Challenges Implementing & Sustaining DevSecOps with Hasan Yasar

Release Date: 02/18/2022

Description: On this week's episode of Compliance Unfiltered, Adam uncovers the depths of Security testing, and the difference between Vulnerability Scans Vs. Penetration Testing. Wondering why an organization should do security testing? Curious about Vulnerability Scans? Want to know the ins and outs of Penetration Testing? Are you expected to answer questions for your team on the advantages and disadvantages of security testing? Have no fear, the guys have got you covered, all on this week's Compliance Unfiltered! Remember to follow Compliance Unfiltered on Twitter and Instagram @compliancesucks

Explicit: No

Release Date: 04/27/2023

Authors: Superfluid

Description: This week's episode features an interview between Patrick Collins and a Web3 Security Engineer at Trail of Bits. They cover:- testing methodologies- fuzzing- static analysisWith Trail of Bits Security Engineer, Troy!Timestamps3:10 - Exploring Smart Contract Testing Methodologies with Trail of Bits5:37 - Testing Strategies for Smart Contracts8:10 - Fuzz Testing and Invariant-Based Testing Explained10:56 - Coverage Guided Fuzzing Explained13:50 - The Benefits of Coverage Guided Fuzzing and the Differences between Echidna, Foundry, & Others16:27 - Using Coverage Guided Fuzzing with Optic and Echidna19:12 - Symbolic execution and coverage-guided fuzzing in Echidna21:57 - Testing Philosophies: Dynamic vs. Static Testing24:24 - Dynamic vs Static Analysis and the trade-offs of each approach27:10 - The Importance of Efficient Testing and Using a Variety of Testing Methods29:57 - The Role of Security Firms and Testing Philosophies32:33 - Balancing Cost and Efficiency in Security Audits35:15 - The Importance of Code Reuse in Building Tools and Languages38:04 - The pitfalls of focusing on language intricacies in programming and the benefits of prioritizing language design and philosophy40:41 - The Need for More Open Source Tools and Communication in the Ethereum Community43:22 - Advice for becoming more security-minded in smart contract coding45:51 - Discussion with Alpha Rush on Testing Compilers and Security Focus Journeys

Explicit: No

Release Date: 11/28/2023

Description: In this insightful episode of "Reimagining Cyber," hosts Rob Aragao and Stan Wisseman underscore the criticality of deploying diverse testing methods, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), for a comprehensive assessment and effective mitigation of vulnerabilities in the cyber landscape.The hosts meticulously explore the nuances differentiating SAST and DAST, highlighting that SAST involves meticulous inside-out analysis through source code examination, while DAST employs a strategic outside-in analysis by rigorously testing running applications. Delving into the intricacies, they address challenges related to false positives in static analysis and illuminate coverage issues within dynamic testing methodologies.The conversation seamlessly extends to emphasize the paramount importance of seamlessly integrating security testing into the development workflow, thereby minimizing friction for developers. The hosts delve into the evolving role of developers in the realm of security testing, showcasing a notable shift towards early integration of dynamic tests within the software development lifecycle.Introducing the pivotal concept of Software Composition Analysis (SCA), the hosts accentuate its indispensable role in the identification and management of vulnerabilities stemming from open-source components. They underscore the significance of comprehensive awareness about the components utilized in applications, enabling swift responses to zero-day vulnerabilities and adeptly addressing licensing concerns.Conclusively, the discussion advocates for a holistic approach to application security, encompassing SAST, DAST, and SCA methodologies. The hosts ardently stress the necessity of striking an optimal balance between development velocity and rigorous testing to proactively avert the potential high costs and repercussions associated with security breaches. Stay tuned for actionable insights that empower your cybersecurity strategy!Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Explicit: No

Release Date: 09/09/2022

Description: Sergej Dechand shares his security journey from usable security research to Co-Founding Code Intelligence, where he is CEO. Code Intelligence delivers open-source static analysis-guided fuzz testing that enables developers to simplify software security testing without modifying their code.   In this episode of a YSecurity.io production, we dive into the compelling world of software security with Sergej Dechand, Co-Founder and CEO of Code Intelligence. Sergej takes us through his fascinating journey from conducting usable security research to leading a company that's revolutionizing the way developers approach software security testing through open-source static analysis-guided fuzz testing. Sergej explains how Code Intelligence is making sophisticated security testing accessible and efficient for developers, enabling them to detect vulnerabilities without the need to modify their existing code. By leveraging the power of fuzz testing, Code Intelligence empowers developers to build safer applications, highlighting Sergej's commitment to improving software security from the ground up. Throughout the conversation, Sergej shares insights into the challenges and opportunities in the field of software security, emphasizing the importance of making security tools both powerful and user-friendly. He discusses the inspiration behind Code Intelligence, the impact of open-source contributions, and the future of security testing in an increasingly digital world. Listeners will gain a deeper understanding of the critical role of security testing in software development and the innovative approaches being developed to tackle these challenges. Sergej's journey from a researcher to a tech entrepreneur provides a unique perspective on the intersection of usability and security, showcasing the potential for technology to create safer digital environments. Join us on this YSecurity.io production for an enlightening conversation with Sergej Dechand. Whether you're a developer, a security professional, or someone interested in the evolving landscape of software development and security, this episode offers valuable insights into the cutting-edge of security testing technology. Tune in as we explore how Code Intelligence is simplifying and strengthening software security, one fuzz test at a time.

Explicit: No