Dev Academy Podcast

Dev Academy

Welcome to the "Dev Academy Podcast," the chill spot where we talk all things code without the fluff. Join us as we break down timeless software engineering fundamentals: think security that keeps the baddies out, testing that’s actually fun, architecture that doesn’t crumble, and design that’s as sleek as it is smart. Hosted by Bartosz Pietrucha, who's seen it all from the code trenches to the top tech stages, we’re here to share stories, tips, and laughs. Whether you’re a pro coder or just starting out, we’ve got something for you.

  1. 23/09/2024

    Cryptography for Developers with Randall Degges

    Discover Web Security Dev Academy 🔥 In this episode of the Dev Academy Podcast, Randall Degges returns to discuss the intricacies of cryptography, emphasizing its importance for developers. He explains the different types of encryption, the role of HTTPS, and the significance of password hashing. The conversation delves into mutual TLS, the evolution of cryptographic hash functions, and best practices for implementing cryptography in applications. Randall encourages developers to engage with cryptography, highlighting accessible resources and tools for learning and implementation.

    1 giờ 3 phút

  2. 21/08/2024

    Mastering Threat Modeling: From Code to Security with Adam Shostack

    Discover the Secrets⁠ of Web Applications Security 👉 http://links.dev-academy.com/dwog In this episode: Threat modeling is essential in software development to consider security implications early in the design process. Integrating security considerations into the development process is crucial for shifting left and addressing potential risks. ADRs can be merged with security concerns to create concise records of architectural and security decisions. Checklists play a crucial role in systematizing and organizing tasks, reducing the mental burden, and improving focus. Stride provides a balance between generality and specificity, making it a valuable tool for threat modeling. Developing security skills requires exploration, experimentation, and patience, and it is not a quick or smooth process.

    1 giờ 10 phút

  3. 07/06/2024

    Special episode: How Alex became Security-oriented developer

    Join the program until 13.06.2024: https://dev-academy.com/web-security/?ref=podcast

    7 phút
  4. Essentials of Secrets and Credentials Management with Hung Ngo

    10/05/2024

    Essentials of Secrets and Credentials Management with Hung Ngo

    ⁠Web Security Dev Academy⁠⁠ 👉 http://links.dev-academy.com/LwyH Subscribe & Get Free Tips & Tricks for Secure Coding ✅ Summary In this episode, Bartosz and Hung Ngo discuss secrets management in web software development. They highlight the importance of securely managing digital authentication credentials and the risks associated with hard-coding secrets. They explore best practices such as using environmental variables, dedicated secrets management tools like HashiCorp Vault, and rotating secrets regularly. They also discuss the challenges of sharing secrets with new team members and the benefits of using a vault to securely store and access secrets. Improper secret management can lead to major issues, as seen in the Uber breach in 2022. Attackers used social engineering and MFA flooding to gain access to the system and found hard-coded credentials for a Privilege Access Management System. This allowed them to access cloud accounts and other sensitive information. Proper secrets management is crucial in different environments, such as development, testing, and production. Startups and small teams with limited resources can still implement secure practices, and there are tools available for free or at a lower cost. Future trends include automation, education, and implementing the least privileged principle. Chapters 00:00 The Uber Breach and Social Engineering 07:25 The Importance of Secrets Management in Web Applications 09:45 The Problem of Hard-Coding Secrets 21:51 Managing Access and Rotating Secrets with a Vault 26:26 Securely Sharing Secrets with New Team Members 29:16 Recommended Tools for Secrets Management 30:42 The Impact of Improper Secret Management 33:02 The Multi-Layered Problem of Secrets Management 37:24 Secrets Management for Startups and Small Teams 41:05 Creating a Roadmap for Secrets Management 44:20 Future Trends in Secrets Management #SecureCoding #WebDev #WebSecurity #DevSecOps

    1 giờ 1 phút
  5. Beyond the Basics: Advanced AWS Security Tactics with Marek Šottl

    03/05/2024

    Beyond the Basics: Advanced AWS Security Tactics with Marek Šottl

    ⁠Web Security Dev Academy⁠ 👉 http://links.dev-academy.com/Qwrl Secure your spot and receive exclusive bonuses 🎉 Summary In this conversation, Bartek and Marek discuss AWS security and the importance of understanding the fundamentals. They emphasize the need for multiple tools and a shared responsibility model in securing cloud-native applications. They highlight the significance of identity and access management (IAM) in AWS environments and the need for proper IAM setup. They also discuss the importance of basics, such as AWS Landing Zone Accelerator and billing alarms, in securing cloud environments. They stress the importance of automation and DevSecOps pipelines, including automated static code analysis and software composition analysis. The conversation focused on the importance of software composition analysis (SCA) and open source vulnerabilities in the context of application security. The growth of open source libraries and the limited number of developers maintaining them pose significant security risks. The lack of correlation between SCA, static analysis, and dynamic testing tools was identified as a gap in the current tooling landscape. The conversation also touched on the cultural aspects of threat modeling and the need for education and security champion programs within organizations. Common myths about application security and DevSecOps were debunked, including the belief that buying a tool will solve all security problems and the misconception that scanning infrastructure as code guarantees security. The future trends discussed included the use of AI in code reviews and the importance of staying up to date with the latest technologies and trends in the field. Chapters 00:00 Introduction and Overview 02:23 Marek's Journey into AWS Security 03:47 The Future and Time Travel 05:13 Marek's AWS Security Bootcamp 06:13 The Importance of Understanding the Fundamentals 08:33 The Fundamentals of Web Security 10:46 Securing Cloud-Native Applications in AWS 12:10 Identity and Access Management (IAM) in AWS 14:30 The Significance of Basics in AWS Security 25:27 Automating Security with DevSecOps Pipelines 38:20 The Importance of Software Composition Analysis and Open Source Vulnerabilities 41:41 The Need for Correlation Between SCA, Static Analysis, and Dynamic Testing Tools 43:38 Cultural Aspects of Threat Modeling: Education and Security Champion Programs 47:01 Debunking Common Myths About Application Security and DevSecOps 57:30 The Limitations of Scanning Infrastructure as Code for Security 01:11:25 The Future of Application Security: AI in Code Reviews 01:15:15 Staying Up to Date with the Latest Trends and Technologies in Cybersecurity #SecureCoding #WebDev #WebSecurity #DevSecOps

    1 giờ 16 phút
  6. Maximum security of software development lifecycle with Borja Berastegui

    28/04/2024

    Maximum security of software development lifecycle with Borja Berastegui

    Web Security Dev Academy 👉 http://links.dev-academy.com/xweg Secure your spot and receive exclusive bonuses 🎉 In this conversation, Bartosz and Borja discuss common security mistakes in web application development and how developers can enhance security in the software development lifecycle (SDLC). They highlight the importance of security awareness and training for developers, as well as the need for architectural reviews and threat modeling exercises. They also mention the value of integrating static code analysis tools to identify potential vulnerabilities. The conversation emphasizes the need for developers to be aware of security issues and to collaborate with security experts to ensure the security of their applications. In this conversation, Bartek and Borja discuss incident response and management in the context of web application security. They cover topics such as integrating security tools into development pipelines, evaluating the risk and impact of security issues, incident response planning, and the importance of post-mortem analysis. They also touch on the role of web application firewalls (WAFs) and the rising threats in the cybersecurity landscape. Chapters 00:00 Introduction and Background 13:23 The Importance of Security Awareness and Training 31:34 Architectural Reviews and Threat Modeling 39:02 Evaluating Risk and Impact in Incident Response 48:14 Post-Mortem Analysis and Lessons Learned 01:05:49 Rising Threats in the Cybersecurity Landscape #DevSecOps #SecureCoding #AppSecTips #CodeSecurity #TechTrends #DevelopersLife #CodingBestPractices

    1 giờ 10 phút

  7. ĐOẠN GIỚI THIỆU PHIM CỦA PHẦN 1

    96 seconds TRAILER 🎧 Maximum Security in SDLC 🔐

    In this conversation, Borja Berastegi discusses various aspects of security in web application development. He highlights common security mistakes, such as unmaintained code and applications, and emphasizes the importance of simplifying and reducing the attack surface. Borja also emphasizes the need for security awareness and training among developers. He suggests involving security-minded individuals in architectural reviews and conducting threat modeling exercises to identify potential vulnerabilities. The conversation also touches on the risk of enumeration and the need to avoid exposing information that can aid malicious actors. In this conversation, Borja Berastegui shares insights on various aspects of cybersecurity, including the importance of security awareness and training, conducting pen tests to discover vulnerabilities, developing an incident response plan, and analyzing incidents to learn from them. He also discusses the limitations of web application firewalls (WAFs) and highlights the rising threats in the future.

    2 phút
  8. The Battle of Access Control Models 🤺 𝐑𝐁𝐀𝐂 𝐯𝐬. 𝐎𝐭𝐡𝐞𝐫𝐬 | Or Weis

    18/04/2024

    The Battle of Access Control Models 🤺 𝐑𝐁𝐀𝐂 𝐯𝐬. 𝐎𝐭𝐡𝐞𝐫𝐬 | Or Weis

    Web Security Dev Academy WAITING LIST⁠⁠: ⁠http://links.dev-academy.com/u65⁠ Secure your spot and receive exclusive bonuses 🎉 The principle of least privilege is a key component of the zero trust architecture and mentality in software development. It is important to minimize access to the bare minimum that is needed to reduce the attack surface. Role-based access control (RBAC) is a commonly used approach where permissions are assigned to users based on their roles. Hierarchical RBAC adds a hierarchy to roles, allowing for more granularity. Attribute-based access control (ABAC) focuses on conditions and attributes to determine access. ABAC is useful for dynamic scenarios and can be combined with RBAC for more complex policies. Access control models, such as RBAC and ABAC, will continue to evolve as applications and technology change. The future of access control will involve more non-deterministic AI agents acting as users and integrations. Policy models will merge together and be simplified, focusing on groups, patterns of usage, and levels of usage. It is important for developers to stay up to date with security standards and best practices. Utilizing open source tools and connecting with their communities is a great way to stay informed. Additionally, engaging in discussions with other developers and seeking guidance can help navigate the complexities of access control. Takeaways The principle of least privilege is important in minimizing access and reducing the attack surface in software development. Role-based access control (RBAC) is a commonly used approach where permissions are assigned based on roles. Hierarchical RBAC adds a hierarchy to roles, allowing for more granularity in access control. Attribute-based access control (ABAC) focuses on conditions and attributes to determine access and is useful for dynamic scenarios. Applications often use a combination of RBAC and ABAC to implement access control policies. Access control models will continue to evolve as applications and technology change The future of access control will involve more non-deterministic AI agents acting as users and integrations Policy models will merge together and be simplified, focusing on groups, patterns of usage, and levels of usage Developers should stay up to date with security standards and best practices Utilizing open source tools and connecting with their communities can help developers stay informed Engaging in discussions with other developers and seeking guidance can help navigate the complexities of access control #DevSecOps #SecureCoding #AppSecTips #CodeSecurity #TechTrends #DevelopersLife #CodingBestPractices

    1 giờ 12 phút
Xem tất cả (13)

Trailers

Giới Thiệu

Welcome to the "Dev Academy Podcast," the chill spot where we talk all things code without the fluff. Join us as we break down timeless software engineering fundamentals: think security that keeps the baddies out, testing that’s actually fun, architecture that doesn’t crumble, and design that’s as sleek as it is smart. Hosted by Bartosz Pietrucha, who's seen it all from the code trenches to the top tech stages, we’re here to share stories, tips, and laughs. Whether you’re a pro coder or just starting out, we’ve got something for you.

Thông Tin

  • Kênh
    Dev Academy
  • Nhà sáng tạo
    Bartosz | Dev Academy
  • Năm hoạt động
    2 N
  • Tập
    13
  • Xếp hạng
    Sạch
  • Bản quyền
    © Bartosz | Dev Academy
  • Trang web chương trình
    Dev Academy Podcast

Nội Dung Khác Của Dev Academy