Application Security Weekly (Audio)
Episodes
Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361
16 Dec 2025
Contributed by Lukas
Open source projects benefit from support that takes many shapes. Kat Cosgrove shares her experience across the Kubernetes project and the different w...
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
09 Dec 2025
Contributed by Lukas
The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to AP...
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359
02 Dec 2025
Contributed by Lukas
For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens an...
Figuring Out Where to Start with Secure Code - ASW #358
25 Nov 2025
Contributed by Lukas
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business...
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357
18 Nov 2025
Contributed by Lukas
Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his ...
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356
11 Nov 2025
Contributed by Lukas
Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking...
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355
04 Nov 2025
Contributed by Lukas
Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfig...
Quantum Computing Isn't A Threat To Blockchains - Yet - Martha Bennett, Sandy Carielli - ASW #354
28 Oct 2025
Contributed by Lukas
The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from ever...
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353
21 Oct 2025
Contributed by Lukas
Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed...
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352
14 Oct 2025
Contributed by Lukas
Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for th...
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351
07 Oct 2025
Contributed by Lukas
Software has forever had flaws and humans have forever been finding and fixing them. With LLMs generating code, appsec has also been trying to determi...
Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350
30 Sep 2025
Contributed by Lukas
Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to...
Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349
23 Sep 2025
Contributed by Lukas
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek dem...
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
16 Sep 2025
Contributed by Lukas
This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization w...
Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347
09 Sep 2025
Contributed by Lukas
Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knock...
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346
02 Sep 2025
Contributed by Lukas
In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agent...
Translating Security Regulations into Secure Projects - Roman Zhukov, Emily Fox - ASW #345
26 Aug 2025
Contributed by Lukas
The EU Cyber Resilience Act joins the long list of regulations intended to improve the security of software delivered to users. Emily Fox and Roman Zh...
Managing the Minimization of a Container Attack Surface - Neil Carpenter - ASW #344
19 Aug 2025
Contributed by Lukas
A smaller attack surface should lead to a smaller list of CVEs to track, which in turn should lead to a smaller set of vulns that you should care abou...
The Future of Supply Chain Security - Janet Worthington - ASW #343
12 Aug 2025
Contributed by Lukas
Open source software is a massive contribution that provides everything from foundational frameworks to tiny single-purpose libraries. We walk through...
Uniting software development and application security - Will Vandevanter, Jonathan Schneider - ASW #342
05 Aug 2025
Contributed by Lukas
Maintaining code is a lot more than keeping dependencies up to date. It involved everything from keeping old code running to changing frameworks to ev...
How Product-Led Security Leads to Paved Roads - Julia Knecht - ASW #341
29 Jul 2025
Contributed by Lukas
A successful strategy in appsec is to build platforms with defaults and designs that ease the burden of security choices for developers. But there's a...
Rise of Compromised LLMs - Sohrob Kazerounian - ASW #340
22 Jul 2025
Contributed by Lukas
AI is more than LLMs. Machine learning algorithms have been part of infosec solutions for a long time. For appsec practitioners, a key concern is alwa...
Getting Started with Security Basics on the Way to Finding a Specialization - ASW #339
15 Jul 2025
Contributed by Lukas
What are some appsec basics? There's no monolithic appsec role. Broadly speaking, appsec tends to branch into engineering or compliance paths, each wi...
Checking in on the State of Appsec in 2025 - Janet Worthington, Sandy Carielli - ASW #338
08 Jul 2025
Contributed by Lukas
Appsec still deals with ancient vulns like SQL injection and XSS. And now LLMs are generating code along side humans. Sandy Carielli and Janet Worthin...
Simple Patterns for Complex Secure Code Reviews - Louis Nyffenegger - ASW #337
01 Jul 2025
Contributed by Lukas
Manual secure code reviews can be tedious and time intensive if you're just going through checklists. There's plenty of room for linters and compilers...
How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336
24 Jun 2025
Contributed by Lukas
Fuzzing has been one of the most successful ways to improve software quality. And it demonstrates how improving software quality improves security. Ar...
Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335
17 Jun 2025
Contributed by Lukas
What makes a threat modeling process effective? Do you need a long list of threat actors? Do you need a long list of terms? What about a short list li...
Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
10 Jun 2025
Contributed by Lukas
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that re...
AIs, MCPs, and the Acutal Work that LLMs Are Generating - ASW #333
03 Jun 2025
Contributed by Lukas
The recent popularity of MCPs is surpassed only by the recent examples deficiencies of their secure design. The most obvious challenge is how MCPs, an...
AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332
27 May 2025
Contributed by Lukas
ArmorCode unveils Anya—the first agentic AI virtual security champion designed specifically for AppSec and product security teams. Anya brings toget...
Appsec News & Interviews from RSAC on Identity and AI - Rami Saas, Charlotte Wylie - ASW #331
20 May 2025
Contributed by Lukas
In the news, Coinbase deals with bribes and insider threat, the NCSC notes the cross-cutting problem of incentivizing secure design, we cover some res...
Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330
13 May 2025
Contributed by Lukas
Developers are relying on LLMs as coding assistants, so where are the LLM assistants for appsec? The principles behind secure code reviews don't reall...
AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Vishal Gupta, Idan Plotnik - ASW #329
06 May 2025
Contributed by Lukas
We catch up on news after a week of BSidesSF and RSAC Conference. Unsurprisingly, AI in all its flavors, from agentic to gen, was inescapable. But per...
Secure Designs, UX Dragons, Vuln Dungeons - Jack Cable - ASW #328
29 Apr 2025
Contributed by Lukas
In this live recording from BSidesSF we explore the factors that influence a secure design, talk about how to avoid the bite of UX dragons, and why de...
Managing Secrets - Vlad Matsiiako - ASW #327
22 Apr 2025
Contributed by Lukas
Secrets end up everywhere, from dev systems to CI/CD pipelines to services, certificates, and cloud environments. Vlad Matsiiako shares some of the ta...
More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326
15 Apr 2025
Contributed by Lukas
The breaches will continue until appsec improves. Janet Worthington and Sandy Carielli share their latest research on breaches from 2024, WAFs in 2025...
In Search of Secure Design - ASW #325
08 Apr 2025
Contributed by Lukas
We have a top ten list entry for Insecure Design, pledges to CISA's Secure by Design principles, and tons of CVEs that fall into familiar categories o...
Avoiding Appsec's Worst Practices - ASW #324
01 Apr 2025
Contributed by Lukas
We take advantage of April Fools to look at some of appsec's myths, mistakes, and behaviors that lead to bad practices. It's easy to get trapped in a ...
Finding a Use for GenAI in AppSec - Keith Hoodlet - ASW #323
25 Mar 2025
Contributed by Lukas
LLMs are helping devs write code, but is it secure code? How are LLMs helping appsec teams? Keith Hoodlet returns to talk about where he's seen value ...
Redlining the Smart Contract Top 10 - Shashank . - ASW #322
18 Mar 2025
Contributed by Lukas
The crypto world is rife with smart contracts that have been outsmarted by attackers, with consequences in the millions of dollars (and more!). Shasha...
CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321
11 Mar 2025
Contributed by Lukas
Just three months into 2025 and we already have several hundred CVEs for XSS and SQL injection. Appsec has known about these vulns since the late 90s....
Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320
04 Mar 2025
Contributed by Lukas
Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C...
Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319
25 Feb 2025
Contributed by Lukas
Minimizing latency, increasing performance, and reducing compile times are just a part of what makes a development environment better. Throw in useful...
Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318
18 Feb 2025
Contributed by Lukas
We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important t...
Code Scanning That Works With Your Code - Scott Norberg - ASW #317
11 Feb 2025
Contributed by Lukas
Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of...
Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316
04 Feb 2025
Contributed by Lukas
Threat modeling has been in the appsec toolbox for decades. But it hasn't always been used and it hasn't always been useful. Sandy Carielli shares wha...
Security the AI SDLC - Niv Braun - ASW #315
28 Jan 2025
Contributed by Lukas
A lot of AI security boils down to the boring, but important, software security topics that appsec teams have been dealing with for decades. Niv Braun...
Appsec Predictions for 2025 - Cody Scott - ASW #314
21 Jan 2025
Contributed by Lukas
What's in store for appsec in 2025? Sure, there'll be some XSS and SQL injection, but what about trends that might influence how appsec teams plan? Co...
Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313
14 Jan 2025
Contributed by Lukas
There's a pernicious myth that developers don't care about security. In practice, they care about code quality. What developers don't care for is ambi...
DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312
07 Jan 2025
Contributed by Lukas
All appsec teams need quality tools and all developers benefit from appsec guidance that's focused on meaningful results. Greg Anderson shares his exp...
Applying Usability and Transparency to Security - Hannah Sutor - ASW #311
16 Dec 2024
Contributed by Lukas
Practices around identity and managing credentials have improved greatly since the days of infosec mandating 90-day password rotations. But those impr...
Looking Back on 2024 - ASW #310
10 Dec 2024
Contributed by Lukas
We do our usual end of year look back on the topics, news, and trends that caught our attention. We covered some OWASP projects, the ongoing attention...
Adding Observability with OpenTelemetry - Adriana Villela - ASW #309
03 Dec 2024
Contributed by Lukas
Observability is a lot more than just sprinkling printf statements throughout a code base. Adriana Villela explains principles behind logging, traceab...
Biometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308
19 Nov 2024
Contributed by Lukas
This week's interview dives deep into the state of biometrics with two Forrester Research analysts! This discussion compares and contrasts regional ap...
Modernizing AppSec - Melinda Marks - ASW #307
12 Nov 2024
Contributed by Lukas
In this week's interview, Melinda Marks' joins us to discuss her latest research. Her recent report Modernizing Application Security to Scale for Clo...
Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306
05 Nov 2024
Contributed by Lukas
After spending a decade working for appsec vendors, Grant McKracken wanted to give something back. He saw a gap in the market for free or low-cost ser...
Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305
29 Oct 2024
Contributed by Lukas
Better TLS implementations with Rust, fuzzing, and managing certs, appsec lessons from the everlasting transition to IPv6, LLMs for finding vulns (and...
The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304
21 Oct 2024
Contributed by Lukas
Building cloud native apps doesn't mean you're immune to dealing with legacy systems. Cloud services have changed significantly over the last decade, ...
The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302
08 Oct 2024
Contributed by Lukas
Zed Attack Proxy has been a crucial web app testing tool for decades. It's also had a struggle throughout 2024 to obtain funding that would enable the...
More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - Farshad Abasi - ASW #301
02 Oct 2024
Contributed by Lukas
More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency conf...
Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300
24 Sep 2024
Contributed by Lukas
APIs are essential to modern application architectures, driving rapid development, seamless integration, and improved user experiences. However, their...
Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299
17 Sep 2024
Contributed by Lukas
When a conference positioned as a day of security for developers has to be canceled due to lack of interest from developers, it's important to underst...
Paying Down Tech Debt, Rust in Firmware, EUCLEAK, Deploying SSO - ASW #298
10 Sep 2024
Contributed by Lukas
Considerations in paying down tech debt, make Rust work on bare metal, ECDSA side-channel in Yubikeys, trade-offs in deploying SSO quickly, and more! ...
Close the Security Theater: Enter Resilience - Kelly Shortridge - ASW Vault
02 Sep 2024
Contributed by Lukas
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 9, 2023. What does soft...
Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297
27 Aug 2024
Contributed by Lukas
IoT devices are notorious for weak designs, insecure implementations, and a lifecycle that mostly ignores patching. We look at external factors that m...
The Fallout and Lessons Learned from the CrowdStrike Fiasco - Shimon Modi, Jeff Pollard, Allie Mellen, Boaz Barzel - ASW #296
20 Aug 2024
Contributed by Lukas
This week, Jeff Pollard and Allie Mellen join us to discuss the fallout and lessons learned from the CrowdStrike fiasco. They explore the reasons behi...
When Appsec Needs to Start Small - Kalyani Pawar, Danny Jenkins, Nikos Kiourtis - ASW #295
13 Aug 2024
Contributed by Lukas
Startups and small orgs don't have the luxury of massive budgets and large teams. How do you choose an appsec approach that complements a startup's ne...
Building Successful Security Champions Programs - Marisa Fagan - ASW #294
06 Aug 2024
Contributed by Lukas
Even though Security Champions programs look very different across organizations and maturity levels, they share core principles for becoming successf...
A CISO's Perspective on AI, Appsec, and Changing Behaviors - ASW #293
30 Jul 2024
Contributed by Lukas
Modern appsec isn't modern because security tools got shifted in one direction or another, or because teams are finding and fixing more vulns. It's mo...
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Farshad Abasi, Allie Mellen - ASW #292
23 Jul 2024
Contributed by Lukas
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to va...
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
16 Jul 2024
Contributed by Lukas
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to ...
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290
09 Jul 2024
Contributed by Lukas
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year!...
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
25 Jun 2024
Contributed by Lukas
OAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade o...
Learning EBPF - Liz Rice - ASW Vault
18 Jun 2024
Contributed by Lukas
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on...
Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288
11 Jun 2024
Contributed by Lukas
Looking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVE...
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Idan Plotnik, Luis Villa, Erez Hasson - ASW #287
04 Jun 2024
Contributed by Lukas
Open source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies t...
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
28 May 2024
Contributed by Lukas
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern ente...
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault
28 May 2024
Contributed by Lukas
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023. We talk wit...
Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286
21 May 2024
Contributed by Lukas
Secure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers throu...
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285
14 May 2024
Contributed by Lukas
Everyone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web ...
AI & Hype & Security (Oh My!) & Hacking AI Bias - Caleb Sima, Keith Hoodlet - ASW #284
07 May 2024
Contributed by Lukas
A lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in man...
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
30 Apr 2024
Contributed by Lukas
Companies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those com...
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282
23 Apr 2024
Contributed by Lukas
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts tal...
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
15 Apr 2024
Contributed by Lukas
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-aut...
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
09 Apr 2024
Contributed by Lukas
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly use...
Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279
02 Apr 2024
Contributed by Lukas
Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old ...
Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278
26 Mar 2024
Contributed by Lukas
One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of a...
Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277
19 Mar 2024
Contributed by Lukas
Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and ho...
More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276
12 Mar 2024
Contributed by Lukas
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vecto...
The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275
05 Mar 2024
Contributed by Lukas
The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps t...
Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274
27 Feb 2024
Contributed by Lukas
Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ...
Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW Vault
20 Feb 2024
Contributed by Lukas
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on Dec 13, 2022. Threat modeli...
Creating Code Security Through Better Visibility - Christien Rioux - ASW #273
13 Feb 2024
Contributed by Lukas
We've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positive...
Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272
06 Feb 2024
Contributed by Lukas
We can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insight...
Getting Your First Conference Presentation - Sarah Harvey - ASW #271
30 Jan 2024
Contributed by Lukas
We return to the practice of presentations, this time with a perspective from a conference organizer. And we have tons of questions! What makes a topi...
Dealing with the Burden of Bad Bots - Sandy Carielli - ASW #270
23 Jan 2024
Contributed by Lukas
Where apps provide something of value, bots are sure to follow. Modern threat models need to include scenarios for bad bots that not only target user ...
Communicating Technical Topics Without Being Boring - Eve Maler - ASW #269
16 Jan 2024
Contributed by Lukas
It's time to start thinking about CFPs and presentations for 2024! Eve shares advice on delivering technical topics so that an audience can understand...
What's in Store for 2024? - ASW #268
09 Jan 2024
Contributed by Lukas
We kick off the new year with a discussion of what we're looking forward to and what we're not looking forward to. Then we pick our favorite responses...
HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - Keith Hoodlet - ASW Vault
01 Jan 2024
Contributed by Lukas
HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022...
OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW Vault
25 Dec 2023
Contributed by Lukas
We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve thei...