This is a good example of how what we do in security is not much different than any other challenges we face.

Just posted Ep. 123: Goals of Security Culture - Sort of? I share some thoughts on how security is a part of everyone's roles and some ideas of how to help build that awareness. https://t.co/fPnK9LMiQM

Should secure development be part of a developer's required skillset / experience? Ep. 122: Integrating Security Responsibilities into Development has just been released!! Check out the full episode: https://t.co/NXoW3AamqR

It is no longer just the company paying, ransomware attacks are coming after your money. James: "They are sending out emails directly to those patients, those users and demanding, in this case it was $213 US dollars that they had to pay within 24 hours." Full Video:

Ep. 121: Evolving Ransomware: Unique Tactics for Payment is now available. Check out some unique tactics we have seen used to collect payment. https://t.co/uzufJhk2JN

Our PSIRT team has an opening! ServiceNow is the best place I've ever worked. The PSIRT team is doing some really interesting work - take a look at the role: Staff Product Security Engineer | Web App Vulnerabilities https://t.co/qxDTyb5waW via @servicenow #hiring #psirt

if you are using Firebase, here is their security checklist:

Does the ASP:TextBox TextMode provide input validation? I posted some information about what that attribute does and does not do. https://t.co/pqVJwmAO4P

If you are using HAR files, this is a valuable resource.

What do y’all think of the new bumpers? You like? You love? Leave an iTunes review/rating if you can, please, it helps give suggestions to others and makes it easier to find the show. Thank you! @Wh1t3Rabbit @JardineSoftware

Great episode, with a topic worth revisiting, and of course the best guests in the industry. @shawnetuma @Wh1t3Rabbit @JardineSoftware

🎙️Solving #SecretZero," decrypting "distributed fragmented crypto" (which is a bit mind-blowing) and the art of #SecretsManagement with @akeylessio @OdedHareven on the latest @DTSR_Podcast with @Wh1t3Rabbit and @JardineSoftware 🎧 Tune in! https://t.co/ktFTYYfPxI

Catch a live recording of the #DtsR podcast as we record it - https://t.co/h4YLUmTRcJ Check us out! #live #youtube @Wh1t3Rabbit @JardineSoftware @domvogel

Stack traces and other error information are often seen as low risk, but there are those outliers where it can be much more. https://t.co/peYCzOb3UN

Episode 565 of the @DtSR_Podcast is LIVE! Check it out, this week @Wh1t3Rabbit & @JardineSoftware host the one and only Jim TIller. YouTube link: https://t.co/aBJkd6vhSQ Pod (audio) link:

Curious why you can't just rely on client-side validation? Check out this quick post.

Private secrets, keys and tokens are a common issue in code repositories. GitHub just added a feature to help detect/block these on push requests. https://t.co/0raH0J018z #cybersecurity, #appsec

Ep. 120: Addressing Root Cause - Vuln Components Thoughts on addressing the root cause vs. symptoms

What is the biggest change you have seen in application security over the past 5 years?

If you are using S3 buckets, make sure you have them appropriately configured and also that you are not storing protected data in public buckets.