344 episodes

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

Application Security Weekly (Video‪)‬ Security Weekly

    • News

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

    • video
    UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171

    UAParser.js Malware in NPM, Squirrel Sandbox Escape, Securing CI/CD, & AppSec Videos - ASW #171

    This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw171

    • 38 min
    • video
    Security Champions in an Online First World - Ashish Rajan - ASW #171

    Security Champions in an Online First World - Ashish Rajan - ASW #171

    Ashish will talk about building a security champion in an online world and how SAST as it stands today will die in the world of DevOps and Cloud.
    Segment Resources:
    www.cloudsecuritypodcast.tv
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw171

    • 35 min
    • video
    View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170

    View Source, Bindiff for Vuln Analysis, Bypass with GitHub Actions, & NIST DevSecOps - ASW #170

    This Week in the AppSec News: View source good / vuln bad, IoT bad / rick-roll good, analyzing the iOS 15.0.2 patch to develop an exploit, bypassing reviews with GitHub Actions, & more NIST DevSecOps guidance!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw170

    • 37 min
    • video
    Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170

    Dev(Sec)Ops Scanning Challenges & Tips - Nuno Loureiro, Tiago Mendo - ASW #170

    There's a plenitude of ways to do Dev(Sec)Ops, and each organization or even each team uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important to understand how to integrate a security scanner in your DevSecOps processes. It all comes down to speed, how fast can I scan the new deployment? Discussion around the challenges on how to integrate a DAST scanner in DevSecOps and some tips to make it easier.
     
    This segment is sponsored by Probely. Visit https://securityweekly.com/probely to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw170

    • 38 min
    • video
    Twitch Breach, HTTPd Path Traversal, Disabling Macros, & Great Cybersecurity Programs - ASW #169

    Twitch Breach, HTTPd Path Traversal, Disabling Macros, & Great Cybersecurity Programs - ASW #169

    This week in the AppSec News, Mike and John talk: The Twitch breach, a path traversal in Apache httpd, Microsoft disables macros by default after almost 30 years, factors in a great cybersecurity program, & more!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw169

    • 38 min
    • video
    Modernizing the Management of Your Software Supply Chain - Tom Gibson - ASW #169

    Modernizing the Management of Your Software Supply Chain - Tom Gibson - ASW #169

    SBOM: What does it really tell you and the importance of having one for your organization.
    - Finding and fixing known vulnerabilities in dependencies and container images
    - Building a source of truth for packages to avoid malicious packages getting through
    - Combining continuous packaging and security into a CI/CD pipeline
    - Establishing Trust & Provenance in your Software Supply Chain
    - Visibility in your Software Supply Chain with upstreams and signatures
     
    This segment is sponsored by Cloudsmith. Visit https://securityweekly.com/cloudsmith to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw169

    • 35 min

Top Podcasts In News

You Might Also Like