The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
https://securityweekly.com/asw
Gesamtlänge aller Episoden: 15 days 8 hours 17 minutes
recommended podcasts
Supply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - #ASW 256
Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline. Segment resources: In the news, a...
Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255
The majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. This shift makes traditional signature-based defenses insufficient to stop targeted business logic...
Building a Scanner and a Community with Zed Attack Proxy - Simon Bennetts - ASW #254
Zed Attack Proxy is an essential tool for web app pentesting. The project just recently moved from OWASP to the Secure Software Project. Hear about the challenges of running an OSS security project, why Simon got involved in the first place, and why...
Broadening What We Call AppSec - Christien Rioux - ASW Vault
Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on January 10, 2022. There's an understandable focus on "shift left" in modern DevOps and appsec discussions. So what does it take...
How Can Security Be Smart About Using AI? - Jeff Pollard - ASW #253
We go deep on LLMs and generative AIs to shine a light on areas that security leaders should focus on. There are technical concerns like prompt injection and access controls, and privacy concerns in training and usage. But there are also areas where...
Security in a Cloud Native World & Mobile App Attacks - ASW #252
Two featured interviews from this year's Black Hat. In the news, Discord.io ceases to be, Azure AD breach to get scrutiny from the CSRB, Zoom's AI stumbles show security concerns, model confusion attacks, a look at how far we have -- and haven't --...
Pointers and Perils for Presentations - Josh Goldberg - ASW #251
A key part of modern appsec is communication. From interpersonal skills for fostering collaborations to presentation skills for delivering a message, the ability to tell a story and engage an audience is a skill that doesn't appear on top ten lists...
You've Got Appsec, But Do You Have ArchSec? - Merritt Baer - ASW #250
Mature shops should be looking to a security architecture process to help scale their systems and embrace security by design. We talk about what it means to create a security architecture process, why it's not just another security review, and why it...
Identity and Verifiable Credentials in Cars - Eve Maler - ASW #249
Identity isn't new, but we do have new ways of presenting and protecting identity with things like payment wallets and verifiable credentials. But we also have identity in surprising places -- like cars. We'll answer some questions like: - Why do we...
Navigating the Complexities of Development to Create Secure APIs - Kristen Bell - ASW #248
Appsec teams and developers must both understand the consequences of what they're doing when building APIs. Appsec teams need to push for collaboration and help implement tools that augment the development process. Dev teams need to wrangle complex...