Robert Seacord, author of Effective C, The CERT C Coding Standard, and Secure Coding in C and C++, discusses the top 5 security issues and the tools and techniques you can employ to write secure code in C. Host Gavin Henry spoke with Seacord about...
Sam Scott, CTO of Oso discusses authorization challenges with host Priyanka Raghavan. They discussed basics such as definitions of authorization, RBAC, ReBAC and differentiating with authentication. Sam also described the Google Zanzibar engine. The...
Luke Hoban, CTO of Pulumi, joined host Jeff Doolittle for a conversation about infrastructure as code (IAC), which allows software development teams to configure and control their cloud infrastructure assets using code in contrast to other...
Leonid Shevtsov, software architect at Railsware and developer of a forthcoming mail transfer agent talks with host Robert Blumen about email protocols and transactional email. The discussion opens with an overview of email; the architecture of...
Paul Butcher of AdaCore discusses Fuzz Testing, an automated testing technique used to find security vulnerabilities and other software flaws. Host Philip Winston spoke with Butcher about positive and negative testing, how fuzz testing fits into the...
Michael L. Perry discusses his recently published book, The Art of Immutable Architecture. Using familiar examples such as git and blockchain, he distinguishes immutable architecture from other approaches and addresses possible misunderstandings...
Sven Schleier and Jeroen Willemsen from the OWASP Mobile Application Security Verification Standard (MASVS) and Testing Guide (MSTG) project discuss mobile application security and how the verification standard and testing guide can be used to...
Adam Shostack of Shostack & Associates and author of Threat Modeling: Designing for Security discussed different approaches to threat modeling, the multiple benefits it can provide, and how it can be added to an organization’s existing software...
Torin Sandall of Styra and Open Policy Agent discussed OPA and policy engines and how they can benefit software projects security and compliance. Host Justin Beyer spoke with Sandall about the benefits of removing authorization logic from your...
Bert Hubert, author of the open source PowerDNS nameserver discusses DNS security and all aspects of the Domain Name System with its flaws and history. Host Gavin Henry spoke with Hubert about what DNS is, DNS history, DNS attacks, DNS flaws, DNS...