Sep 18, 2017
We talk about cross-site scripting (XSS) all the time, but often overlook the ability to use javascript: in anchor tags. James talks about this unique ability and how to protect your applications from it.
The related blog post for this can be found at
Aug 23, 2017
We use a lot of platforms and frameworks when we develop an application. These platforms may provide security features, but do you know which ones? James talks about the importance of understanding your platforms and what to consider.
For more info go to https://www.developsec.com or follow us on twitter (
Jul 31, 2017
James talks about the risk of USB thumb drives and their risk using the recent BCBS marketing campaign as an example. (http://www.fiercehealthcare.com/privacy-security/bcbs-alabama-re-evaluates-usb-marketing-campaign-amid-security-concerns).
For more info go to https://www.developsec.com or follow us on twitter (
Jul 7, 2017
In this episode, James talks about Interactive Application Security Testing, or IAST. It is a sort of hybrid approach that is similar to both dynamic and static analysis. Listen in to learn more about it.
The video version of this can be found at https://youtu.be/KHSlDletm9I
For more info go to
Jun 19, 2017
Are you thinking about client vs. server-side input validation? Curious why each is important and when to use them? James talks about the basic concepts and how to apply them to create more secure applications.
A video version of this podcast is now available at: https://youtu.be/irO1TOC6-i8
For more info go to