logo
episode-header-image
May 2023
16m 53s

Stung by OWASP? Chatting with the creato...

The Stack Overflow Podcast
About this episode

Simon is the founder and longtime project lead of OWASP ZAP, an integrated penetration testing tool that helps uncover vulnerabilities in web apps, including compromised authentication, sensitive data exposure, and SQL injection. ZAP is OWASP’s most active project and the world’s most popular web app scanner. 

Check out other OWASP projects here or explore ZAP’s docs.

Check out our blog post on how you can mitigate the ten most-found OWASP vulnerabilities in Stack Overflow C++ snippets.

Jit, where Simon is a distinguished engineer, is a DevSecOps platform that allows high-velocity engineering teams to embed security requirements throughout the DevOps workflow. You can explore Jit’s docs here.

Today we’re shouting out the question CSP Alerts by OWASP even though CSP header is added, definitively answered by one Simon Bennetts.

Simon is on LinkedIn and Twitter.

Up next
Oct 10
Vite is like the United Nations of JavaScript
Ryan welcomes back Evan You, the creator of Vite and Vue.js, to discuss the evolution of build tools in web development, the unique features of Vite from its plugins to its hot module capabilities, and the future of Vite, including its integration with Rust. Plus, they touch on V ... Show More
27m 8s
Oct 7
Context is king for secure, AI-generated code
Ryan sits down with Dimitri Stiliadis, CTO and co-founder of Endor Labs, to talk about how AppSec is evolving to address AI’s use cases. They discuss the implications of AI-generated code on security practices, the importance of human oversight in managing vulnerabilities, and ho ... Show More
28m 15s
Oct 3
One is not the loneliest number for API calls
Gil Feig, co-founder and CTO of Merge, joins the show to explore Merge’s approach for reducing third-party APIs to a single call, the complexities of and need for data normalization, and the role that AI and MCP plays in the future of API functionality. Episode notes: Merge conne ... Show More
26m 21s
Recommended Episodes
Oct 2022
125: Jeremiah
Jeremiah Roe is a seasoned penetration tester. In this episode he tells us about a time when he had to break into a building to prove it wasn’t as secure as the company thought. You can catch more of Jeremiah on the We’re In podcast. SponsorsSupport for this show comes from Axoni ... Show More
49m 21s
Apr 2020
JavaScript Vulnerabilities with Tim Kadlec - The State of the Web
(Originally aired on YouTube on May 30, 2018) Rick and Tim talk about how insecure much of the web really is, the various vulnerabilities in web security that can leave you open to attack, the challenge of making your organization aware of these risks, and how they could be explo ... Show More
12m 32s
Dec 2021
Providing Visibility and Context to Software Development Security with Idan Plotnik, the CEO of Apiiro
Running fast is good but not headfirst into a brick wall. Similarly, software development needs to move fast, but moving too fast typically is not secure and can cause headaches. Furthermore, old security protocols are insufficient and inefficient. Idan Plotnik, the Co-Founder & ... Show More
32m 2s
Mar 2022
Web development for beginners (JS Party #218)
Jen Looper from Web Dev for Beginners and Front-end Foxes joins Jerod and Ali to discuss the exciting (but also intimidating) prospect of getting in to web development in 2022! Where should you start? What technologies should you focus on? Is it better to go all-in on a framework ... Show More
53m 23s
Mar 2021
S15:E6 - What is cryptography and how to get into it (Marcus Carey)
In this episode, we talk about cryptography with Marcus Carey, enterprise architect at ReliaQuest. Marcus talks about going to the military and learning cryptography, what cryptography is, and the foundational things you need to know in order to make sure the apps you’re building ... Show More
35m 36s
May 2024
SSR web components for all
Brian LeRoux joins Jerod to share how the Enhance team are bringing server side rendered web components to everyone. With Enhance WASM, you author components in friendly, standards based syntax and reuse them across multiple languages, frameworks & servers. Leave us a comment Cha ... Show More
57m 45s
Listen to millions of songs and podcasts on Anghami