The ASW December 2024 Recap
We ended the year in the chill of December,
Hoping that appsec wouldn’t dim to an ember.
That instead it would burn brightly and begin to enshrine,
That good security comes by default and design.
That the page count of hardening guides will start dwindling,
And that all those top ten lists are used for just kindling.
We once again turned our focus on developers, with Adriana Villela explaining why observability is more than a bunch of printfs and how generating useful logs helps security teams. She also noted that information overload can be expensive – both in delivering value and in the cost of storing data. We used OpenTelemetry as the reference for creating observability across different services and languages.
We reserved our second-to-last segment for a lookback on 2024. There was a mix of OWASP projects that gained momentum or stalled out. GenAI and LLMs remained in the usual suspects, although in 2025 we’ll be shifting more focus to where they actually provide appsec value rather than just revisit more prompt injection techniques. They’re becoming the new XSS payload trivia.
Finally, Hannah Sutor helped us end the year on a high note, singing the praises of useability and transparency in security. She shared her experience in changing product defaults to be more secure, the challenges in communicating changes, and the importance of understanding why different users have different needs.
At the end of the episode, I also returned to asking our guests to describe appsec in three words. Stay tuned for more discussions on designs, defaults, and maybe even some Dungeons & Dragons in 2025!
Subscribe to ASW to find these episodes and more! Also check out the November 2024 recap.
-480x320.png)