Latest Appsec Podcast Episodes
Shared Responsibility Models, AI in Offensive Security, Apple's Private Cloud Compute - ASW #289
Application Security Weekly (Video) - June 25, 2024 21:00 - 24 minutes - Video ★★★★ - 5 ratingsThoughts on shared responsibility models after the Snowflake credential attacks, looking at AI's current and future role in offensive security, secure by design lessons from Apple's Private Cloud Computer, and more! Show Notes: https://securityweekly.com/asw-289
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
Application Security Weekly (Video) - June 25, 2024 15:41 - 37 minutes - Video ★★★★ - 5 ratingsOAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable. ...
OAuth 2.0 from Protecting APIs to Supporting Authorization & Authentication - Aaron Parecki - ASW #289
Application Security Weekly (Audio) - June 25, 2024 15:41 - 1 hour ★★★★★ - 11 ratingsOAuth 2.0 is more than just a single spec and it's used to protect more than just APIs. We talk about challenges in maintaining a spec over a decade of changing technologies and new threat models. Not only can OAuth be challenging to secure by default, but it's not even always inter-operable. ...
Learning EBPF - Liz Rice - ASW Vault
Application Security Weekly (Audio) - June 18, 2024 16:00 - 37 minutes ★★★★★ - 11 ratingsCheck out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kerne...
Learning EBPF - Liz Rice - ASW Vault
Application Security Weekly (Video) - June 18, 2024 16:00 - 37 minutes - Video ★★★★ - 5 ratingsCheck out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 4, 2023. Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kerne...
Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288
Application Security Weekly (Video) - June 11, 2024 14:46 - 38 minutes - Video ★★★★ - 5 ratingsLooking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVEs, a nod to PHP's history, and more! Show Notes: https://securityweekly.com/asw-288
Microsoft Recall's Security & Privacy, Hacking Web APIs, Secure Design Pledge - ASW #288
Application Security Weekly (Audio) - June 11, 2024 14:46 - 38 minutes ★★★★★ - 11 ratingsLooking at use cases and abuse cases of Microsoft's Recall feature, examples of hacking web APIs, CISA's secure design pledge, what we look for in CVEs, a nod to PHP's history, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly....
Bots are Taking Over the Internet & Defining ASPM - Idan Plotnik, Erez Hasson - ASW #287
Application Security Weekly (Video) - June 04, 2024 21:00 - 30 minutes - Video ★★★★ - 5 ratingsApplication security posture management has quickly become a hot commodity in the world of AppSec, but questions remain around what is defined by ASPM. Vendors have cropped up from different corners of the AppSec space to help security teams make their programs more effective, improve their secu...
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Luis Villa - ASW #287
Application Security Weekly (Video) - June 04, 2024 14:07 - 42 minutes - Video ★★★★ - 5 ratingsOpen source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining...
Open Source Software Supply Chain Security & The Real Crisis Behind XZ Utils - Idan Plotnik, Luis Villa, Erez Hasson - ASW #287
Application Security Weekly (Audio) - June 04, 2024 14:07 - 1 hour ★★★★★ - 11 ratingsOpen source has been a part of the software supply chain for decades, yet many projects and their maintainers remain undersupported by the companies that consume them. The security responsibilities for project owners has increased not only in dealing with security disclosures, but in maintaining...
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
Application Security Weekly (Audio) - May 28, 2024 21:00 - 30 minutes ★★★★★ - 11 ratingsWith hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all i...
Securing Shadow Apps & Protecting Data - Guy Guzner, Pranava Adduri - ASW Vault
Application Security Weekly (Video) - May 28, 2024 21:00 - 30 minutes - Video ★★★★ - 5 ratingsWith hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all i...
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault
Application Security Weekly (Video) - May 28, 2024 17:40 - 36 minutes - Video ★★★★ - 5 ratingsCheck out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023. We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities....
Collecting Bounties and Building Communities - Ben Sadeghipour - ASW Vault
Application Security Weekly (Audio) - May 28, 2024 17:40 - 36 minutes ★★★★★ - 11 ratingsCheck out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on April 18, 2023. We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities....
Unpacking XDR & Business Applications - Chris Thomas, Oliver Tavakoli - ASW #286
Application Security Weekly (Video) - May 21, 2024 21:00 - 30 minutes - Video ★★★★ - 5 ratingsThe challenge of evaluating threat alerts in aggregate – what a collection and sequence of threat signals tell us about an attacker’s sophistication and motives – has bedeviled SOC teams since the dawn of the Iron Age. Vectra AI CTO Oliver Tavakoli will discuss how the design principles of our X...
Node.js Secure Coding - Oliver Tavakoli, Chris Thomas, Liran Tal - ASW #286
Application Security Weekly (Audio) - May 21, 2024 15:41 - 1 hour ★★★★★ - 11 ratingsSecure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experienc...
Node.js Secure Coding - Liran Tal - ASW #286
Application Security Weekly (Video) - May 21, 2024 13:42 - 38 minutes - Video ★★★★ - 5 ratingsSecure coding education should be more than a list of issues or repeating generic advice. Liran Tal explains his approach to teaching developers through examples that start with exploiting known vulns and end with discussions on possible fixes. Not only does this create a more engaging experienc...
The Enterprise Browser & AI in Securing Software and Supply Chains - Mike Fey, Josh Lemos - ASW #285
Application Security Weekly (Video) - May 14, 2024 21:00 - 29 minutes - Video ★★★★ - 5 ratingsHow companies are benefiting from the enterprise browser. It's not just security when talking about the enterprise browser. It's the marriage between security AND productivity. In this interview, Mike will provide real live case studies on how different enterprises are benefitting. Segment Res...
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn, Mike Fey, Josh Lemos - ASW #285
Application Security Weekly (Audio) - May 14, 2024 16:53 - 1 hour ★★★★★ - 11 ratingsEveryone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has inspired a Top 10 list of their own. Sandy Dunn...
Inside the OWASP Top 10 for LLM Applications - Sandy Dunn - ASW #285
Application Security Weekly (Video) - May 14, 2024 16:41 - 37 minutes - Video ★★★★ - 5 ratingsEveryone is interested in generative AIs and LLMs, and everyone is looking for use cases and apps to apply them to. Just as the early days of the web inspired the original OWASP Top 10 over 20 years ago, the experimentation and adoption of LLMs has inspired a Top 10 list of their own. Sandy Dunn...
Hacking AI Bias with Human Techniques - Keith Hoodlet - ASW #284
Application Security Weekly (Video) - May 07, 2024 21:00 - 31 minutes - Video ★★★★ - 5 ratingsWe already have bug bounties for web apps so it was only a matter of time before we would have bounties for AI-related bugs. Keith Hoodlet shares his experience winning first place in the DOD's inaugural AI bias bounty program. He explains how his education in psychology helped fill in the lack ...
AI & Hype & Security (Oh My!) - Caleb Sima - ASW #284
Application Security Weekly (Video) - May 07, 2024 16:00 - 33 minutes - Video ★★★★ - 5 ratingsA lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injecti...
AI & Hype & Security (Oh My!) & Hacking AI Bias - Caleb Sima, Keith Hoodlet - ASW #284
Application Security Weekly (Audio) - May 07, 2024 14:00 - 1 hour ★★★★★ - 11 ratingsA lot of AI security has nothing to do with AI -- things like data privacy, access controls, and identity are concerns for any new software and in many cases AI concerns look more like old-school API concerns. But...there are still important aspects to AI safety and security, from prompt injecti...
Random Problems, Protecting Packages, and Vulns in Designs, Defaults & Data Leaks - ASW #283
Application Security Weekly (Video) - April 30, 2024 21:00 - 38 minutes - Video ★★★★ - 5 ratingsMisusing random numbers, protecting platforms for code repos and package repos, vulns that teach us about designs and defaults, and more! Show Notes: https://securityweekly.com/asw-283
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
Application Security Weekly (Video) - April 30, 2024 15:56 - 41 minutes - Video ★★★★ - 5 ratingsCompanies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are...
Why Companies Continue to Struggle with Supply Chain Security - Melinda Marks - ASW #283
Application Security Weekly (Audio) - April 30, 2024 15:56 - 1 hour ★★★★★ - 11 ratingsCompanies deploy tools (usually lots of tools) to address different threats to supply chain security. Melinda Marks shares some of the chaos those companies still face when trying to prioritize investments, measure risk, and scale their solutions to keep pace with their development. Not only are...
XZ & Open Source, PuTTY's Private Keys, LeakyCLI, LLMs Writing Exploits - ASW #282
Application Security Weekly (Video) - April 23, 2024 21:00 - 38 minutes - Video ★★★★ - 5 ratingsCISA chimes in on the XZ Utils backdoor, PuTTY's private keys and maintaining a secure design, LeakyCLI and maintaining secure secrets in CSPs, LLMs and exploit generation, and more! Show Notes: https://securityweekly.com/asw-282
Sustainable Funding of Open Source Tools - Simon Bennetts, Mark Curphey - ASW #282
Application Security Weekly (Video) - April 23, 2024 15:43 - 39 minutes - Video ★★★★ - 5 ratingsHow can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy a...
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282
Application Security Weekly (Audio) - April 23, 2024 15:43 - 1 hour ★★★★★ - 11 ratingsHow can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source Fellowship with Crash Override. Mark Curphy a...
Arg Parsing in Rust, End of Life Hardware, CSRB & MS, Chrome’s V8 Sandbox - ASW #281
Application Security Weekly (Video) - April 16, 2024 21:00 - 28 minutes - Video ★★★★ - 5 ratingsA Rust advisory highlights the perils of parsing and problems of inconsistent approaches, D-Link (sort of) deals with end of life hardware, CSRB recommends practices and processes for Microsoft, Chrome’s V8 Sandbox increases defense, and more! Show Notes: https://securityweekly.com/asw-281
Related Appsec Topics