A couple of Saturdays back I had a chat with Richard Banks on the Talking Shop Down Under podcast about web application security while at “Developer Developer Developer!” in Sydney. It’s now online here:
It’s a funny thing, podcasts; there are no second takes and no chances to double-check facts before releasing to the outside world (made me realise how much I do this when blogging). You’re just talking off the top of your head and trying to recall facts that hopefully won’t erode too much of your credibility!
My angle for the chat was as someone with a development background who’d started to pay a lot more attention to application security in recent times. My blog series on the OWASP Top 10 for .NET developers had prompted a friendly well-wisher (or perhaps he just enjoyed putting me on the spot – I’m not entirely sure), to respond to Richard’s request for someone to chat to during the event.
If you’re a security pundit, you’re not going to learn anything new and you’ll spot the (multiple) times I made incorrect statements. Listening to it just now, there were a few incomplete answers and some terms and products I interchanged a bit too loosely.
If you’re a developer, I hope there’s something useful in there for you. One thing I think everyone will agree on is that there needs to more discussion about web app security and any forum which encourages that is a good thing.
On that basis alone, I hope this podcast is well received. Enjoy :)