Skip to content

DevSec For Scale Podcast – Proactively Building Secure Software w/ Josh Grossman, Bounce Security

In this episode of the “DevSec for Scale” podcast, Jeremy Hess interviews Josh Grossman, CTO at Bounce Security and an OWASP Israel board member, about integrating security into development processes. They discuss the limitations of traditional methods like penetration testing and the necessity of embedding security within normal development workflows. Josh emphasizes that continuously breaking applications to identify vulnerabilities is not a sustainable approach. Instead, organizations should focus on incorporating security practices into the development lifecycle, leveraging OWASP resources.

Josh provides an overview of OWASP (Open Web Application Security Project), a global initiative that offers free resources for improving software security. OWASP’s projects and tools, such as the Application Security Verification Standard (ASVS), help developers build secure applications by providing comprehensive security requirements. He highlights the importance of proactive measures over reactive ones, stressing that security must be considered at every stage of development rather than being an afterthought.

The discussion also covers OWASP’s Top 10 Proactive Controls project, which offers practical security guidelines for developers. This project presents key security considerations and best practices, making it easier for startups to incorporate security without overwhelming their development processes. Josh explains that focusing on a few crucial security controls can significantly enhance an application’s security posture without burdening developers with excessive requirements.

Josh shares insights from his experience, including the realization that collaborating with developers and understanding the application’s code can lead to more effective security assessments. He advises startups to avoid relying solely on automated tools, which often generate manual work, and to ensure developers are engaged with security from the outset. By fostering a security-aware development culture and using accessible resources like OWASP’s proactive controls, startups can better manage security risks while maintaining development velocity.

Subscribe to Newsletter
  • EncryptionKeyManagement_BestSupport_Enterprise_QualityOfSupport
  • PrivilegedAccessManagement(PAM)_HighPerformer_Enterprise_HighPerformer
  • PrivilegedAccessManagement(PAM)_EasiestAdmin_Enterprise_EaseOfAdmin
  • users-love-us

© 2025 AKEYLESS. All rights reserved