))
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.
…
continue reading
Chris Romeo and Robert Hurlbut dig into the tips, tricks, projects, and tactics that make various application security professionals successful. They cover all facets of application security, from threat modeling and OWASP to DevOps+security and security champions. They approach these stories in an educational light, explaining the details in a way those new to the discipline can understand. Chris Romeo is the CEO of Devici and a General Partner at Kerr Ventures, and Robert Hurlbut is a Prin ...
…
continue reading
The Future of Application Security is a podcast for ambitious leaders who want to build a modern and effective AppSec program. Doing application security right is really hard and we want to help other experts build the future of AppSec by curating the best industry insights, tips and resources. What’s the most important security metric to measure in 2024? It’s Mean Time to Remediate (MTTR). Download our new MTTR guide: https://lnkd.in/evjcf4Vt
…
continue reading
1
AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363
1:06:43
1:06:43
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:06:43
In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OWASP Core Rule Set (CRS) project. Felipe has been at the forefront of open-source security, leading the development of one of the world's most widely d…
…
continue reading
1
AI-Era AppSec: Transparency, Trust, and Risk Beyond the Firewall - Felipe Zipitria, Steve Springett, Aruneesh Salhotra, Ken Huang - ASW #363
1:06:43
1:06:43
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:06:43
In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OWASP Core Rule Set (CRS) project. Felipe has been at the forefront of open-source security, leading the development of one of the world's most widely d…
…
continue reading
1
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, James Manico, Adam Shostack, Dustin Lehr - ASW #362
1:07:52
1:07:52
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:07:52
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: https://owaspsamm.org/ https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-sec…
…
continue reading
1
Modern AppSec: OWASP SAMM, AI Secure Coding, Threat Modeling & Champions - Sebastian Deleersnyder, Dustin Lehr, James Manico, Adam Shostack - ASW #362
1:07:52
1:07:52
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:07:52
Using OWASP SAMM to assess and improve compliance with the Cyber Resilience Act (CRA) is an excellent strategy, as SAMM provides a framework for secure development practices such as secure by design principles and handling vulns. Segment Resources: https://owaspsamm.org/ https://cybersecuritycoalition.be/resource/a-strategic-approach-to-product-sec…
…
continue reading
1
Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361
1:03:55
1:03:55
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:03:55
Open source projects benefit from support that takes many shapes. Kat Cosgrove shares her experience across the Kubernetes project and the different ways people can make meaningful contributions to it. One of the underlying themes is that code is written for other people. That means PRs need to be understandable, discussions need to be enlightening…
…
continue reading
1
Developing Open Source Skills for Maintaining Projects - Kat Cosgrove - ASW #361
1:03:55
1:03:55
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:03:55
Open source projects benefit from support that takes many shapes. Kat Cosgrove shares her experience across the Kubernetes project and the different ways people can make meaningful contributions to it. One of the underlying themes is that code is written for other people. That means PRs need to be understandable, discussions need to be enlightening…
…
continue reading
1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
1:07:43
1:07:43
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:07:43
The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new…
…
continue reading
1
Making OAuth Scale Securely for MCPs - Aaron Parecki - ASW #360
1:07:43
1:07:43
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:07:43
The MCP standard gave rise to dreams of interconnected agents and nightmares of what those interconnected agents would do with unfettered access to APIs, data, and local systems. Aaron Parecki explains how OAuth's new Client ID Metadata Documents spec provides more security for MCPs and the reasons why the behavior and design of MCPs required a new…
…
continue reading
1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359
59:02
For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-2…
…
continue reading
1
Making TN Critical Infrastructure the Most Secure in the Nation - T. Gwyddon 'Data' ("Gwee-thin") Owen, James Cotter - ASW #359
59:02
For OT systems, uptime is paramount. That's a hard rule that makes maintaining, upgrading, and securing them a complex struggle. Tomas "Data" Owens and James Cotter discuss how Tennessee is tackling the organizational and technical challenges that come with hardening OT systems across the state. Those challenges range from old technology (like RS-2…
…
continue reading
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…
…
continue reading
What are your favorite resources for secure code? Co-hosts John Kinsella and Kalyani Pawar talk about the reality of bringing security into a business. We talk about the role of the OWASP Top 10 and the OWASP ASVS in crafting security programs. And balance that with a discussion in what's the best use of everyone's time -- developers and appsec fol…
…
continue reading
1
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357
1:03:41
1:03:41
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:03:41
Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for h…
…
continue reading
1
Secure Coding as Critical Thinking Instead of Vulnspotting - Matias Madou - ASW #357
1:03:41
1:03:41
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:03:41
Secure code should be grounded more in concepts like secure by default and secure by design than by "spot the vuln" thinking. Matias Madou shares his experience in secure coding training and the importance of teaching critical thinking. He also discusses why critical thinking is so closely related to threat modeling and how LLMs can be a tool for h…
…
continue reading
1
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356
1:11:26
1:11:26
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:11:26
Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/s…
…
continue reading
1
Ransomware, Defaults, and Proactive Defenses - Rob Allen - ASW #356
1:11:26
1:11:26
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:11:26
Just how bad can things get if someone clicks on a link? Rob Allen joins us again to talk about ransomware, why putting too much attention on clicking links misses the larger picture of effective defenses, and what orgs can do to prepare for an influx of holiday-infused ransomware targeting. Segment resources https://www.bleepingcomputer.com/news/s…
…
continue reading
1
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355
1:08:08
1:08:08
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:08:08
Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfiguring how PRs can trigger actions. But what happens when repo owners don't read the docs? Bar Kaduri and Roi Nisimi walk through their experience in reading docs, finding vulns, demonstrating exploits…
…
continue reading
1
Researching and Remediating RCEs via GitHub Actions - Bar Kaduri, Roi Nisimi - ASW #355
1:08:08
1:08:08
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:08:08
Pull requests are a core part of collaboration, whether in open or closed source. GitHub has documented some of the security consequences of misconfiguring how PRs can trigger actions. But what happens when repo owners don't read the docs? Bar Kaduri and Roi Nisimi walk through their experience in reading docs, finding vulns, demonstrating exploits…
…
continue reading
1
Brad Geesaman - Redefining AppSec with AI: Shrinking Toil, Expanding Impact - How LLMs are able to reduce toil in triage-heavy AppSec workflows
42:19
Brad Geesaman, Principal Security Engineer at Ghost, joins the podcast today to explore how AI and large language models are transforming the world of application security. The discussion starts with the concept of "toil"—the repetitive, exhausting work that drains AppSec teams as they struggle to keep up with mountains of security findings and ale…
…
continue reading
1
Quantum Computing Isn't A Threat To Blockchains - Yet - Sandy Carielli, Martha Bennett - ASW #354
58:52
The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from every other protocol and cypher iteration in the past. Is today's hardware up to the task? Is it just swapping out a library, or is there more to it? What is the extent of software, systems, and architect…
…
continue reading
1
Quantum Computing Isn't A Threat To Blockchains - Yet - Martha Bennett, Sandy Carielli - ASW #354
58:52
The post quantum encryption migration is going to be a challenge, but how much of a challenge? There are several reasons why it is different from every other protocol and cypher iteration in the past. Is today's hardware up to the task? Is it just swapping out a library, or is there more to it? What is the extent of software, systems, and architect…
…
continue reading
1
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353
1:03:39
1:03:39
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:03:39
Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it m…
…
continue reading
1
Reacting to Ransomware and Setting Secure Defaults - Rob Allen - ASW #353
1:03:39
1:03:39
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:03:39
Ransomware attacks typically don't care about memory safety and dependency scanning, they often target old, unpatched vulns and too often they succeed. Rob Allen shares some of the biggest cases he's seen, what they have in common, and what appsec teams could do better to help them. Too much software still requires custom configuration to make it m…
…
continue reading
1
OWASP Candidate Debate - 2025 Edition
1:08:09
1:08:09
Riproduci in seguito
Riproduci in seguito
Liste
Like
Like aggiunto
1:08:09
In this special episode of the Application Security Podcast we meet nine of the OWASP Board of Directors candidates. Each candidate discusses their unique qualifications, experiences, and vision for OWASP's future. Topics include enhancing OWASP's impact, improving outreach and education, securing funding, and engaging local chapters. Don't miss th…
…
continue reading
