Intro to App Sec (with Frank Rietta)
Advanced Persistent Security Podcast
Guest: Frank Rietta
August 29, 2016
If you enjoy this podcast, be sure to give us a 5 Star Review and “Love Us” on iTunes; Like us on Google Play, Stitcher, Sound Cloud, Spreaker, and YouTube.
NOTE: The opinions expressed in this podcast are ours alone and do not reflect those of our employers
Intro to App Sec (with Frank Rietta) Show Notes
We introduce Frank and discuss his background. We begin to discuss application security (App Sec) and how it plays into the cloud. We also provide a few cloud definitions
We discuss defense in Depth. We provide a definition and some applicable scenarios as to its use. We graze the surface on passwords, encryption, access controls, and training. We discuss training and events local to Atlanta and the Georgia area.
We discuss some scenarios we have seen or heard about in the security space and how they work or did not work. We also discuss the role of security in system development and the relationships between the business, security, developers, and dev ops. We discuss bug bounties on sites like HackerOne and BugCrowd.
We introduce the following lists to help security professionals and developers alike:
- OWASP Top 10
- OWASP Application Security Standard Verification Standard (ASVS)
- Center for Internet Security (CIS) Critical Security Controls (formerly the SANS Top 20)
- Cloud Security Alliance (CSA) Treacherous 12
Mr. Rietta’s role in Rietta Inc is to ensure that your project is designed for security and speed.
With over 16 years of career experience, he is specialized in working with startups, new Internet businesses, and in developing with the Ruby on Rails platform to build scalable businesses.
He is a computer scientist with a Masters in Information Security from the College of Computing at the Georgia Institute of Technology.
Frank is a public speaker, teaching about data breaches and information security topics. You can also follow him on Twitter or LinkedIn using the links below.
Frank’s Book Recommendations
Announcements and Resources
Advanced Persistent Security has partnered with the EC-Council to provide a discounted EC-Council Training Event to our readers and listeners. The codes are only good for the Hacker Halted event in Atlanta, GA September 11-14 and 15-16, 2016. Below are the codes, if you have any questions, Contact Us.
Password Blog Links:
Vulnerable Web Applications for Learning:
OWASP Maintains a list here.
Security Onion Conference: Friday, September 9, 2016 from 7:30 AM to 5:00 PM (EDT)
Jaguar Student Activity Center (JSAC) Ballroom
2500 Walton Way
Augusta, GA 30904
BSides Augusta: September 10, 2016 at 7:45 AM
SEPTEMBER 11TH-14TH, 2016
$1,999 Courses if you register using discount code: HHAPSTRN
Choose one of the following courses and exams:
- Certified Ethical Hacker (C|EH)*
- Computer Hacking Forensic Investigator (C|HFI)*
- Certified Security Analyst (E|CSA/L|PT)*
- Certified Chief Information Security Officer (C|CISO)*
All courses include:
- Official Courseware
- 1 Complimentary Exam Voucher
- Certificate of attendance
- Lunch and coffee breaks throughout the duration of the training
- Complimentary Pass to Hacker Halted – Atlanta conference (September 15 & 16)
*Individual conference passes can be purchased for $35 (down from $199) Use code: HHAPSCON
Instructions for registration:
1) Click here
2) Fill in all the necessary info
3) Enter Qty (1) for conference pass – public
4) Enter promotional code HHAPSCON (for $35 Conference Passes) HHAPSTRN (for $1,999 Courses)
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.