.
Segment resources
- https://www.forrester.com/blogs/ludicrous-speed-because-light-speed-is-too-slow-to-secure-your-apps/
- They're also conducting a survey on how orgs use Top 10 lists. Provide your response at https://forrester.co1.qualtrics.com/jfe/form/SV_9Z7ARUQjuzNQf0q
Sandy advises security and risk professionals on application and product security, with a particular emphasis on the collaboration among security and risk, product management, application development, operations, and business teams. Her research covers topics such as proactive security design, protecting modern and emerging application architectures, protection of applications in production environments, and embedding security throughout the product lifecycle.
Janet Worthington is a Senior Analyst for Security & Risk at Forrester. Janet covers product security, software supply chain, Open Source security, and DevSecOps. Janet’s background is in product management and application security.
You're invited to InfoSec World 2024 at Disney’s Coronado Springs Resort in Lake Buena Vista, FL, from September 23-25. Join top cybersecurity experts for this premier event! Save 25% on your pass by using code ISW24-SW25 when you register at securityweekly.com/infosecworld2024. Don’t miss out on this exclusive opportunity!
Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters – ASW #290
Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more!
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Mike Shema
- Automatically replacing polyfill.io links with Cloudflare’s mirror for a safer Internet
- regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server | Qualys Security Blog
- Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
- CyberSecPolitics: Automated LLM Bugfinders
- Investing to deliver more | Blog – PortSwigger
