Difference between revisions of "Podcast 61"

Jump to: navigation, search
m (Questions)
(One intermediate revision by the same user not shown)
Line 1: Line 1:
'''[[OWASP_Podcast|OWASP Podcast Series]] #57'''
'''[[OWASP_Podcast|OWASP Podcast Series]] #61'''
OWASP Interview with David Linthicum<br/>
OWASP Interview with Richard Bejtlich<br/>
Published February ?, 2010<br/>
Published March 10, 2010<br/>
[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/itunes.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png] <!-- [http://www.owasp.org/download/jmanico/owasp_podcast_61.mp3 mp3] -->
[http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewPodcast?id=300769012 http://www.owasp.org/download/jmanico/itunes.jpg] [http://www.owasp.org/download/jmanico/podcast.xml https://www.owasp.org/images/d/d3/Feed-icon-32x32.png][http://www.owasp.org/download/jmanico/owasp_podcast_61.mp3 mp3]

Latest revision as of 07:52, 10 March 2010

OWASP Podcast Series #61

OWASP Interview with Richard Bejtlich
Published March 10, 2010

itunes.jpg Feed-icon-32x32.pngmp3



  1. Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days?
  2. What's the difference between focusing on threats vs focusing on vulnerabilities?
  3. What is your problem with the "protect the data" mindset?
  4. What do you mean by "building visibility in"?
  5. What is your take on the Aurora/Google hack?
  6. You just tweeted that "Network Security Monitoring ideology is the proper mechanism to combat APT/APA". Do you think network IPS/IDS/WAF can help defend insecure web applications? What are the limits of Network Security Monitoring?
  7. How important a role do you think secure coding and secure software development life-cycle play in defending the enterprise?
  8. Have HIPAA, PCI, SOX and other regulations helped reduce risk in the average enterprise?
  9. Is seems pretty clear that attackers have a clear advantage. Why is that? How can we turn the tide?
  10. Any thoughts on OWASP? Are we helping the cause?
  11. Where are we going to be as an industry in 10 years?
  12. You blogged that "The trustworthiness of a digital asset is limited by the owner's capability to detect incidents compromising the integrity of that asset." Given that we don't have any high integrity database, identities or application servers - how do you detect a breach of integrity when there is no verifiable integrity in the system in the first place?