Application Security Weekly (Video)
580 episodes - English - Latest episode: 5 days ago - ★★★★ - 5 ratingsThe Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.
Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Binary Planting, GitLab, and DevOps Pipelines - ASW #89
December 18, 2019 10:00 - 39 minutes - 63.3 MB VideoBinary Planting with the npm CLI is another way to describe one of our favorite attacks, GitLab Doles Out Half a Million Bucks to White Hats, Speculation & leakage: Timing side channels & multi-tenant computing from AWS re:invent. A great talk from a the perspective of a threat model where such attacks are a critical part of the threat model, How can we integrate security into the DevOps pipelines? By picking from many of the great resources in this article, Go passwordless to strengthen sec...
API Security - Dave Ferguson - ASW #89
December 17, 2019 10:00 - 32 minutes - 151 MB VideoDave Ferguson is the Director of Product Management, WAS at Qualys. Dave will discuss the issue of latent vulnerabilities and how they may linger in your custom-coded web applications and APIs, presenting an enticing target for attackers. Full Show Notes: https://securityweekly.com/qualys Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode89
The World Runs On Open-Source, But Who's Paying For Gas? - ASW #88
December 11, 2019 10:00 - 30 minutes - 141 MB VideoIn the Application Security News, GitHub Seeks Security Dominance With Developers, IoT and Agile Framework Partners in Efficacy, WhiteSource acquires & open sources Renovate dependency update tool set, and Java vs. Python: Which should you choose? So stay tuned, for Application Security Weekly! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode88
Software Bill of Materials (SBOM) - Allan Friedman - ASW #88
December 10, 2019 10:00 - 37 minutes - 172 MB VideoAllan Friedman is the Director of Cybersecurity Initiatives of NTIA (National Telecommunication and Information Administration) US Dept of Commerce. The problem: unknown software supply chain. Following a newly identified software risk, very few firms can answer the simple question: Am I affected? An overview of the solution: what is an SBOM, and how is it used. Where we are: some background on why the govt is doing this, the results thus far, and where we are going next. Potential to discus...
Facebook, Twitter, & Firefox - ASW #87
December 04, 2019 10:00 - 28 minutes - 132 MB VideoAnalysis of Jira Bug Stresses Impact of SSRF in Public Cloud, DevSecOps Adoption and the Web Security Myth, Facebook, Twitter profiles slurped by mobile apps using malicious SDKs, Firefox gets tough on tracking tricks that sneakily sap your privacy, and Decoding the Modern Enterprise Software Spaghetti. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode87
Bot Management - Sandy Carielli - ASW #87
December 03, 2019 10:00 - 35 minutes - 162 MB VideoSandy Carielli is the Principal Analyst at Forrester Research. Discuss the impact of good and bad bots on enterprises and how it is both a security and customer experience problem. Review how the bot management marketing is evolving and how WAFs are buying up or partnering with bot management tools to expand their reach. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode87
Application News - ASW #86
November 28, 2019 10:00 - 32 minutes - 148 MB Video$1M Google Hacking Prize, 1.2B Records Exposed in Massive Server Leak, How Attackers Could Hijack Your Android Camera to Spy on You, XSS in GMail’s AMP4Email via DOM Clobbering, and much more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode86
Development Decisions Affect The Security Of Any Application - Tim Mackey - ASW #86
November 27, 2019 10:00 - 33 minutes - 153 MB VideoTim Mackey is the Principal Security Strategist at Synopsys. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app. To learn more about Synopsys, visit: https://securityweekly.com/synopsys Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode86
Sysdig Secure 3.0 - Pawan Shankar - ASW #85
November 20, 2019 10:00 - 36 minutes - 169 MB VideoPawan Shankar is the Senior Product Marketing Manager of Sysdig. Sysdig is very excited to announce the launch of Sysdig Secure 3.0! With this release, Sysdig Secure is the industry’s first security tool to bring both threat prevention and incident response to Kubernetes. To learn more about Sysdig, visit: https://securityweekly.com/sysdig Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode85
Mirantis' Docker, CISOs, & End of Life Dates - ASW #85
November 19, 2019 10:00 - 28 minutes - 133 MB VideoThis site maintains quick links for checking End Of Life dates for various tools and technologies, Mirantis' Docker Enterprise acquisition a lifeline as industry shifts to Kubernetes, Website, Know Thyself: What Code Are You Serving? because it might have a, Self-Cleaning Payment Card-Skimmer Infects E-Commerce Sites, Attackers' Costs Increasing as Businesses Focus on Security, Soft Skills: 6 Nontechnical Traits CISOs Need to Succeed, and Three Ways Developers Can Worry Less About Security. ...
Application News - ASW #84
November 14, 2019 10:00 - 33 minutes - 155 MB VideoPwn2Own Tokyo Roundup: Amazon Echo, Routers, Smart TVs Fall to Hackers, Robinhood Traders Discovered a Glitch That Gave Them 'Infinite Leverage', Bugcrowd Pays Out Over $500K in Bounties in One Week, GWP-ASan: Sampling heap memory error detection in-the-wild, and much more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode84
Security Testing - ASW #84
November 13, 2019 10:00 - 31 minutes - 146 MB VideoMike, Matt, and John talk about security testing. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode84
Application News - ASW #83
November 06, 2019 10:00 - 31 minutes - 145 MB VideoStable Channel Update for Desktop Chrome users should upgrade to, Overcoming the container security conundrum: What enterprises need to know, Security Think Tank: In the cloud, the buck stops with you, PHP Bug Allows Remote Code-Execution on NGINX, Servers and patch details at Sec Bug #78599, Raising Security Awareness: Why Tools Can't Replace People, and much more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode83
Teaching Security In Software Development - Daniel Lowrie, Justin Dennison - ASW #83
November 05, 2019 10:00 - 35 minutes - 162 MB VideoWe interview Daniel Lowrie, who is an Edutainer at ITProTV and Justin Dennison, who is also an Edutainer at ITProTV. Dan and Justin talk about how to bridge the gap between a developer and security. Developers are faced with the challenges of working under pressure to get things done quickly, often overlooking securing their code. We'll discuss the strategies to capture interest while addressing common pitfalls. To learn more about ITProTV, visit: https://securityweekly.com/itprotv Visit h...
Application News - ASW #82
October 30, 2019 09:00 - 33 minutes - 153 MB VideoTop cloud security controls you should be using, State of Software Security X, Developers: The Cause of and Solution to Security's Biggest Problems, and much more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode82
Bug Bounties, Pentesting, & Scanners - ASW #82
October 29, 2019 09:00 - 32 minutes - 149 MB VideoMike Shema, Matt Alderman, and John Kinsella, talk about Bug Bounties, Pentesting, & Scanners. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode82
Application News - ASW #81
October 23, 2019 09:00 - 35 minutes - 164 MB VideoFrom Stackoverflow to CVE, with some laughs along the way, Four-Year-Old Critical Linux Wi-Fi Bug Allows System Compromise, Recent Site Isolation improvements in Chrome, policy_sentry is an IAM Least Privilege Policy Generator, auditor, and analysis database, and much more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode81
Doug Coburn, Signal Sciences - Doug Coburn - ASW #81
October 22, 2019 09:00 - 34 minutes - 161 MB VideoDoug Coburn is the Director, Professional Services at Signal Sciences. Doug will be discussing Containers, Layer 7, and application security. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode81
Application News - ASW #80
October 16, 2019 09:00 - 31 minutes - 144 MB VideoIn the Application Security News, Key takeaways from Imperva breach, From Automated Cloud Deployment to Progressive Delivery, Designing Your First App in Kubernetes: An Overview Food for Thought, Autonomy and the death of CVEs?, and AppSec 'Spaghetti on the Wall' Tool Strategy Undermining Security! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode80
Francois Lascelles, Ping Identity - ASW #80
October 15, 2019 09:00 - 34 minutes - 156 MB VideoFrancois is a member of the Ping Identity Office of the CTO. He provides product and strategic direction to customers and partners with a focus on API infrastructures security and API cybersecurity. To learn more about Ping Identity, visit: https://securityweekly.com/ping Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode80
Application News - ASW #79
October 09, 2019 09:00 - 36 minutes - 166 MB VideoEx-Yahoo Engineer Abused Access to Hack 6,000 User Accounts, American Express Insider Breaches Cardholder Information, How a double-free bug in, WhatsApp turns to RCE, Flare-on 6 2019 Writeups, Five Trends Shaping the Future of Container Security, and Common Pitfalls of Security Monitoring! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode79
Cloud Security for Small Teams - ASW #79
October 08, 2019 09:00 - 39 minutes - 63.2 MB VideoHow to step in and help with small cloud security teams. Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/ASWEpisode79
Application News - ASW #78
October 02, 2019 09:00 - 30 minutes - 141 MB VideoThreat Actors Use Percentage-Based URL Encoding to Bypass Email Gateways, Intelligent Tracking Prevention 2.3 and a discussion to Limit the length of the Referer header with some background on Browser Side Channels, Serverless Security Threats Loom as Enterprises Go Cloud Native, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode78 Visit https://www.securityweekly.com/asw for all the latest episodes!
Information Disclosure Vulnerabilities - Ryan Kelso - ASW #78
October 01, 2019 09:00 - 119 MB VideoRyan Kelso is the Application Security Engineer at 10-Sec, Inc. Former developer turned application security engineer with a passion for giving back to the security community that has helped me out tremendously with getting into this field. Information disclosures traditionally aren't seen as high priority fixes, but can be pretty important in an exploitation chain. The more information provided to an attacker, the better equipped that attacker is. Full Show Notes: https://wiki.securitywee...
Training For Developers - Nicolas Valcárcel - ASW #77
September 24, 2019 09:00 - 38 minutes - 179 MB VideoNicolas Valcárcel is the Security Engineer at AdRoll. Nicolas Developers and security professional have vastly different views of the world, so it's not uncommon that trainings created by the later don't fully reach the former. Training for developers should be made with their tools and with their view of the world in mind. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77 Visit https://www.securityweekly.com/asw for all the latest episodes!
Application News - ASW #77
September 23, 2019 18:57 - 29 minutes - 137 MB VideoBSIMM10 Emphasizes DevOps' Role in Software Security and the BSIMM10 report, Crowdsourced Security & the Gig Economy, Lessons learned through 15 years of SDL at work, Software eats the world, jobs double US employment growth rate, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode77 Visit https://www.securityweekly.com/asw for all the latest episodes!
Bugs, Breaches, & More - ASW #76
September 18, 2019 09:00 - 28 minutes - 133 MB VideoSimjacker – Next Generation Spying Over Mobile, Intel CPUs Vulnerable to Sensitive Data Leakage in NetCAT Attack and NetCAT: Practical Cache Attacks from the Network, What is PSD2? And how it will impact the payments processing industry, Better Together: Why Software-Development Toolmakers Should Embrace Integration, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode143 Visit https://www.securityweekly.com/asw for all the latest episodes!
OWASP Application Security Verification Standard - ASW #76
September 16, 2019 18:55 - 44 minutes - 68.2 MB VideoThe OWASP Application Security Verification Standard (ASVS) Project provides a basis for testing web application technical security controls and also provides developers with a list of requirements for secure development. The excel tool Jay Durga developed can be used to measure metric or as a guidance document for testing effectiveness of security controls put in place in your SDLC and DevOps process. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode76 Visit https://www.securit...
Bugs, Breaches, & More - ASW #75
September 11, 2019 09:00 - 32 minutes - 148 MB VideoA very deep dive into iOS Exploit chains found in the wild followed by Heap Exploit Development, Twitter turns off SMS texting after @Jack hijacking, CVE-2019-15846: Unauthenticated Remote Command Execution Flaw Disclosed for Exim, 7 Steps to Web App Security, Fuzzing 101: Why Bug Hunters Still Love It After All These Years, and more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75 Visit https://www.securityweekly.com/asw for all the latest episodes!
Tools in the DevOps Pipeline: Ty Sbano, Sisense - ASW #75
September 10, 2019 09:00 - 39 minutes - 63 MB VideoTy Sbano is the Cloud Chief Information Security Officer of Sisense. Ty will be discussing Tools in the DevOps Pipeline, Component Analysis, and Anything Application Security! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode75 Visit https://www.securityweekly.com/asw for all the latest episodes!
Black Hat Interviews - WhiteSource and Venafi - ASW #74
August 28, 2019 09:00 - 30 minutes - 137 MB VideoWe interview Azi Cohen the Co-founder of WhiteSource. He will be talking about Application security has undergone a transition in recent years, as information security teams testing products before release became irrelevant, developers started playing a leading role in the day-to-day operational responsibility for application security. We then interview Jeff Hudson the CEO of Venafi. He will talk about code signing that has been used to verify the integrity of software, and nearly every orga...
Container Security With Sysdig Secure 2.4 - Pawan Shankar - ASW #74
August 26, 2019 20:55 - 36 minutes - 171 MB VideoPawan Shankar is the Senior Product Marketing Manager of Sysdig. Sysdig is very excited to announce the launch of Sysdig Secure 2.4! With this release, Sysdig adds runtime profiling to enhance anomaly detection and introduces brand new interfaces that improve runtime security policy creation and vulnerability reporting. To learn more about Sysdig, visit: https://securityweekly.com/sysdig Full Show Notes: https://wiki.securityweekly.com/ASW_Episode74 Visit https://www.securityweekly.com/asw...
Bugs, Breaches, and More! - ASW #73
August 21, 2019 09:00 - 38 minutes - 176 MB VideoCVE-2019-1162 showcases elevation of privilege in an ancient Windows component. HTTP/2 Denial of Service Advisory with seven vulns that affects the protocol implemented by several vendors, SSH certificate authentication for GitHub Enterprise Cloud works well with tools like Sharkey and BLESS. We talked more about ephemeral access and SSH in episode 71, Polaris Points the Way to Kubernetes Best Practices, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit ht...
Ping Identity, Cequence, & NowSecure - ASW #73
August 20, 2019 09:00 - 42 minutes - 65 MB VideoAt Black Hat 2019, we interviewed: Ameya Talwalker from Cequence, Mark Batchelor from PING Identity, and Michael Krueger from NowSecure! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode73 Visit https://www.securityweekly.com/asw for all the latest episodes!
Application News - ASW - News #72
August 14, 2019 09:00 - 32 minutes - 149 MB VideoFrom Equifax to Capital One: The problem with web application security, Upcoming Change to Chrome's Identity Indicators means the EV UI Moving to Page Info, Apple extends its bug bounty program to cover macOS with $1 million in rewards, Azure Security Lab: a new space for Azure research and collaboration, Awarding Google Cloud Vulnerability Research, and more! Full Show Notes: https://wiki.securityweekly.com/BSWEpisode139 Visit https://www.securityweekly.com/asw for all the latest episodes!
Hacker Summer Camp Round-UP - ASW - Topic #72
August 13, 2019 14:19 - 31 minutes - 147 MB VideoMike Shema and Matt Alderman discuss Hacker Summer Camp as the Security Weekly team has returned from Las Vegas. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode72 Visit https://www.securityweekly.com/asw for all the latest episodes!
Application News - Application Security Weekly #71
July 31, 2019 09:00 - 37 minutes - 172 MB VideoRare Steganography Hack Can Compromise Fully Patched Websites, Bug Bounties Continue to Rise as Google Boosts its Payouts, Snyk Acquires DevSecCon to Boost DevSecOps Community, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!
Container Security Today - Application Security Weekly #71
July 30, 2019 09:00 - 36 minutes - 168 MB VideoMurray Goldschmidt is the COO & Co-founder of Sense of Security. Murray talks about The state of container security in the enterprise. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode71 Visit https://www.securityweekly.com/asw for all the latest episodes!
Application News - Application Security Weekly #70
July 24, 2019 09:00 - 31 minutes - 147 MB VideoSupPy Chain Malware - Detecting malware in package manager repositories, Attacking SSL VPN, Solving Digital Transformation Cybersecurity Concerns With DevSecOps, How I Could Have Hacked Any Instagram Account, Tracking Anonymized Bluetooth Devices and Bluetooth Bug, Enables Tracking on Windows 10, iOS & macOS Devices, 2019 Global Developer Report: DevSecOps finds security roadblocks divide teams and GitLab Survey Surfaces Major DevSecOps Challenges Ahead. Full Show Notes: https://wiki.secur...
Secure App Deployment With Unikernels - Application Security Weekly #70
July 23, 2019 09:00 - 33 minutes - 154 MB VideoIan Eyber is the CEO of NanoVMs. Unikernels are an emerging trend in software deployment because of their isolation, performance and size. However they are still very much new so it's good to learn what benefits they bring and what their current drawbacks are. Listeners might be surprised to learn how many unikernel implementations there are and what organizations are actively using them. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode70 Visit https://www.securityweekly.com/as...
Application News - Application Security Weekly #69
July 17, 2019 09:00 - 35 minutes - 162 MB VideoYes, the zoom thing, 50 Ways to Leak Your Data in 1,300 Popular Android Apps Access Data, Without Proper Permissions, GE Aviation exposed internal configs via open Jenkins instance, Preparing your enterprise to eliminate passwords, DevSecOps Survey Finds Failure to Communicate, What Quality Metrics Matter Most for DevOps? Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly
Securing Multi-Cloud Environments - Application Security Weekly #69
July 16, 2019 09:00 - 39 minutes - 63.3 MB VideoGururaj Pandurangi is a founder and CEO of Cloudneeti, a software-as-a-service company focused on continuous cloud security, data privacy and compliance assurance. Gururaj is coming on the show to discuss security in multi-cloud environments. To learn more about Cloudneeti, visit: https://securityweekly.com/cloudneeti Full Show Notes: https://wiki.securityweekly.com/ASW_Episode69 Follow us on Twitter: https://www.twitter.com/securityweekly
Application News - Application Security Weekly #68
July 10, 2019 09:00 - 32 minutes - 149 MB VideoWordPress Plugin WP Statistics Patches XSS Flaw, Three RCEs in Android's Media framework, Nine Best Practices For Integrating Application Security Testing Into DevOps, 6 Traits That Define DevSecOps, and much more! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly
Cloud Native - Application Security Weekly #68
July 09, 2019 09:00 - 31 minutes - 147 MB VideoMike Shema, John Kinsella, and Matt Alderman talk cloud native from an application perspective. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode68 Follow us on Twitter: https://www.twitter.com/securityweekly
Security Training for Devs - Application Security Weekly #67
July 03, 2019 09:00 - 34 minutes - 158 MB VideoMike Shema, John Kinsella, & Matt Alderman discuss security training for Devs! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly
GKE, AWS, & S3 Buckets - Application Security Weekly #67
July 02, 2019 09:00 - 30 minutes - 141 MB VideoGKE improves authentication with Workload Identity, AWS reinforce reveals traffic tools and security solutions that improve support for DevOps, Brief history of Trusted Execution Environments, From the Enterprise's Project: How to Explain Service Mesh in Plain English, Developers and Security Teams Under Pressure to Collaborate! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode67 Follow us on Twitter: https://www.twitter.com/securityweekly
Don't Ignore APIs - Application Security Weekly #66
June 26, 2019 09:00 - 24 minutes - 111 MB VideoAPI are now over 80% of the HTTP traffic and enterprise application breaches through compromised APIs are mounting!. A guide to API Security. They also discuss Public VS Private APIs and if the best practice should be segregation of the two. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly
Osquery, Netflix, & Mozilla - Application Security Weekly #66
June 25, 2019 09:00 - 41 minutes - 65.5 MB VideoMozilla pushes a patch onto an Array, Netflix shares a stream of patches, Breach to bankruptcy for healthcare company, Osquery becomes a foundational tool, Avoiding DevOps dangers, and Assigning DevOps directions! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode66 Follow us on Twitter: https://www.twitter.com/securityweekly
Bugs, Breaches, and More! - Application Security Weekly #65
June 19, 2019 09:00 - 35 minutes - 165 MB VideoThere's no escape that will save you..., the privilege of running a Chrome extension, and Four practices towards DevSecOps! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly
Shannon Lietz, Intuit - Application Security Weekly #65
June 18, 2019 09:00 - 33 minutes - 155 MB VideoMike Shema and John Kinsella interview Shannon Lietz, the Director Information Security at Intuit about DevOps. Full Show Notes: https://wiki.securityweekly.com/ASW_Episode65 Follow us on Twitter: https://www.twitter.com/securityweekly