The ASW March 2024 Recap
March kicked off our planning for a Cybersecurity Awareness Limerick Month. If top 10 lists and powerpoint presentations aren’t delivering, then maybe it’s time to try a new format for delivering awareness. Stay tuned and stay CALM. ;)
Emily Fox walked us through the mistakes orgs make with vuln management, how they can manage risk without burning out devs, and why the boring basics make everything easier. She explains how orgs can be more comfortable with eventually fixing vulns instead of fighting every fire they see.
Lebin Cheng gave us an update on the state of API security and why they will remain a profitable target. After all, a lot of successful attacks have all the patterns of normal traffic – exercising business logic vulns rarely relies on the obvious payloads that stand out in things like XSS and other injection attacks.
Tyler Von Moll gave us a perspective on starting a cybersecurity program and how appsec fits into that. We’re neither surprised nor disappointed (honestly!) that appsec isn’t the first thing every org should be doing. It’s eventually important and one of the things we try to do here is figure out how to define eventually.
Benedek Gagyi closed out the month with our first in-depth discussion on how user experience (UX) impacts security. Despite being one of my favorite topics, we hadn’t given this nearly the attention it deserves. Benedek walks through some examples of bad UX leads to behaviors that are against users interests and how good UX makes apps better.
Subscribe to ASW to find these episodes and more! Also check out the February 2024 recap.