The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
https://securityweekly.com/asw
Gesamtlänge aller Episoden: 15 days 12 hours 57 minutes
recommended podcasts
What's the Deal with API Security? - Sandy Carielli - ASW #243
Walking the show floor at RSA Conference, you couldn't trip without falling into an application security vendor booth ... and API security specialists were especially plentiful. Join Forrester Principal Analyst Sandy Carielli for her thoughts on RSA...
Doing Application Security Right – Farshad Abasi – ASW VAULT
Check out this interview from the ASW VAULT, hand picked by main host Mike Shema! This segment was originally published on March 14, 2022. Cybersecurity is a large and often complex domain, traditionally focused on the infrastructure and general...
Ten Things I Hate About Lists - ASW #242
The OWASP Top 10 dates back to 2003, when appsec was just settling on terms like cross-site scripting and SQL injection. It's a list that everyone knows about and everyone talks about. But is it still the right model for modern appsec awareness? What...
Securing the App Lifecycle: Strategies for Long-Term Software Security and Mitigating the Threat of Malicious Packages - ASW #241
What happens to an app's security after six months? What about a year or two years? A Secure SDLC needs to maintain security throughout an app's lifetime, but too often the rate of new flaws can outpace the rate of new code within an app. Appsec teams...
From Security Theater to Resilience: Unveiling New Approaches to Application Security - ASW #240
What does software resilience mean? Why is status quo application security unfit for the modern era of software? How can we move from security theater to security chaos engineering? This segment answers these questions and more. Segment Resources:...
Navigating the Complexities of Application Security: Vulnerability Management, Risk Mitigation, and Business Logic Attacks - ASW #239
Application security is messy and is getting messier. Modern application security teams are struggling to identify what's more important to fix. Cloud security and application security is getting squeezed all together. Modern vulnerability maturity...
Hackers and Policy: Empowering Users and Shaping Discussions at DEF CON, Jeff Moss - ASW #238
Jeff Moss shares some of history of DEF CON, from CFPs to Codes of Conduct, and what makes it a hacker conference. We also discuss the role of hackers and researchers in representing users within policy discussions. Segment links ...
Bug Bounty Programs and Community Building: Unveiling Rewards, Challenges, and Exciting Adventures, Ben Sadeghipour (NahamSec) - ASW #237
We talk with Ben about the rewards, hazards, and fun of bug bounty programs. Then we find out different ways to build successful and welcoming communities. A new deps.dev API for supply chain enthusiasts, hacking and modding agricultural devices,...
Application Security in the Cloud: Safeguarding Data and Preventing Unauthorized Access, Vandana Verma Sehgal - ASW #236
Application security in the cloud is a crucial aspect of protecting data and preventing unauthorized access to applications hosted on cloud platforms. As cloud computing becomes more prevalent, ensuring the security of applications has become a top...
eBPF: The Future of Security and Infrastructure Tools Revealed, Liz Rice - ASW #235
Following on from her successful title "Container Security", Liz has recently authored "Learning eBPF", published by O'Reilly. eBPF is a revolutionary kernel technology that is enabling a whole new generation of infrastructure tools for networking,...