DevelopSec: Developing Security Awareness

When Security Recommendations Miss The Point

Ever read a security advisory that told you to “use a VPN” to protect a Bluetooth device? In this episode we talk about how bad or inaccurate recommendations can be a problem with security findings.  We take a look at an example of recommendations that don't relate to the issue at all, leaving people confused at how to respond. Share with us your experience with recommendations that just missed the mark.References:CISA Wheelchair Article - https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01Skateboard Article - https://gizmodo.com/faceplant-exploit-lets-hackers-hijack-an-electric-ska-1722691650Bicycle Shifter Article - https://www.bicycling.com/racing/a61994540/hackers-target-electronic-shifters/Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is brought to you by Jardine Software Inc.

Ep. 128: OWASP Top 10 2025

In this episode James gives an overview of the new OWASP Top 10 2025. He shares some insights into the history, changes, and additional thoughts on the top 10. Do you have any thoughts on the OWASP Top 10? Let us know. References:Medium article of history of top 10 - https://medium.com/@dramkumar/history-of-all-owasp-top-10-over-the-years-9470c0adf43dOWASP Top 10 2025 - https://owasp.org/Top10/2025/Top 10 -> CWE Breakdown - https://drive.google.com/file/d/1SmzWyg_ar1PaMFT0FxYelEAJuGMA690B/view?usp=sharingSend us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is brought to you by Jardine Software Inc.

Ep. 127: Importance of Terminology

In this episode, James talks about the difference between end-to-end encryption and the standard encryption in transit most web applications implement. There is an interesting story (referenced below) that was using end-to-end encryption outside of the standard understanding. Check out what the differences are and what you can do to make sure you are thinking about how terms are used.References:Link to Article: https://www.esecurityplanet.com/threats/kohlers-smart-toilet-camera-isnt-actually-end-to-end-encrypted/Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is brought to you by Jardine Software Inc.

Ep. 126: Avoiding Panic and Misunderstandings with Proper Authentication Failure Reporting

Have you ever felt that feeling of thinking your account has been compromised? It can be a scary feeling. But what about when it didn't really happen? Instead it was just confusing messaging.   That is what I talk about in this episode. The importance of proper messaging in the right context. Even the smallest thing can turn out to be a larger issue.References:Link to Article: https://www.bleepingcomputer.com/news/security/coinbase-to-fix-2fa-account-activity-entry-freaking-out-users/Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is brought to you by Jardine Software Inc.

Ep. 125: From Flat Tires to AppSec: The Power of Tools and Process

In this episode, James shares a story about fixing a flat tire on an E-Scooter and how it relates to security. He shows how the combination of tools, process, and knowledge can lead to a successful outcome.Can you be successful without all three components? Maybe, but it might be more effort that is needed. Tune in to learn how these 3 components work together to create efficient solutions.Send us a textFor more info go to https://www.developsec.com or follow us on X (@developsec). The DevelopSec podcast is brought to you by Jardine Software Inc.