In this exclusive snippet of the AppSecEngineer Podcast featuring guest Mark Willis from Bluescape, Mark talks about how he approaches hiring new talent for a small company. Watch the full video here: https://www.youtube.com/watch?v=GJ_PVglEJvQ&t=242s Without the brand name or financial resources to hire the 'best of the best', how can small companies find and hire new talent and maintain a high standard of security competency? According to Mark, it's not about looking for people who have the best skills or the most experience (most of them will already be hired somewhere else), but you should be after candidates that can show they have the potential and willingness to learn and grow as professionals. ---------------- AppSecEngineer is a powerful training platform that delivers amazing hands-on training on AppSec, AWS Security, Cloud Security, Kubernetes, Container Security and Advanced Application Security. #AppSecEngineer​ is ideal for jobseekers, knowledge seekers and companies that want to get their workforce equipped to handle real-world security issues with their newly minted and highly educated AppSec Engineers Learn more about us at: https://appsecengineer.com Twitter: https://twitter.com/AppSecEngineer​ Linkedin: https://www.linkedin.com/company/appsecengineer/ ... https://www.youtube.com/watch?v=TAi5HpX8aWk

As we move into new age of computing, application security, and product engineering, it's important to anticipate imminent shifts in technology. Artificial Intelligence (AI), quantum computing, and serverless increasingly dominate the software landscape. Given a few years, they may even come to dominate the processes of software development, cloud hosting, and security automation. In this short clip, Keith Hoodlet talks about what he believes will be the next step for application security. #applicationsecurity #podcast #AppSecEngineer Learn more about Application Security and DevSecOps at- https://appsecengineer.com/ Explore the course plans and free trial at- https://appsecengineer.com/pricing/ Watch the full interview here: https://www.youtube.com/watch?v=S0Kx-Ct6aVg ... https://www.youtube.com/watch?v=kRXqIEuntDs

Learn more: https://www.appsecengineer.com/ Get your team hands-on training in security: https://www.appsecengineer.com/main-menu-pages/teams Check out our Secure Coding Collection: https://www.appsecengineer.com/secure-coding-collection 2023 has had some of the most devastating cyberattacks and data breaches ever recorded. Is this what the future of tech is going to look like? Not if we can help it! In this video, Aneesh Bhargav goes over the 12 biggest cyberattacks in the last year: attacks that have targeted healthcare, finance, government organisations and more. By examining the various exploits and techniques used by hackers, we can learn how to better defend ourselves against cybercrime and prevent millions of dollars in lost revenue and customer trust. ... https://www.youtube.com/watch?v=cVVBwcJu4Po

Mass Assignment is a powerful Authorization Vulnerability that has been used by researchers and attackers to compromise popular sites like Github in the past. Mass Assignment relies on attackers being able to discover and tamper with parameters that are passed through to the server-side. Attackers identify and exploit insecure implementation of authorization that are caused by developer error in terms of validating and handling parameters in popular #MVC (Model View Controller) frameworks. #MassAssignment was made popular when Github, a Ruby on Rails application, was compromised. However, this vulnerability affects apps across languages and frameworks alike. More recently, Mass Assignment has been quite a serious vulnerability against APIs, including REST and GraphQL. In fact it has made it to one of the key items in the OWASP #APISecurity Top 10 over the last year. In this video Abhay explores Mass Assignment in typical #AppSecEngineer style. He explains what Mass Assignment is, and how it can affect your application and API. Subsequently, he demonstrates a Mass Assignment attack against a NodeJS Express Web API using the Mongoose ODM. After that he walks us through some of the key parameters of defense against Mass Assignment #Securityengineerinterviewquestions Chapters: 0:00 - Intro 1:07 - What is Mass Assignment? 8:09 - Exploiting and Defending Mass Assignment Demo ... https://www.youtube.com/watch?v=Vtin8bdBk5g