InfoSec for Developers with Kim Carter
What do developers need to know about information security? Carl and Richard talk to Kim Carter about his experiences helping developers secure their web sites. Kim has written a series of books on the subject to help get developers thinking about infosec as they develop, rather than try and cram security on at the end of a project. All kinds of great tools in the show links, including OWASP ZAP, which does fast penetration testing on your site - you can incorporate it into your build process so that your code is security tested as you're building it! InfoSec isn't optional, you need to make it part of your routine development process!
Guests:
Kim Carter
Technologist / Engineer, Information Security Professional, Entrepreneur, founder of BinaryMist Ltd, founder of purpleteam-labs, OWASP NZ Chapter Leader, Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains, Kim enjoys teaching others how to apply information security to their Agile processes, bringing the security focus up front where it's the cheapest to implement, increasing profit while reducing costs and controlling technical debt. Organiser of two information security conferences (OWASP NZ Day and Christchurch Hacker Con), International trainer, speaker and published author.
Links:
- Breakpoint Generator Extension https://blogs.msdn.microsoft.com/visualstudioalm/2015/11/19/breakpoint-generator-extension/
- BinaryMist https://binarymist.io/
- BinaryMist Blog https://blog.binarymist.net/
- OWASP ZAP https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
- Selenium http://www.seleniumhq.org/
- Kim on GitHub https://github.com/binarymist/
- NodeGoat https://www.owasp.org/index.php/Projects/OWASP_Node_js_Goat_Project
- HSTS Preload https://hstspreload.appspot.com/