Latest Appsec Podcast Episodes
Starting an OWASP Project (That's Not a List!) - Grant Ongers - ASW #272
Application Security Weekly (Video) - February 06, 2024 14:35 - 37 minutes - Video ★★★★ - 5 ratingsWe can't talk about OWASP without talking about lists, but we go beyond the lists to talk about a product security framework. Grant shares his insights on what makes lists work (and not work). More importantly, he shares the work he's doing to spearhead a new OWASP project to help scale the crea...
Vulns & Secure Design, MiraclePtr Success, Abandoned Projects & Maven, Old "AI Chip" - ASW #271
Application Security Weekly (Video) - January 30, 2024 22:00 - 40 minutes - Video ★★★★ - 5 ratingsVulns in Jenkins code and Cisco devices that make us think about secure designs, MiraclePtr pulls off a relatively quick miracle, code lasts while domains expire, an "Artificial Intelligence chip" from the 90s, and more! Show Notes: https://securityweekly.com/asw-271
Getting Your First Conference Presentation - Sarah Harvey - ASW #271
Application Security Weekly (Video) - January 30, 2024 19:00 - 38 minutes - Video ★★★★ - 5 ratingsWe return to the practice of presentations, this time with a perspective from a conference organizer. And we have tons of questions! What makes a topic stand out? How can an old, boring topic be given new life? How do you prepare as a first-time presenter? What can conferences do to foster bette...
Getting Your First Conference Presentation - Sarah Harvey - ASW #271
Application Security Weekly (Audio) - January 30, 2024 19:00 - 1 hour ★★★★★ - 11 ratingsWe return to the practice of presentations, this time with a perspective from a conference organizer. And we have tons of questions! What makes a topic stand out? How can an old, boring topic be given new life? How do you prepare as a first-time presenter? What can conferences do to foster bette...
Security in Wrenches, Vulns in Atlassian and GitLab, 2023's Top Web Hacking Tricks - ASW #270
Application Security Weekly (Video) - January 23, 2024 16:30 - 34 minutes - Video ★★★★ - 5 ratingsVulns throw a wrench in a wrench, more vulns drench Atlassian, vulns send GitLab back to the design bench, voting for the top web hacking techniques of 2023, and more! Show Notes: https://securityweekly.com/asw-270
Dealing with the Burden of Bad Bots - Sandy Carielli - ASW #270
Application Security Weekly (Audio) - January 23, 2024 16:00 - 1 hour ★★★★★ - 11 ratingsWhere apps provide something of value, bots are sure to follow. Modern threat models need to include scenarios for bad bots that not only target user credentials, but that will also hoard inventory and increase fraud. Sandy shares her recent research as we talk about bots, API security, and what...
Dealing with the Burden of Bad Bots - Sandy Carielli - ASW #270
Application Security Weekly (Video) - January 23, 2024 16:00 - 34 minutes - Video ★★★★ - 5 ratingsWhere apps provide something of value, bots are sure to follow. Modern threat models need to include scenarios for bad bots that not only target user credentials, but that will also hoard inventory and increase fraud. Sandy shares her recent research as we talk about bots, API security, and what...
Communicating Technical Topics Without Being Boring - Eve Maler - ASW #269
Application Security Weekly (Video) - January 16, 2024 18:37 - 35 minutes - Video ★★★★ - 5 ratingsIt's time to start thinking about CFPs and presentations for 2024! Eve shares advice on delivering technical topics so that an audience can understand the points you want to make. Then we show how developing these presentation skills for conferences helps with presentations within orgs and why t...
Communicating Technical Topics Without Being Boring - Eve Maler - ASW #269
Application Security Weekly (Audio) - January 16, 2024 18:31 - 35 minutes ★★★★★ - 11 ratingsIt's time to start thinking about CFPs and presentations for 2024! Eve shares advice on delivering technical topics so that an audience can understand the points you want to make. Then we show how developing these presentation skills for conferences helps with presentations within orgs and why t...
23andMe Blames Users, Abusing Google's OAuth2, Rustls Performance, AI Goes OSINT - ASW #268
Application Security Weekly (Video) - January 09, 2024 22:00 - 35 minutes - Video ★★★★ - 5 ratings23andMe shifts blame to users for poor password practices, abusing Google's OAuth2 through a MultiLogin endpoint, Rustls is memory safe and fast, AI enters OSINT, and more! Show Notes: https://securityweekly.com/asw-268
What's in Store for 2024? - ASW #268
Application Security Weekly (Video) - January 09, 2024 16:58 - 35 minutes - Video ★★★★ - 5 ratingsWe kick off the new year with a discussion of what we're looking forward to and what we're not looking forward to. Then we pick our favorite responses to "appsec in three words" and set our sights on a new theme for 2024. Show Notes: https://securityweekly.com/asw-268
What's in Store for 2024? - ASW #268
Application Security Weekly (Audio) - January 09, 2024 16:36 - 1 hour ★★★★★ - 11 ratingsWe kick off the new year with a discussion of what we're looking forward to and what we're not looking forward to. Then we pick our favorite responses to "appsec in three words" and set our sights on a new theme for 2024. In the news, 23andMe shifts blame to users for poor password practices, ...
HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - Keith Hoodlet - ASW Vault
Application Security Weekly (Audio) - January 01, 2024 10:00 - 33 minutes ★★★★★ - 11 ratingsHTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134 Visit https://securityweekly.com/asw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/secweekly Like us on ...
HTTP RFCs Have Evolved, Breaking Into Cloud, Scaling AppSec at Netflix, & Confluence - Keith Hoodlet - ASW Vault
Application Security Weekly (Video) - January 01, 2024 10:00 - 33 minutes - Video ★★★★ - 5 ratingsHTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134 Show Notes: https://securityweekly.com/vault-asw-7
OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW Vault
Application Security Weekly (Audio) - December 25, 2023 10:00 - 34 minutes ★★★★★ - 11 ratingsWe will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice con...
OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW Vault
Application Security Weekly (Video) - December 25, 2023 10:00 - 34 minutes - Video ★★★★ - 5 ratingsWe will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way. Seba will explain the SAMM model, consisting of 15 security practices. Every security practice con...
Nagios and Abandoned Projects, Hacking Trains (to Fix Them), OAuth Threats, 5Ghoul - ASW #267
Application Security Weekly (Video) - December 19, 2023 22:00 - 40 minutes - Video ★★★★ - 5 ratingsNagios gets a review from NCC Group, hackers hack some anti-fixing code to fix trains in Poland, abusing OAuth post-compromise, 5Ghoul flaws in 5G networks, MITRE teases a new threat model for embedded systems, a conversation on vuln scoring systems, and more! Show Notes: https://securityweekl...
Making Service Meshes Work for People - Idit Levine - ASW #267
Application Security Weekly (Video) - December 19, 2023 16:44 - 37 minutes - Video ★★★★ - 5 ratingsService meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro services sounds appealing, but maybe not every monolith needs to be broken up. We'll also talk about the maturity and design choices that go into...
Making Service Meshes Work for People - Idit Levine - ASW #267
Application Security Weekly (Audio) - December 19, 2023 15:51 - 1 hour ★★★★★ - 11 ratingsService meshes create the opportunity to make security a team sport. They can improve observability and service identity. Turning monoliths into micro services sounds appealing, but maybe not every monolith needs to be broken up. We'll also talk about the maturity and design choices that go into...
Prompt Injection Scanners, Better AI Jailbreaks, Purple Llama, Linux Kernel Security - ASW #266
Application Security Weekly (Video) - December 12, 2023 22:00 - 38 minutes - Video ★★★★ - 5 ratingsBenchmarking prompt injection scanners, using generative AI to jailbreak generative AI, Meta's benchmark for LLM risks, tapping a protocol to hack Magic the Gathering, and more! Show Notes: https://securityweekly.com/asw-266
The ABCs of RFCs - Heather Flanagan - ASW #266
Application Security Weekly (Audio) - December 12, 2023 18:12 - 1 hour ★★★★★ - 11 ratingsWe have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve? We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication...
The ABCs of RFCs - Heather Flanagan - ASW #266
Application Security Weekly (Video) - December 12, 2023 18:10 - 39 minutes - Video ★★★★ - 5 ratingsWe have a lot of questions about standards. How do standards emerge? How do standards encourage adoption? How do they stay relevant as development patterns change and security threats evolve? We have standards for web appsec (HTML, HTTP), all sorts of protocols, and all sorts of authentication...
Extracting Data from ChatGPT, Vulns Around AI, Secure AI Guidance, LogoFAIL, BLUFFS - ASW #265
Application Security Weekly (Video) - December 06, 2023 10:00 - 34 minutes - Video ★★★★ - 5 ratingsRepetition extracts data from ChatGPT, more vulns in the software that surrounds AI, guidelines for secure AI, LogoFAIL trips a boot, BLUFFS attack on Bluetooth, CISA's first secure by design alert, Okta's updated breach disclosure, and more! Show Notes: https://securityweekly.com/asw-265
All the News - Just Six Months Later - Application Security Weekly #265
Application Security Weekly (Audio) - December 05, 2023 19:10 - 1 hour ★★★★★ - 11 ratingsWe cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? Here are a few...
All the News -- Just Six Months Later - ASW #265
Application Security Weekly (Video) - December 05, 2023 19:03 - 35 minutes - Video ★★★★ - 5 ratingsWe cover appsec news on a weekly basis, but sometimes that news is merely about the start of a new project, sometimes it's yet another example of a vuln class, and sometimes it's a topic we hope doesn't become a trend. So, what themes have we seen and where do we see them going? Here are a few...
Starting with Appsec -- Is It More of a Position or a Process? - ASW #264
Application Security Weekly (Audio) - November 30, 2023 17:03 - 1 hour ★★★★★ - 11 ratingsThis year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need for an appsec team? Or has it turned into speci...
Randstorm, Nothing Chats, Platform Engineering, PyPI Security Audit - ASW #264
Application Security Weekly (Video) - November 28, 2023 22:00 - 33 minutes - Video ★★★★ - 5 ratingsWeak randomness in old JavaScript crypto, lack of encryption in purported end-to-end encryption, a platform engineering maturity model, PyPI's first security audit, vision for a Rust specification, and more! Show Notes: https://securityweekly.com/asw-264
Starting with Appsec -- Is It More of a Position or a Process? - ASW #264
Application Security Weekly (Video) - November 28, 2023 19:04 - 40 minutes - Video ★★★★ - 5 ratingsThis year we've talked about vulns, clouds, breaches, presentations, and all the variations of Dev, Sec, and Ops. As we end the year, let's talk about starting things -- like starting an appsec program or an appsec career. But is there still a need for an appsec team? Or has it turned into speci...
Platform Firmware Security - Maggie Jauregui - ASW Vault
Application Security Weekly (Audio) - November 20, 2023 15:00 - 34 minutes ★★★★★ - 11 ratingsFirmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/ ht...
Platform Firmware Security - Maggie Jauregui - ASW Vault
Application Security Weekly (Video) - November 20, 2023 15:00 - 34 minutes - Video ★★★★ - 5 ratingsFirmware security is complex and continues to be an industry challenge. In this podcast we'll talk about the reasons firmware security remains a challenge and some best practices around platform security. Segment Resources: https://www.helpnetsecurity.com/2020/04/27/firmware-blind-spots/ ht...
Related Appsec Topics