AppSecEngineer

If your company is unprotected from server-side request forgery (SSRF) attacks, the repercussion might be catastrophic for you. 

Your favorite instructor Abhay Bhargay is back with another AppSecEngineer podcast on SSRF Defense. This deep dive podcast covers the basics of SSRF, why is it the toughest vulnerability to fix and how to defend the SSRF attacks.  

Let's keep on learning!

Have you ever watched a movie where the good guys had to ‘get into the mind’ of the bad guys in order to figure out how to stop them? What if we told you that security engineers do the exact same thing when they perform Threat Modeling?

Look, it’s not like threat modeling is like Minority Report or anything, so don’t get too excited. But it’s still an incredible way to gain insight into the exploitability of your apps. When you know how to break into your own app, you automatically get the blueprints that will help you patch up those security flaws.

Listen to this podcast from AppSecEngineer to know in detail:

What is Threat Modeling?

Types of Threat Modeling: Top 5 Methodologies

Why is Threat Modeling important? Should you learn it?

Threat Modeling courses you can take

You’ve probably heard of these on the interwebs: Offensive and defensive application security. Red team and blue team security. Even purple team security. What do they even mean in the context of application security? And why should you know about them?

In this podcast, I’m going to give you a quick primer on what all of these things are, and why they’re so important for the future of application security. So let’s get right into it, shall we?

There appears to be an odd disconnect between the kind of rampant cyber-abuse we’re enduring on a day-to-day basis, and the response from major educational institutions that train the developers and engineers building the apps and networks we use. Rather, the lack of a response.

To put it more bluntly, we need to start asking, “Why don’t universities teach developers how to build software securely?”

Listen to this podcast from AppSecEngineer to take a deep dive into the bigger picture!

Welcome to AppSecEngineer! If you’ve just joined us, you’re in luck. This year, we’re planning more courses, more hands-on labs, and more live events than ever before!

We’re coming into 2022 in a big way with not one, not two, but THREE big announcements for AppSecEngineer users!

The advantages of hands-on training don’t just apply to individuals — it creates a ripple effect that can be felt across entire groups of people. In the corporate world, this can be seen in the way teams—large or small—respond to getting high-quality training.

Listen to this podcast from AppSecEngineer to know the realtime advantages of hands on learning over traditional classroom learning.
#AppSec #HandsonLabs

The OWASP Top 10 is perhaps the most ubiquitous and well-known security resources out there, and is recognised even outside application security circles. It’s usually the first tool in a security engineer’s toolkit, because it highlights the most common vulnerabilities in software. The annually updated list ensures both developers and security professionals are aware of the vulnerabilities they’re most likely to encounter.

In addition, the OWASP Top 10 offers a way for security engineers to gauge the severity of a vulnerability — the higher up it is on the list, the more critical it is. This is the simplest benchmark to determine which vulnerabilities need to be remediated first.

Listen to this Podcast from AppSecEngineer to know more about OWASP projects and top listed vulnerabilities.

If you want to learn application security and become an AppSec engineer, you need to know not only what your job is going to be like, but how to prepare for it. Listen to this podcast to know in and out of the Application Security Industry. The job profile and role of an Application Security Engineer, skill set required and much more. This podcast will also help solve the biggest dilemma of every security engineer "Do I need to learn to code?"

Listen to this biggest hit piece from AppSecEngineer!

Unrestricted flow of information between apps is a recipe for disaster, particularly when you’re dealing with user data. API Security is what stops someone from intercepting that communication between two apps and capturing data they weren’t supposed to access. Regularly testing and identifying vulnerabilities in your APIs (particularly if your app is divided into multiple micro services) isn’t just a good practice, it’s absolutely essential for ensuring the security of your software. That’s why we’ve created this handy guide on what you need to know about API security in 2022. Listen to this podcast to know about OWASP top 10 API security vulnerabilities and remediations.

If you're looking for a career in Cloud Security, here are 4 things you can do right now to build your skills and AppSec knowledge! In this podcast, we're looking at AppSecEngineer trainer Abhay Bhargav's top 4 tips you can start implementing RIGHT NOW to get ahead of the curve.

Dark Net Criminals are Teaching Courses on Botnets: These botnet trainers charge upwards of $1,400 to train someone, so it's not exactly an impulse buy, but according to their claims, even a novice cybercriminal could learn to operate and monetise their botnets. Here's the breaking news on that. 

The FBI was hacked and someone on twitter took responsibility. In an interview they even said it was just done to prove how vulnerable the FBI is. This is a really bizarre one that application security folks, hackers and cybersecurity professionals everywhere will love. John McClane anyone?

Your career is about to change! What even IS the Paris call for Trust and Security in Cyberspace and why did the US Vice Prez Kamala Harris announce their support today? Pundits at appsecengineer.com break it down for you.