))
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Prin ...
…
continue reading
The Future of Application Security is a podcast for ambitious leaders who want to build a modern and effective AppSec program. Doing application security right is really hard and we want to help other experts build the future of AppSec by curating the best industry insights, tips and resources. What’s the most important security metric to measure in 2024? It’s Mean Time to Remediate (MTTR). Download our new MTTR guide: https://lnkd.in/evjcf4Vt
…
continue reading
1
Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows
42:19
42:19
나중에 재생
나중에 재생
리스트
좋아요
좋아요
42:19
Brad Geesaman, Principal Security Engineer at Ghost, joins the podcast today to explore how AI and large language models are transforming the world of application security. The discussion starts with the concept of "toil"—the repetitive, exhausting work that drains AppSec teams as they struggle to keep up with mountains of security findings and ale…
…
continue reading
1
Quantum Computing Isn't A Threat To Blockchains - Yet - Martha Bennett, Sandy Carielli - ASW #354
58:52
58:52
나중에 재생
나중에 재생
리스트
좋아요
좋아요
58:52
The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from every other protocol and cypher iteration in the past. Is today's hardware up to the task? Is it just swapping out a library, or is there more to it? What is the extent of software, systems, and architect…
…
continue reading
1
Quantum Computing Isn't A Threat To Blockchains - Yet - Martha Bennett, Sandy Carielli - ASW #354
58:52
58:52
나중에 재생
나중에 재생
리스트
좋아요
좋아요
58:52
The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from every other protocol and cypher iteration in the past. Is today's hardware up to the task? Is it just swapping out a library, or is there more to it? What is the extent of software, systems, and architect…
…
continue reading
1
Quantum Computing Isn't A Threat To Blockchains - Yet - Sandy Carielli, Martha Bennett - ASW #354
58:52
58:52
나중에 재생
나중에 재생
리스트
좋아요
좋아요
58:52
The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from every other protocol and cypher iteration in the past. Is today's hardware up to the task? Is it just swapping out a library, or is there more to it? What is the extent of software, systems, and architect…
…
continue reading
1
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353
1:03:39
1:03:39
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:03:39
Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it m…
…
continue reading
1
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353
1:03:39
1:03:39
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:03:39
Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it m…
…
continue reading
In this special episode of the Application Security Podcast we meet nine of the OWASP Board of Directors candidates. Each candidate discusses their unique qualifications, experiences, and vision for OWASP's future. Topics include enhancing OWASP's impact, improving outreach and education, securing funding, and engaging local chapters. Don't miss th…
…
continue reading
1
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352
1:07:32
1:07:32
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:07:32
Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. W…
…
continue reading
1
Inside the OWASP GenAI Security Project - Steve Wilson - ASW #352
1:07:32
1:07:32
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:07:32
Interest and participation in the OWASP GenAI Security Project has exploded over the last two years. Steve Wilson explains why it was important for the project to grow beyond just a Top Ten list and address more audiences than just developers. He also talks about how the growth of AI Agents influences the areas that appsec teams need to focus on. W…
…
continue reading
1
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351
53:52
53:52
나중에 재생
나중에 재생
리스트
좋아요
좋아요
53:52
…
continue reading
1
Finding Large Bounties with Large Language Models - Nico Waisman - ASW #351
53:52
53:52
나중에 재생
나중에 재생
리스트
좋아요
좋아요
53:52
…
continue reading
1
Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350
1:14:32
1:14:32
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:14:32
Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediation and how to incorporate LLMs …
…
continue reading
1
Changing the Vuln Conversation from Volume to Remediation - Francesco Cipollone - ASW #350
1:14:32
1:14:32
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:14:32
Dealing with vulns tends to be a discussion about prioritization. After all, there a tons of CVEs and dependencies with known vulns. It's important to figure out how to present developers with useful vuln info that doesn't overwhelm them. Francesco Cipollone shares how to redirect that discussion to focus on remediation and how to incorporate LLMs …
…
continue reading
Francesco Cipollone, the CEO of Phoenix Security, shares his extensive experience in AI and security, discussing the crucial difference between true AI agents and glorified chatbots. Learn why Phoenix Security utilizes six different LLMs instead of a single super agent. Understand the sobering economics behind AI implementation and the importance o…
…
continue reading
1
Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349
58:43
58:43
나중에 재생
나중에 재생
리스트
좋아요
좋아요
58:43
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Visit https://www.securityweekly.com/asw for all the latest episo…
…
continue reading
1
Design Errors in Entra ID, Design Defenses in iOS, Design Difficulties in DeepSeek - ASW #349
58:43
58:43
나중에 재생
나중에 재생
리스트
좋아요
좋아요
58:43
In the news, Microsoft encounters a new cascade of avoidable errors with Entra ID, Apple improves iOS with hardware-backed memory safety, DeepSeek demonstrates the difficulty in reviewing models, curl reduces risk by eliminating code, preserving the context of code reviews, and more! Show Notes: https://securityweekly.com/asw-349…
…
continue reading
1
Simon Gibbs & Devika Gibbs -- Building Bridges with Games
36:03
36:03
나중에 재생
나중에 재생
리스트
좋아요
좋아요
36:03
Simon and Devika Gibbs, the innovative minds behind Cybersec Games, join us on the episode today. Discover how the Gibbs duo are revolutionizing the way we teach and learn security concepts through interactive gaming. Learn about their journey from developing stationary for agile teams to delving into the world of threat modeling games like Elevati…
…
continue reading
1
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
1:08:00
1:08:00
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:08:00
This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month for over a year now. We start…
…
continue reading
1
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
1:08:00
1:08:00
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:08:00
This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month for over a year now. We start…
…
continue reading
1
How OWASP's GenAI Security Project keeps up with the pace of AI/Agentic changes - Scott Clinton - ASW #348
1:08:00
1:08:00
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:08:00
This week, we chat with Scott Clinton, board member and co-chain of the OWASP GenAI Security Project. This project has become a massive organization within OWASP with hundreds of volunteers and thousands of contributors. This team has been cranking out new tools, reports and guidance for practitioners month after month for over a year now. We start…
…
continue reading
1
Limitations and Liabilities of LLM Coding - Seemant Sehgal, Ted Shorter - ASW #347
1:17:09
1:17:09
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:17:09
Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline…
…
continue reading
1
Limitations and Liabilities of LLM Coding - Ted Shorter, Seemant Sehgal - ASW #347
1:17:09
1:17:09
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:17:09
Up first, the ASW news of the week. At Black Hat 2025, Doug White interviews Ted Shorter, CTO of Keyfactor, about the quantum revolution already knocking on cybersecurity's door. They discuss the terrifying reality of quantum computing's power to break RSA and ECC encryption—the very foundations of modern digital life. With 2030 set as the deadline…
…
continue reading
1
Akansha Shukla - Modern AppSec: Securing APIs with Threat Modeling and DevSecOps
35:35
35:35
나중에 재생
나중에 재생
리스트
좋아요
좋아요
35:35
Our guest today is Akansha Shukla, an information security professional with over 10 years of experience in application security, DevSecOps, and API security. We’re discussing why API security remains one of the least mature areas of AppSec today and exploring the challenges developers face when securing APIs. Akansha shares her insights on incorpo…
…
continue reading
1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Chris Boehm, Idan Plotnik, Josh Lemos, Michael Callahan - ASW #346
1:08:11
1:08:11
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:08:11
In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pu…
…
continue reading
1
AI, APIs, and the Next Cyber Battleground: Black Hat 2025 - Michael Callahan, Idan Plotnik, Josh Lemos, Chris Boehm - ASW #346
1:08:11
1:08:11
나중에 재생
나중에 재생
리스트
좋아요
좋아요
1:08:11
In this must-see BlackHat 2025 interview, Doug White sits down with Michael Callahan, CMO at Salt Security, for a high-stakes conversation about Agentic AI, Model Context Protocol (MCP) servers, and the massive API security risks reshaping the cyber landscape. Broadcast live from the CyberRisk TV studio at Mandalay Bay, Las Vegas, the discussion pu…
…
continue reading
