Absolute AppSec
294 episodes - English - Latest episode: 13 days ago - ★★★★★ - 17 ratingsA weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Episode 44: AppSec California, running a Bug Bounty program, and David Coursey
January 30, 2019 04:00 - 41.7 MBSeth and Ken are joined once again by David Coursey (@dacoursey) to review topics from AppSec California 2019, including building developer relationships and the OWASP ZAP HUD. Ken and Dave answer questions about the time investment required to support a Bug Bounty program. David discusses his role at Allstate.
Episode 43: DerbyCon, pwnhead, and Keith Hoodlet
January 16, 2019 04:00 - 46.3 MBSeth and Ken are joined by Keith Hoodlet (@andMyHacks) to discuss DerbyCon, pwnhead, and application security in medical devices.
Episode 42: SSRF Rebinding and Segment Team (Leif Dreizler and David Scrobonia)
January 09, 2019 04:00 - 40.9 MBSeth and Ken discuss SSRF Rebinding defenses with Segment (Leif, David, and Achille). Additional topics include password complexity, password resets, and using Troy Hunt's breach database.
Episode 41: Hidden File/Dir Enumeration and Will Bengtson
December 19, 2018 04:00 - 37 MBSeth and Ken discuss hidden file and directory enumeration. Joined by Will Bengtson to talk AWS and cloud security, including cloudtrail and trailblazer.
Episode 40: Code Reviews
December 12, 2018 04:00 - 36.4 MBSeth and Ken talk through secure code reviews and assessment scoping, more on breaches, the Google congressional hearings and more.
Episode 39: Jerry Gamblin
December 05, 2018 04:00 - 45.1 MBIs there such a thing as breach fatigue? When have we had enough? Seth and Ken are joined by Jerry Gamblin of Kenna Security to discuss recent breaches and AWS Re:Invent.
Episode 38: Matt Konda
November 28, 2018 04:00 - 44.4 MBSeth and Ken discuss node packages and event_stream fallout. Matt Konda (@mkonda) joins to talk about OWASP, the Glue tool, Jemurai and his origin story and other topics.
Episode 37: Stefan Edwards
November 21, 2018 04:00 - 43.3 MBSeth and Ken discuss security gifts for appsec peeps. Joined by Stefan Edwards (@lojikil) to talk about his origin story (Seth gets bagged on), formal verification, and a multitude of other topics.
Episode 36: Mike McCabe
November 14, 2018 04:00 - 41 MBSeth and Ken discuss cross-site scripting and input validation/output encoding findings. Later joined by Mike McCabe's (@mccabe615) talking about cloud security, building an appsec program, interviews (both for and against) and CHRISTMAS.
Episode 35: Travis McPeak
November 07, 2018 04:00 - 35.2 MBSeth and Ken discuss server side request forgery and then pick Travis McPeak's (@travismcpeak) brain about AWS security, his path into security, QA testing, and Netflix cloud security tools.
Episode 34: Stefan Edwards
October 31, 2018 04:00 - 41.8 MBSeth and Ken are joined last minute by Stefan Edwards (@lojikil) to talk about security unit tests, fuzzing, and all things you will need to google later on. Blockchains and secure contracts are introduced and somewhat explained.
Episode 33: John Melton
October 03, 2018 04:00 - 55.7 MBSeth and Ken go over fully vetting functions during code reviews. John Melton (@_jtmelton) talks with Ken and Seth about static analysis tools, building an appsec program, open source, and more.
Episode 32: Eric Johnson
September 19, 2018 04:00 - 43.9 MBSetup tips for starting an assessment with Burp Suite Professional. Eric Johnson (@emjohn20) talks with Ken and Seth about Roslyn, building Puma Scan, SANS, and more.
Episode 31: Rob Fuller
September 12, 2018 04:00 - 40.5 MBPractical advice on submitting and writing effective findings for bug bounties and reports. Rob Fuller (@mubix) talks about his path into security, CCDC, volunteerism, NoVA Hackers and more.
Episode 30: Dave Ferguson
September 05, 2018 04:00 - 43.2 MBDave Ferguson (@_sc0rn) talks about the futility of developer training, initial discovery of CSRF in on netflix.com, and application scanning with Ken and Seth.
Episode 29: Matt Tesauro
August 29, 2018 04:00 - 43.8 MBMatt Tesauro (@matt_tesauro) talks OWASP, community involvement, Defect Dojo, and the AppSec Pipeline toolbox with Ken and Seth.
Episode 28: Astha Singhal
August 22, 2018 04:00 - 35.9 MBAstha Singhal (@astha_singhal) joins Ken and Seth to talk automating application security and bug bounties.
Episode 27: Jim Manico
August 15, 2018 04:00 - 41.7 MBKen and Seth are joined by Jim Manico (@manicode) RAW, training, OWASP, code security, and all things AppSec.
Episode 26: Justin Larson
August 01, 2018 04:00 - 32.8 MBKen and Seth are joined by Justin Larson (@Phant0mTrav3ler) and talk about building an AppSec program from scratch.
Episode 25: Scott Piper
July 25, 2018 04:00 - 36.8 MBKen and Seth are joined by Scott Piper (@0xdabbad00) and talk AWS Security, including https://flaws.cloud, cloud mapper, and cloud tracker projects.
Episode 24: Jason White
July 18, 2018 04:00 - 35.4 MBKen and Seth are joined by Jason White (@misfir3) and talk about transitioning from a developer to an application security professional.
Episode 23: Ken Toler
July 11, 2018 04:00 - 34.7 MBKen and Seth are joined by Ken Toler (@relotnek) and talk security champions and security program management.
Episode 22: Jimmy Mesta
June 29, 2018 04:00 - 37.1 MBKen and Seth are joined by Jimmy Mesta (@jimmesta) to talk about Kubernetes and container security.
Episode 21: Alex Smolen
June 22, 2018 04:00 - 42 MBKen and Seth are joined by Alex Smolen (@alsmola) to talk about current events, cloudtrail audit, and webauthn.
Episode 20: Authentication and JWTs
June 20, 2018 04:00 - 26.2 MBKen and Seth talk more about authentication, JWTs and everything that is wrong with both of them.
Episode 19: CFPs and More
June 06, 2018 04:00 - 43 MBKen and Seth talk about current events, submitting CFPs, and more
Episode 18: Chris Gates
May 30, 2018 04:00 - 45.6 MBKen and Seth are joined by Chris Gates to talk about Purple Teaming and the WeirdAAL tool
Episode 17: Efail and CSRF
May 16, 2018 04:00 - 19.7 MBKen and Seth talk about current news (Efail) and CSRF Tokens
Episode 16: Hipster Languages
May 09, 2018 04:00 - 35.7 MBKen and Seth talk about hipster languages and frameworks
Episode 15: Kevin Cody
May 02, 2018 04:00 - 48.4 MBKevin Cody joins Ken and Seth to talk about mobile security testing
Episode 12: Justin Collins
April 05, 2018 04:00 - 53.3 MBKen and Justin Collins join from LocoMocoSec to discuss static analyzers
Episode 11: David Coursy and Stefan Edwards
March 28, 2018 04:00 - 41.8 MBDavid Coursey and Stefan Edwards reprise their discussion with Ken and Seth
Episode 10: Jimmy Mesta
March 14, 2018 04:00 - 41.3 MBJimmy Mesta joins Seth and Ken to talk about Kubernetes and Container security.
Episode 9: Jason Haddix
March 07, 2018 04:00 - 37.3 MBSeth and Ken talk with Jason Haddix about bug bounties
Episode 5: Stefan Edwards and Dave Coursey
February 07, 2018 04:00 - 41.2 MBFeaturing Guests Stefan Edwards and David Coursey