Menu
Sign In Search Podcasts Charts People & Topics Add Podcast API Pricing
Podcast Image

Application Security Weekly (Audio)

Technology News

Activity Overview

Episode publication activity over the past year

Episodes

Showing 101-200 of 375
«« ← Prev Page 2 of 4 Next → »»

Making Service Meshes Work for People - Idit Levine - ASW #267

19 Dec 2023

Contributed by Lukas

Service meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro...

The ABCs of RFCs - Heather Flanagan - ASW #266

12 Dec 2023

Contributed by Lukas

We have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development pat...

All the News - Just Six Months Later - Application Security Weekly #265

05 Dec 2023

Contributed by Lukas

We cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vu...

Starting with Appsec -- Is It More of a Position or a Process? - ASW #264

30 Nov 2023

Contributed by Lukas

This year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about...

Platform Firmware Security - Maggie Jauregui - ASW Vault

20 Nov 2023

Contributed by Lukas

Firmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a chall...

How 2023 Changed Application Security and What's to Come in 2024 - Karl Triebes - ASW #263

14 Nov 2023

Contributed by Lukas

In the rapidly evolving landscape of application security, 2023 brought significant changes with the rise of generative AI tools and an increase in au...

Security from a Developer's Perspective - Josh Goldberg - ASW #262

07 Nov 2023

Contributed by Lukas

A lot of appsec conferences have presentations for appsec audiences -- but that's not often the group that's building apps. What if more developer con...

How Security Tools Must Evolve - Dan Kuykendall - ASW #261

01 Nov 2023

Contributed by Lukas

The categories of security tools that we're most familiar with have struggled to keep up with how modern apps are designed and what modern devs need. ...

OAuth, WebAuthn, & The Impact of Design Choices - Dan Moore - ASW #260

24 Oct 2023

Contributed by Lukas

We return to discussions of OAuth and all sorts of authentication. This time around we're looking at the design of authentication protocols, the kinds...

OT Security - Huxley Barbee - ASW #259

17 Oct 2023

Contributed by Lukas

It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, u...

Shifting Focus to Make DevSecOps Successful - Janet Worthington - ASW #258

11 Oct 2023

Contributed by Lukas

What if all these recommendations to shift left were more about shifting focus? It's all too easy to become preoccupied with vulns, whether figuring o...

Creating Presentations and Training That Engage an Audience - Lina Lau - ASW #257

03 Oct 2023

Contributed by Lukas

Communication is a skill that doesn't appear on top 10 lists, rarely appears as a conference topic, and doesn't appear enough on job requirements. Yet...

Supply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - #ASW 256

26 Sep 2023

Contributed by Lukas

Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs...

Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255

19 Sep 2023

Contributed by Lukas

The majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. ...

Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254

12 Sep 2023

Contributed by Lukas

Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about th...

Broadening What We Call AppSec - Christien Rioux - ASW Vault

05 Sep 2023

Contributed by Lukas

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's a...

How Can Security Be Smart About Using AI? - Jeff Pollard - ASW #253

29 Aug 2023

Contributed by Lukas

We go deep on LLMs and generative AIs to shine a light on areas that security leaders should focus on. There are technical concerns like prompt inject...

Security in a Cloud Native World & Mobile App Attacks - ASW #252

22 Aug 2023

Contributed by Lukas

Two featured interviews from this year's Black Hat. In the news, Discord.io ceases to be, Azure AD breach to get scrutiny from the CSRB, Zoom's AI stu...

Pointers and Perils for Presentations - Josh Goldberg - ASW #251

15 Aug 2023

Contributed by Lukas

A key part of modern appsec is communication. From interpersonal skills for fostering collaborations to presentation skills for delivering a message, ...

You've Got Appsec, But Do You Have ArchSec? - Merritt Baer - ASW #250

08 Aug 2023

Contributed by Lukas

Mature shops should be looking to a security architecture process to help scale their systems and embrace security by design. We talk about what it me...

Identity and Verifiable Credentials in Cars - Eve Maler - ASW #249

01 Aug 2023

Contributed by Lukas

Identity isn't new, but we do have new ways of presenting and protecting identity with things like payment wallets and verifiable credentials. But we ...

Navigating the Complexities of Development to Create Secure APIs - Kristen Bell - ASW #248

25 Jul 2023

Contributed by Lukas

Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams need to push for collaboratio...

Securing Non-Election Election Systems, Modernizing AppSec Education - Brian Glas - ASW #247

18 Jul 2023

Contributed by Lukas

While much has been written and argued about the security of election systems - the things that do the actual ballot counting - there's other systems ...

Software Trust & Adversaries, Developer-Focused Security - Shannon Lietz, Melinda Marks - ASW #246

11 Jul 2023

Contributed by Lukas

Infosec is still figuring out useful metrics, how to talk about risk, and how to make resilience more relevant. Shannon talks about a new community ef...

The Psychology of Training - Matias Madou - ASW Vault

05 Jul 2023

Contributed by Lukas

Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on May 23, 2022. Developers wa...

Latest Web Vulnerability Trends & Best Practices - Patrick Vandenberg - ASW #245

28 Jun 2023

Contributed by Lukas

Without visibility and continuous monitoring, dangerous threats expose our blind spots and create risk. Invicti, who brought together Acunetix and Net...

Policy Momentum in Coordinated Vulnerability Disclosure - Amit Elazari - ASW Vault

20 Jun 2023

Contributed by Lukas

Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Softwa...

Enhancing Security: App Modernization, Identity Orchestration, & Big IAM Challenge - Eric Olden - ASW #244

14 Jun 2023

Contributed by Lukas

Eric Olden, CEO and Co-Founder of Strata Identity, discusses the concept of Identity Orchestration. He covers the evolving identity landscape and how ...

What's the Deal with API Security? - Sandy Carielli - ASW #243

06 Jun 2023

Contributed by Lukas

Walking the show floor at RSA Conference, you couldn't trip without falling into an application security vendor booth ... and API security specialists...

Doing Application Security Right – Farshad Abasi – ASW VAULT

30 May 2023

Contributed by Lukas

Check out this interview from the ASW VAULT, hand picked by main host Mike Shema! This segment was originally published on March 14, 2022. Cybersecuri...

Ten Things I Hate About Lists - ASW #242

23 May 2023

Contributed by Lukas

The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone kno...

Securing the App Lifecycle: Strategies for Long-Term Software Security and Mitigating the Threat of Malicious Packages - ASW #241

16 May 2023

Contributed by Lukas

What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifet...

From Security Theater to Resilience: Unveiling New Approaches to Application Security - ASW #240

09 May 2023

Contributed by Lukas

What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater...

Navigating the Complexities of Application Security: Vulnerability Management, Risk Mitigation, and Business Logic Attacks - ASW #239

02 May 2023

Contributed by Lukas

Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud...

Hackers and Policy: Empowering Users and Shaping Discussions at DEF CON, Jeff Moss - ASW #238

25 Apr 2023

Contributed by Lukas

Jeff Moss shares some of history of DEF CON, from CFPs to Codes of Conduct, and what makes it a hacker conference. We also discuss the role of hackers...

Bug Bounty Programs and Community Building: Unveiling Rewards, Challenges, and Exciting Adventures, Ben Sadeghipour (NahamSec) - ASW #237

18 Apr 2023

Contributed by Lukas

We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communi...

Application Security in the Cloud: Safeguarding Data and Preventing Unauthorized Access, Vandana Verma Sehgal - ASW #236

11 Apr 2023

Contributed by Lukas

Application security in the cloud is a crucial aspect of protecting data and preventing unauthorized access to applications hosted on cloud platforms....

eBPF: The Future of Security and Infrastructure Tools Revealed, Liz Rice - ASW #235

04 Apr 2023

Contributed by Lukas

Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary...

AI in Production: Unveiling Use Cases, Security Risks, and Real-Life Experiences, Frank Catucci - ASW #234

28 Mar 2023

Contributed by Lukas

With the increased interest and use of AI such as GTP 3/4, ChatGPT, GitHub Copilot, and internal modeling, there comes an array of use cases and examp...

The Power of Static Analysis: Strengthening Application Security from Code Scrutiny, Josh Goldberg - ASW #233

21 Mar 2023

Contributed by Lukas

Static analysis is the art of scrutinizing your code without building or running it. Common static analysis tools are formatters (which change whitesp...

ASW #232 - Josh Grossman

14 Mar 2023

Contributed by Lukas

In this segment, Josh will talk about the OWASP ASVS project which he co-leads. He will talk a little about its background and in particular how it is...

ASW #231 - Neatsun Ziv

07 Mar 2023

Contributed by Lukas

In this episode, Neatsun Ziv, co-founder and CEO of Ox security takes a deep dive into supply chain security. He focuses on the new Open Software Supp...

ASW #230 - Lina Lau

28 Feb 2023

Contributed by Lukas

Join us for this segment with Lina Lau to learn lessons from real incident response engagements covering types of attacks leveraged against the cloud,...

Throwback Episode - ASW #178

21 Feb 2023

Contributed by Lukas

It's another holiday week, so enjoy this episode from our archives! What does a collaborative approach to security testing look like? What does it tak...

ASW #229 - Nick Selby

14 Feb 2023

Contributed by Lukas

Organizations spend hundreds of work hours to build applications and services that will benefit customers and employees alike. Whether the application...

ASW #228 - Adrian Sanabria

07 Feb 2023

Contributed by Lukas

Most of the myths and lies in InfoSec take hold because they seem correct or sound logical. Similar cognitive biases make it possible for even the mos...

ASW #227 - Dr. David Movshovitz

31 Jan 2023

Contributed by Lukas

A $10M ransom demand to Riot Games, a DoS in BIND and why there's no version 10, an unexpected refactor at Twilio, insights in Rust from the git secur...

ASW #226 - Marudhamaran Gunasekaran

24 Jan 2023

Contributed by Lukas

Breach disclosures from T-Mobile and PayPal, SSRF in Azure services, Google Threat Horizons report, integer overflows and more, Rust in Chromium, ML f...

Throwback Episode - Dev(Sec)Ops Scanning Challenges & Tips - ASW170

17 Jan 2023

Contributed by Lukas

We're aren't recording this holiday week, so enjoy this ASW throwback episode! Main host Mike Shema selected this episode to share as it's still relev...

ASW #225 - Dan Moore

10 Jan 2023

Contributed by Lukas

Exposed secrets from CircleCI, web hackers target the auto industry, $100K bounty for making Google smart speakers listen, inspiration from Office Spa...

ASW #224 - Keith Hoodlet

03 Jan 2023

Contributed by Lukas

How do you mature a team responsible for securing software? What are effective ways to prioritize investments? We'll discuss a set of posts on buildin...

ASW #223 - Jeevan Singh

13 Dec 2022

Contributed by Lukas

FreeBSD joins the ping of death list, exploiting a SQL injection through JSON manipulation, Apple's design for iCloud encryption, attacks against mach...

ASW #222 - Aviv Grafi

06 Dec 2022

Contributed by Lukas

Android platform certs leaked, SQL injection to leaked credentials to cross-tenant access in IBM's Cloud Database, hacking cars through web-based APIs...

ASW #221 - Kenn White

29 Nov 2022

Contributed by Lukas

Crossing tenants with AWS AppSync, more zeros in C++ to defeat vulns, HTTP/3 connection contamination, Thinkst Quarterly review of research, building ...

ASW #220 - Daniel Krivelevich

15 Nov 2022

Contributed by Lukas

CosMiss in Azure, $70k bounty for a Pixel Lock Screen bypass, finding path traversal with Raspberry Pi-based emulators, NSA guidance on moving to memo...

ASW #219 - Karl Triebes

08 Nov 2022

Contributed by Lukas

While APIs enable innovation, they're increasingly targeted as a pathway to data. API abuses are often carried out through automated attacks, in which...

ASW #218 - Sandy Carielli, Martha Bennett

01 Nov 2022

Contributed by Lukas

A critical OpenSSL vuln is coming this Tuesday, a SQLite vuln, Apple blogs about memory safety and bug bounties, determining a random shuffle   The W...

ASW #217 - Kong Yew Chan

25 Oct 2022

Contributed by Lukas

Learn what keeps DevOps and SecOps up at night when securing Kubernetes, container, and cloud native applications, what tactics are best for developer...

ASW #216 - Jason Recla

18 Oct 2022

Contributed by Lukas

Exploiting FortiOS with HTTP client headers, mishandling memory in Linux kernel Wi-Fi stack, a field guide to security communities, secure coding reso...

ASW #215 - Akira Brand

11 Oct 2022

Contributed by Lukas

We talk with Akira Brand about appsec educational resources and crafting better resources for developers to learn about secure coding. Segment Resourc...

ASW #214 - Dean Agron

04 Oct 2022

Contributed by Lukas

The core focus of this podcast is to provide the listeners with food for thoughts for what is required for releasing secured cloud native applications...

ASW #213 - Janet Worthington

27 Sep 2022

Contributed by Lukas

Applications are the most frequent external attack vector for companies. However, application security can improve only if developers either code secu...

ASW #212 - Sam Placette

20 Sep 2022

Contributed by Lukas

Appsec places a lot of importance on secure SDLC practices, API security, integrating security tools, and collaborating with developers. What does thi...

ASW #211 - Sonali Shah

13 Sep 2022

Contributed by Lukas

Go releases their own curated vuln management resources, OSS-Fuzz finds command injection, Microsoft gets rid of Basic Auth in Exchange, NSA provides ...

ASW #210 - Doug Dooley

30 Aug 2022

Contributed by Lukas

We will review the primary needs for cloud security: - Guardrails against misconfiguration - Continuously Identify and Remediate Vulnerabilities in Cl...

ASW #209 - Kiran Kamity

23 Aug 2022

Contributed by Lukas

The unique nature of cloud native apps, Kubernetes, and microservices based architectures introduces new risks and opportunities that require AppSec p...

ASW #208 - Tanya Janca

17 Aug 2022

Contributed by Lukas

Let's talk about adding security tools to a CI/CD, the difference between "perfect" and "good" appsec, and my upcoming book. Segment Resources: https:...

ASW #207 - Chen Gour Arie

09 Aug 2022

Contributed by Lukas

In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development intro...

ASW #206 - Manish Gupta

04 Aug 2022

Contributed by Lukas

In our first segment, we are joined by Manish Gupt, the CEO and Co-Founder of ShiftLeft for A discussion of how the changes and advancements in static...

ASW #199 - Nikhil Gupta

28 Jul 2022

Contributed by Lukas

Nikhil will be discussing the pain points that leaders in the application security space are facing, which can cover how software development has evol...

ASW #205 - Ferruh Mavituna

25 Jul 2022

Contributed by Lukas

Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting ...

ASW #204 - Larry Maccherone

20 Jul 2022

Contributed by Lukas

0-day vulnerabilities pose a high risk because cybercriminals race to exploit them and vulnerable systems are exposed until a patch is issued & instal...

ASW #203 - Farshad Abasi

15 Jul 2022

Contributed by Lukas

This week in the AppSec News: Apple introduces Lockdown Mode, PyPI hits 2FA trouble, cataloging cloud vulns, practical attacks on ML, NIST's post-quan...

ASW #202 - Mike Benjamin

14 Jul 2022

Contributed by Lukas

Both GraphQL and template engines have the potential for injection attacks, from potentially exposing data due to weak authorization in APIs to the sl...

ASW #201 - IE11 Goes to Zero

12 Jul 2022

Contributed by Lukas

This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firm...

ASW #200 - Keith Hoodlet

08 Jul 2022

Contributed by Lukas

HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022...

ASW #198 - Matias Madou

22 Jun 2022

Contributed by Lukas

Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. Matias Madou joins to t...

ASW #197 - Brian Glas

20 May 2022

Contributed by Lukas

This week, in the first segment, Brian Glas answers the questions surrounding the next generations of AppSec professionals: What does it look like to ...

ASW #196 - Christoph Nagy

10 May 2022

Contributed by Lukas

This week, Mike and John kick off the show with an interview of Christoph Nagy, the CEO of SecurityBridge! Then, in the AppSec News: Secure coding pra...

ASW #195 - Lynn Marks

03 May 2022

Contributed by Lukas

This week, Mike and John interview Lynn Marks, Product Manager at Imperva, & discuss Bad Bots: The Automated Threat Targeting Your Websites, Apps, & A...

ASW #194 - Dr. Chenxi Wang

26 Apr 2022

Contributed by Lukas

How should we empower developers to embrace the NIST software development practices? Because from here on out, developers need to view themselves as t...

ASW #193 - AppSec (& adjacent) Metrics

19 Apr 2022

Contributed by Lukas

We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and i...

ASW #192 - William Morgan

12 Apr 2022

Contributed by Lukas

The zero trust approach can be applied to almost every technology choice in the modern enterprise, and Kubernetes is no exception. For Kubernetes netw...

ASW #191 - Eric Allard

05 Apr 2022

Contributed by Lukas

Making a positive impact to how we package software to make developer's lives easier in how they have to manage security. FORCEDENTRY implications for...

ASW #190 - Harshil Parikh

29 Mar 2022

Contributed by Lukas

Developers ignore security issues. But can we really blame them? After all, security folks bombard them with an endless stream of issues that need to ...

ASW #189 - Alvaro Muñoz

22 Mar 2022

Contributed by Lukas

This week in the AppSec News: A great escape isn't always as great as it sounds, Solana cryptocurrency logic isn't always as great as intended, some p...

ASW #188 - Farshad Abasi

16 Mar 2022

Contributed by Lukas

Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general information security, with little or no att...

ASW #187 - Lebin Cheng

08 Mar 2022

Contributed by Lukas

As the volume of API traffic increases, it becomes a greater threat to an organization's sensitive data. Motivated attackers will increasingly target ...

Good People - ASW #186

01 Mar 2022

Contributed by Lukas

This week, we welcome Steve Wilson, Chief Product Officer at Contrast Security, to discuss Integrating Appsec Tools for DevOps Teams! In the AppSec ne...

The DIY Lab - ASW #185

22 Feb 2022

Contributed by Lukas

Lots of web hacking can be done directly from the browser. Throw in a proxy like Burp plus the browser's developer tools window and you've got a nearl...

Tasty Beverage - ASW #184

15 Feb 2022

Contributed by Lukas

Doug Kersten, CISO of Appfire, will discuss how the nature of vulnerabilities today makes it critical for developers to make sure they're building pro...

Internal Jokes - ASW #183

08 Feb 2022

Contributed by Lukas

Security is one of the most evolving and impactful landscapes in the regulatory sphere. Proposed initiatives in the areas of Incident Response, Softwa...

Perfect Direction - ASW #182

01 Feb 2022

Contributed by Lukas

This week, we welcome Larry Maccherone, DevSecOps Transformation at Contrast Security, to discuss Shift Left, NOT S#!T LEFT! In the AppSec News: PwnKi...

Cheesy Tomato Dreams - ASW #181

25 Jan 2022

Contributed by Lukas

It is hard, if not impossible, to secure something you don't know exists. While security professionals spend countless hours on complex yet interestin...

Something For Everybody - ASW #180

20 Jan 2022

Contributed by Lukas

This isn't a story about NPM even though it's inspired by NPM. Twice. The maintainer of the "colors" NPM library intentionally changed the library's b...

Big Smiles - ASW #179

11 Jan 2022

Contributed by Lukas

There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take to broaden what we call appsec into some...

Fuzzing Like It's 1999 - ASW #178

21 Dec 2021

Contributed by Lukas

What does a collaborative approach to security testing look like? What does it take to tackle an entire attack class as opposed to fixing a bunch of b...

Vulnerability Phone - ASW #177

14 Dec 2021

Contributed by Lukas

This week, we welcome Francesco Cipollone - CEO & Founder - AppSec Phoenix Ltd, to discuss DevSecOps, Compliance GRC, and the Future of Application Se...

Cyber Monday - ASW #176

30 Nov 2021

Contributed by Lukas

In today's session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and sec...

Max Headroom - ASW #175

23 Nov 2021

Contributed by Lukas

This week, we welcome Liam Randall, CEO at Cosmonic, to talk about wasmCloud - Distributed Computing With WebAssembly! CNCF wasmCloud helps developers...
«« ← Prev Page 2 of 4 Next → »»