Down the Security Rabbithole Podcast (DtSR)
Down the Security Rabbithole Podcast (DtSR)
Rafal (Wh1t3Rabbit) Los
Support podcast
Episodes
About
Reviews
Charts
Promote
Down the Rabbithole - Episode 3 - "QA and Security, Can we make it work?"
30 minutes Posted Oct 10, 2011 at 2:34 pm.
0:00
30:07
Download MP3
Show notes

Synopsis

  Over the past year and a half of so, I've been pushing hard to change the paradigm around secure software - specifically the testing aspect of it to incorporate a much heavier emphasis on quality assurance.  That conversation spilled over into an OWASP conversation, which lead Glenn, Rohit and I to sit down and record this conversation we had - as we appear to be of like mind.  While it's not trivial to incorporate security testing into quality assurance, it's not impossible, and in fact, more practical than you may think.

  In this segment we discuss what security testing in a QA team looks like, how it's potentially split up, and whether we can really and truly make it work.  Glenn provides his practical perspective being an implementer of this methodology, while Rohit and I provide an across-the-industry discussion and commentary.

  I think you'll find this podcast episode fascinating, especially if you're struggling with the QA/Security relationship.

Guests

  • Rohit Sethi - VP Product Development at SD Elements (http://www.sdelements.com)
    Rohit Sethi is a specialist in building security controls into the software development life cycle (SDLC). Rohit is a SANS course developer and instructor on Secure J2EE development. He has spoken and taught at FS-ISAC, RSA, OWASP, Shmoocon, CSI National, Sec Tor, Infosecurity New York and Toronto, TASK, the ISC2's Secure Leadership series conferences, and many others. Mr. Sethi has written articles for Dr. Dobb's Journal, TechTarget, Security Focus and the Web Application Security Consortium (WASC), and he has been quoted as an expert in application security for ITWorldCanada and Computer World. He also leads the OWASP Design Patterns Security Analysis project. 
  • Glenn Leifheit - Lead Information Security Consultant at FICO (http://www.fico.com)
    Glenn Leifheit, CISSP, CSSLP is a Senior Security Architect at FICO. He has worked in developing, managing, architecting and securing large scale applications for over 15 years. His day is spent rolling out an Enterprise secure software development lifecycle and managing PCI requirements as well as secure software reviews. Glenn is active in the Technology community as the Co-Chair of (ISC)2 Application Security Advisory Board, President of TechMasters Twin Cities, as an active member of IASA (International Association of Software Architects) and OWASP (Open Web Application Security Project) as well as a regional speaker evangelizing secure software. Glenn's blog is located at www.glennleifheit.com. 

Links

  • No links for this podcast...

Support the show

>>> If you're reading this, consider clicking the link above to support the show!
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHq
LinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/
X/Twitter: https://twitter.com/dtsr_podcast

This podcast uses Podtrac for stats, and Buzzsprout for stats. Learn more on this podcast's About tab.
← See all 635 episodes of Down the Security Rabbithole Podcast (DtSR)
Podbay © 2024 Fancy Soups
AboutAll Podcasts