Figuring Out Where to Start with Secure Code – ASW #358
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec folks alike -- in crafting code that's secure by design rather than just secure from scanner results.
Mike Shema
- FYI: Secure AI/ML-Driven Software Development (LFEL1012)
- FYI: Launching the 2025 State of Rust Survey
- We found cryptography bugs in the elliptic library using Wycheproof
More results from interns! And a nice update to the Trail of Bits Testing Handbook.
- Latest progress update on Microsoft’s Secure Future Initiative
Check out the details of their latest report for ideas on how to model a product security program.
- OWASP Top 10:2025 RC1 (redux)
Be sure to check out the latest OWASP ASVS, which serves as a better foundation for starting and maturing a secure coding effort.
For more practical and tactical recommendations on specific apps, check out the OWASP Cheatsheet series .
