By AppSec Engineer
AppSecEngineerSep 22, 2022
How to effectively implement SSRF Defense
If your company is unprotected from server-side request forgery (SSRF) attacks, the repercussion might be catastrophic for you.
Your favorite instructor Abhay Bhargay is back with another AppSecEngineer podcast on SSRF Defense. This deep dive podcast covers the basics of SSRF, why is it the toughest vulnerability to fix and how to defend the SSRF attacks.
Let's keep on learning!
Why Should You Learn Kubernetes Security?
Today, Kubernetes is one of the most sought-after skills in product engineering because it allows applications to scale up massively without sacrificing stability, speed, or security. As a result, professionals with skills in Kubernetes security are also in high demand. In fact, organisations around the world expect production projects using Kubernetes to rise by 61% over the next two years.
That’s why we created this podcast: to help you understand how you can learn Kubernetes, what you can expect in a career in Kubernetes security, and the best courses you can take to build skill fast.
What is Threat Modeling and How Do You Learn It?
Have you ever watched a movie where the good guys had to ‘get into the mind’ of the bad guys in order to figure out how to stop them? What if we told you that security engineers do the exact same thing when they perform Threat Modeling?
Look, it’s not like threat modeling is like Minority Report or anything, so don’t get too excited. But it’s still an incredible way to gain insight into the exploitability of your apps. When you know how to break into your own app, you automatically get the blueprints that will help you patch up those security flaws.
Listen to this podcast from AppSecEngineer to know in detail:
What is Threat Modeling?
Types of Threat Modeling: Top 5 Methodologies
Why is Threat Modeling important? Should you learn it?
Threat Modeling courses you can take
What is Purple Team Security and Why Should You Care About It?
You’ve probably heard of these on the interwebs: Offensive and defensive application security. Red team and blue team security. Even purple team security. What do they even mean in the context of application security? And why should you know about them?
In this podcast, I’m going to give you a quick primer on what all of these things are, and why they’re so important for the future of application security. So let’s get right into it, shall we?
Universities Aren’t Doing Enough About Developer Security. Here’s Why You Should Care.
There appears to be an odd disconnect between the kind of rampant cyber-abuse we’re enduring on a day-to-day basis, and the response from major educational institutions that train the developers and engineers building the apps and networks we use. Rather, the lack of a response.
To put it more bluntly, we need to start asking, “Why don’t universities teach developers how to build software securely?”
Listen to this podcast from AppSecEngineer to take a deep dive into the bigger picture!
Putting the ‘Sec’ in DevOps: How to Train for DevSecOps
Over the last decade, we’ve seen a shift in the way we view security in the software development lifecycle (SDLC). DevOps—and subsequently DevSecOps—are relatively recent innovations that focus on Continuous Integration/Continuous Delivery (CI/CD) and integrating security at a fundamental level in the software being developed.
This podcast will tell you everything you need to know when looking for a career in DevSecOps, and how a DevOps engineer can train for DevSecOps. But first, we need to understand what these terms even mean, and how to differentiate between multiple disciplines.
Listen to this podcast from AppSecEngineer to skill up as DevSecOps engineer
Our Newest Feature Will Change the Way You Learn
Welcome to AppSecEngineer! If you’ve just joined us, you’re in luck. This year, we’re planning more courses, more hands-on labs, and more live events than ever before!
We’re coming into 2022 in a big way with not one, not two, but THREE big announcements for AppSecEngineer users!
Hiring vs. Training: What’s Better for Your Organization?
So your company just signed up a major new client to develop their business applications. It’s a huge project, and your whole team’s going to be involved, and it’s really exciting. There’s just one problem. They want their apps to run on Kubernetes.
Your product engineers are familiar enough with containers and Kubernetes to get it done. But what about application security? Nobody on your team is willing to risk building an entire app in Kubernetes without being confident that they can properly secure it. This can be a deal-breaker, and that contract is on the line.
Now its time to make the decision of Hiring vs Training your team for application security
Listen to this podcast from AppSecEngineer and thank us later for sorting out things for you!!
4 Unconventional Ways to Level Up Your Cloud Security Career Right Now
Nothing in the world of cloud ever stays the same week on week, and the same goes for cloud security. So what does this mean for your career as a cloud security engineer? Well, two things: first, you can rest assured that if you’ve got the goods, there’s almost certainly a job for you out there.
But this also means there’s a ton of competition for cloud security jobs, and if you want to stay competitive, you need to bring some serious skills to the table.
Luckily for you, we’ve got your back! In this podcast, we’re looking at AppSecEngineer trainer Abhay Bhargav’s top 4 tips you can start implementing RIGHT NOW to get ahead of the curve.
Listen to this podcast from AppSecEngineer to know more!
The Application Security Crisis: Why Training Your Team Should Be Your #1 Priority
Security is a big deal, and product teams need it now more than ever. Despite this, 76% of cybersecurity leaders in 2020 said they were facing a serious shortage of skilled talent. That’s a massive skill gap indicating that the supply is nowhere near able to meet the demand. The industry may be growing faster than ever, but the talent pool simply isn’t.
If you’re at the head of a team that’s building a new app but don’t have the expertise to secure it properly, that’s a problem. The attack surface of a traditional application is very different from that of, say, a serverless app, or even a containerized app. You’re dealing with vastly different (yet related) technologies here, and it’s critical for your product engineers to learn how they work and how to make them secure.
When faced with a problem like this, you only have two options as a team lead: hire a subject-matter expert, or train your team in the areas they lack experience in.
Listen to this podcast from AppSecEngineer and assess your organizational needs for Application Security.
Is Hands-on Learning Actually Better?
The advantages of hands-on training don’t just apply to individuals — it creates a ripple effect that can be felt across entire groups of people. In the corporate world, this can be seen in the way teams—large or small—respond to getting high-quality training.
Listen to this podcast from AppSecEngineer to know the realtime advantages of hands on learning over traditional classroom learning.
How to Become a Cloud Security Engineer?
How do you learn cloud security? What are the best cloud security courses to start with?
There are tons of super-important questions you’re probably having right now. But that’s a good thing! It means you’re ready to learn, and when you know exactly where to take your first step, you’re going to be on track to building your career as a cloud security engineer.
Cloud security is one of the fastest-growing fields of cybersecurity. Valued at $6.76 billion in 2019, the cloud security market is expected to grow to $12.73 billion by 2022. That’s near double the growth in just 3 years!
Clearly there’s a huge market for cloud security in general, but it gets better: more than 76% of leaders say they’re facing a serious shortage of cybersecurity skills.
Whether you’re a developer considering a career in AppSec, or a security engineer looking to switch your area of expertise, this presents a MASSIVE career opportunity for those willing to learn cloud security and make the leap.
Listen to this podcast from AppSecEngineer to know in and out of cloud security career !
Why is OWASP Top 10 So Important for AppSec Engineers?
The OWASP Top 10 is perhaps the most ubiquitous and well-known security resources out there, and is recognised even outside application security circles. It’s usually the first tool in a security engineer’s toolkit, because it highlights the most common vulnerabilities in software. The annually updated list ensures both developers and security professionals are aware of the vulnerabilities they’re most likely to encounter.
In addition, the OWASP Top 10 offers a way for security engineers to gauge the severity of a vulnerability — the higher up it is on the list, the more critical it is. This is the simplest benchmark to determine which vulnerabilities need to be remediated first.
Listen to this Podcast from AppSecEngineer to know more about OWASP projects and top listed vulnerabilities.
The Definitive Guide to Becoming an Application Security Engineer
If you want to learn application security and become an AppSec engineer, you need to know not only what your job is going to be like, but how to prepare for it. Listen to this podcast to know in and out of the Application Security Industry. The job profile and role of an Application Security Engineer, skill set required and much more. This podcast will also help solve the biggest dilemma of every security engineer "Do I need to learn to code?"
Listen to this biggest hit piece from AppSecEngineer!
Top 7 Kubernetes Security Issues and How to Fix Them!
On the one hand, Kubernetes is the single most popular platform to manage containers, and for good reason. It’s incredibly powerful, endlessly flexible, and easily portable across various infrastructures and environments. But on the other hand, it can be painfully complex. “K8s configurations are not living, majestic trees,” says Regis Wilson, founding engineer at Release. “They are a bunch of dead chopped wood.”
Suffice it to say that most developers (and security professionals) share a love-hate relationship with everyone’s favourite container orchestration system. To make your lives easier, we’ve compiled a list of 7 of the most common security issues found on Kubernetes, plus some best-practices on how to get rid of them. Listen to this podcast and thank us later.
The 2022 Guide to API Security: What You Need to Know
Unrestricted flow of information between apps is a recipe for disaster, particularly when you’re dealing with user data. API Security is what stops someone from intercepting that communication between two apps and capturing data they weren’t supposed to access. Regularly testing and identifying vulnerabilities in your APIs (particularly if your app is divided into multiple micro services) isn’t just a good practice, it’s absolutely essential for ensuring the security of your software. That’s why we’ve created this handy guide on what you need to know about API security in 2022. Listen to this podcast to know about OWASP top 10 API security vulnerabilities and remediations.
4 Unconventional Ways to Level Up Your Cloud Security Career Right Now!
If you're looking for a career in Cloud Security, here are 4 things you can do right now to build your skills and AppSec knowledge! In this podcast, we're looking at AppSecEngineer trainer Abhay Bhargav's top 4 tips you can start implementing RIGHT NOW to get ahead of the curve.
Botnet Schools are a thing now
Dark Net Criminals are Teaching Courses on Botnets: These botnet trainers charge upwards of $1,400 to train someone, so it's not exactly an impulse buy, but according to their claims, even a novice cybercriminal could learn to operate and monetise their botnets. Here's the breaking news on that.
FBI was hacked
The FBI was hacked and someone on twitter took responsibility. In an interview they even said it was just done to prove how vulnerable the FBI is. This is a really bizarre one that application security folks, hackers and cybersecurity professionals everywhere will love. John McClane anyone?
How the Paris Call for Cybersecurity will boost your AppSec Career
Your career is about to change! What even IS the Paris call for Trust and Security in Cyberspace and why did the US Vice Prez Kamala Harris announce their support today? Pundits at appsecengineer.com break it down for you.