520 episodes

The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.

Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.

Application Security Weekly (Video‪)‬ Security Weekly

    • News

The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.

Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.

    • video
    A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257

    A Deceptive Dependabot, Insecure JWT, CISA Wants HBOMs, OpenSSF's Critical Projects - ASW #257

    Attackers impersonate Dependabot commits, an alg of "none" plagues a JWT, CISA calls for hardware bills of materials, OpenSSF lists its critical projects, Exim (finally! maybe?) has some patches, bug bounties and open source projects, and more!
    Show Notes: https://securityweekly.com/asw-257

    • 39 min
    • video
    Creating Presentations and Training That Engage an Audience - Lina Lau - ASW #257

    Creating Presentations and Training That Engage an Audience - Lina Lau - ASW #257

    Communication is a skill that doesn't appear on top 10 lists, rarely appears as a conference topic, and doesn't appear enough on job requirements. Yet communication is one of the critical ways that security teams influence developers, convey risk, and share knowledge with others. Even our own Security Weekly site falls a little short with only a podcast category for "Training" instead of more options around communication and collaboration.
    Lina shares her experience presenting to executives and boards in high-stress situations, as well as training incident responders on real-world scenarios.
    Segment resources
    https://training.xintra.org https://www.scmagazine.com/podcast-episode/2839-pointers-and-perils-for-presentations-josh-goldberg-asw-251 Show Notes: https://securityweekly.com/asw-257

    • 46 min
    • video
    Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256

    Equifax's Breach, CISA's 1,000 Vulns, Rust's TLS Library, Complexity vs. Design - ASW #256

    A stroll back through the Apache Struts breach of Equifax, CISA's list of Known Exploited Vulnerabilities, Rust's replacement for OpenSSL, Go no longer throws programmers for a loop, complexity vs. design (that leads to better security).
    Show Notes: https://securityweekly.com/asw-256

    • 40 min
    • video
    Supply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - ASW #256

    Supply Chain Security Security with Containers and CI/CD Systems - Kirsten Newcomer - ASW #256

    Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline.
    Segment resources:
    https://www.solarwinds.com/assets/solarwinds/swresources/whitepaper/2111swiwhitepaper_nextgenbuild.pdf https://next.redhat.com/project/tekton-chains/ https://tekton.dev/ Show Notes: https://securityweekly.com/asw-256

    • 46 min
    • video
    Azure's Eight XSS Vulns, CNCF's Two Security Audits, CISA's OSS Roadmap, Repojacking - ASW #255

    Azure's Eight XSS Vulns, CNCF's Two Security Audits, CISA's OSS Roadmap, Repojacking - ASW #255

    A slew of XSS in Azure's HDInsights, CNCF releases fuzzing and security audits on Kyverno and Dragonfly2, CISA shares a roadmap for security open source software, race conditions and repojacking in GitHub, and more!
    Show Notes: https://securityweekly.com/asw-255

    • 34 min
    • video
    Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255

    Stopping Business Logic Attacks: Why a WAF is no Longer Enough - Karl Triebes - ASW #255

    The majority of attacks are now automated, with a growing number of attacks targeting business logic via APIs, which is unique to every organization. This shift makes traditional signature-based defenses insufficient to stop targeted business logic attacks on their own. In this discussion, Karl Triebes shares how flaws in business logic design can leave applications and APIs open to attack and what tools organizations need to effectively mitigate these threats.
    This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
    Show Notes: https://securityweekly.com/asw-255

    • 41 min

Top Podcasts In News

Marii Karell & Piret Tali
Kuku Raadio
EVN
Feed Master by Umputun
Kuku Raadio
Kuku Raadio

You Might Also Like

Chris Romeo and Robert Hurlbut
CISO Series
TWiT
Massive Studios
N2K Networks
ITWC