The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws. Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
https://securityweekly.com/asw
Gesamtlänge aller Episoden: 15 days 8 hours 17 minutes
recommended podcasts
ASW #203 - Farshad Abasi
This week in the AppSec News: Apple introduces Lockdown Mode, PyPI hits 2FA trouble, cataloging cloud vulns, practical attacks on ML, NIST's post-quantum algorithms, & more! Appsec starts with the premise that we need to build secure code,...
ASW #202 - Mike Benjamin
Both GraphQL and template engines have the potential for injection attacks, from potentially exposing data due to weak authorization in APIs to the slew of OGNL-related vulns in Java this past year. We take a look at both of these technologies in...
ASW #201 - IE11 Goes to Zero
This week in the AppSec News: SynLapse shows shell injection via ODBC, Java deserialization example, MFA for Ruby Gems ecosystem, simple flaws in firmware, the decade-long journey of a Safari vuln, & more! IE has gone to 11 and is no more....
ASW #200 - Keith Hoodlet
HTTP RFCs have evolved: A Cloudflare view of HTTP usage trends, Career Advice and Professional Development, Active Exploitation of Confluence CVE-2022-26134 Seamlessly Connect & Protect Entire IT Ecosystem The new business reality is that...
ASW #198 - Matias Madou
Developers want bug-free code -- it frees up their time and is easier to maintain. They want secure code for the same reasons. Matias Madou joins to talk about how the definition of secure coding varies among developers and appsec teams, why it's...
ASW #197 - Brian Glas
This week, in the first segment, Brian Glas answers the questions surrounding the next generations of AppSec professionals: What does it look like to try teaching cybersecurity at an undergraduate level? What are the goals and challenges faced when...
ASW #196 - Christoph Nagy
This week, Mike and John kick off the show with an interview of Christoph Nagy, the CEO of SecurityBridge! Then, in the AppSec News: Secure coding practices and smart contracts, lessons from the Heroku breach, Real World Crypto conference highlights,...
ASW #195 - Lynn Marks
This week, Mike and John interview Lynn Marks, Product Manager at Imperva, & discuss Bad Bots: The Automated Threat Targeting Your Websites, Apps, & APIs! In the AppSec News: ExtraReplica in Azure, Chrome disfavors document.domain, appsec...
ASW #194 - Dr. Chenxi Wang
How should we empower developers to embrace the NIST software development practices? Because from here on out, developers need to view themselves as the front lines of defense for the end-consumer. A more secure-aware developer leads to a...
ASW #193 - AppSec (& adjacent) Metrics
We can create top 10 lists and we can count vulns that we find with scanners and pen tests, but those aren't effective metrics for understanding and improving an appsec program. So, what should we focus on? How do we avoid the trap of focusing on the...