The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
https://securityweekly.com/asw
Gesamtlänge aller Episoden: 15 days 8 hours 17 minutes
recommended podcasts
Sustainable Funding of Open Source Tools - Mark Curphey, Simon Bennetts - ASW #282
How can open source projects find a funding model that works for them? What are the implications with different sources of funding? Simon Bennetts talks about his stewardship of Zed Attack Proxy and its journey from OWASP to OpenSSF to an Open Source...
Demystifying Security Engineering Career Tracks - Karan Dwivedi - ASW #281
There are as many paths into infosec as there are disciplines within infosec to specialize in. Karan Dwivedi talks about the recent book he and co-author Raaghav Srinivasan wrote about security engineering. There's an appealing future to security...
Lessons That The XZ Utils Backdoor Spells Out - Farshad Abasi - ASW #280
We look into the supply chain saga of the XZ Utils backdoor. It's a wild story of a carefully planned long con to add malicious code to a commonly used package that many SSH connections rely on. It hits themes from social engineering and abuse of...
Infosec Myths, Mistakes, and Misconceptions - Adrian Sanabria - ASW #279
Sometimes infosec problems can be summarized succinctly, like "patching is hard". Sometimes a succinct summary sounds convincing, but is based on old data, irrelevant data, or made up data. Adrian Sanabria walks through some of the archeological work...
Successful Security Needs a Streamlined UX - Benedek Gagyi - ASW #278
One of the biggest failures in appsec is an attitude that blames users for security problems. A lot of processes and workflows break down because of an insecure design or insecure defaults. Bender Gagyi chats with us about the impact of the user...
Figuring Out Where Appsec Fits When Starting a Cybersecurity Program - Tyler VonMoll - ASW #277
Lots of companies need cybersecurity programs, as do non-profits. Tyler Von Moll talks about how to get small organizations started on security and how to prioritize initial investments. While an appsec program likely isn't going to be one of the...
More API Calls, More Problems: The State of API Security in 2024 - Lebin Cheng - ASW #276
A majority of internet traffic now originates from APIs, and cybercriminals are taking advantage. Increasingly, APIs are used as a common attack vector because they’re a direct pathway to access sensitive data. In this discussion, Lebin Cheng shares...
The Simple Mistakes and Complex Seeds of a Vulnerability Management Program - Emily Fox - ASW #275
The need for vuln management programs has been around since the first bugs -- but lots of programs remain stuck in the past. We talk about the traps to avoid in VM programs, the easy-to-say yet hard-to-do foundations that VM programs need, and smarter...
Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274
Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ten list!) We talk about what it takes to pitch a new project and the problems that this new project...
Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW Vault
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on Dec 13, 2022. Threat modeling is an important part of a security program, but as companies grow you will choose which features...