Threat Modeling and (Extreme) Shift Left with Anderson Dadario

https://is1-ssl.mzstatic.com/image/thumb/Podcasts221/v4/ab/67/2f/ab672fad-134e-f36b-133a-c3a26a09dd5c/mza_9765846049798405650.jpg/600x600bb.jpg

Dev Academy Podcast

Bartosz | Dev Academy

13 episodes

3 days ago

Welcome to the "Dev Academy Podcast," the chill spot where we talk all things code without the fluff. Join us as we break down timeless software engineering fundamentals: think security that keeps the baddies out, testing that’s actually fun, architecture that doesn’t crumble, and design that’s as sleek as it is smart. Hosted by Bartosz Pietrucha, who's seen it all from the code trenches to the top tech stages, we’re here to share stories, tips, and laughs. Whether you’re a pro coder or just starting out, we’ve got something for you.

Technology

RSS

All content for Dev Academy Podcast is the property of Bartosz | Dev Academy and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

https://d3t3ozftmdmh3i.cloudfront.net/staging/podcast_uploaded_episode/40497048/40497048-1712265361886-c5f405cd0a78b.jpg

Threat Modeling and (Extreme) Shift Left with Anderson Dadario

Dev Academy Podcast

1 hour 19 minutes 12 seconds

1 year ago

Threat Modeling and (Extreme) Shift Left with Anderson Dadario

Web Security Dev Academy WAITING LIST: http://links.dev-academy.com/b8F Secure your spot and receive exclusive bonuses 🎉

In this conversation, Anderson Dadario, the founder of DevOps.security, discusses the importance of integrating security into the software development process. He explains the differences between traditional DevOps and DevSecOps, emphasizing the need for security by design and shifting security left in the development cycle. Anderson also provides insights into conducting a threat modeling exercise for a web application, identifying potential risks, and implementing mitigation techniques. He highlights the importance of understanding the business requirements and balancing security measures with the risk appetite of the company. Additionally, he suggests quick wins for developers to integrate security into their DevOps workflow. The conversation covers different approaches to threat modeling, common security vulnerabilities for developers, spectacular exploitation situations, and final thoughts and resources.

Takeaways

Integrating security into the software development process is crucial for building secure applications.
DevSecOps focuses on security by design and shifting security left in the development cycle.
Threat modeling exercises help identify potential risks and implement mitigation techniques.
Understanding the business requirements and balancing security measures with the risk appetite of the company is essential.
Quick wins for integrating security include using tools like dependency scanners, conducting threat modeling sessions, and standardizing security processes across teams. Threat modeling can be approached in different ways, including manual, automated, and scaled approaches.
Outdated frameworks and lack of data validation and authorization checks are common security vulnerabilities that developers need to be aware of.
Spectacular exploitation situations can occur when critical vulnerabilities are discovered in production applications.
Remaining curious and continuously learning is essential for navigating the complex field of security.

Connect with Us:

Bartosz: - https://github.com/bartosz-io - https://twitter.com/bartosz_io - https://www.linkedin.com/in/bpietrucha Anderson: - https://www.linkedin.com/in/andersondadario/

- https://devops.security/ Thank you for tuning in to the Dev Academy Podcast. Enhance your web security insight with us as we explore the fascinating world of technology with industry experts.

#DevSecOps #WebSecurity #SoftwareDevelopment #ThreatModeling #CyberSecurity #SecurityByDesign #DevOpsSecurity #SecureCoding