A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Episode Ep. 152 - Breaches, Symbolic Execution, Dynamic vs. Static Assessments
Gobble gobble! It is that time of the year again to stuff our faces... WITH APPSEC! A discussion on breach notification related to the recent GoDaddy disclosure. Understanding symbolic execution with trail of bits. The differences of dynamic and static assessments and why both are important.
Episode Ep. 151 - Secure Code Review, Software Interdependency
Ahem, Seth and Ken return with a live code review of a recently seen authentication routine. A discussion of software interdependence and the issues it creates (such as SSRF). In other words, 151 and not even the rum... sigh. Well somehow these clowns are still allowed on YouTube so stay tuned for another episode I guess or whatever. Or don't, who cares. Worst. Internship. Ever.
Episode Ep. 150 - Jerry Gamblin - NVD CVEs, Vulnerability Disclosure, Burp Cert
Jerry Gamblin makes a return to the podcast to talk about recent events in Missouri and how _not_ to respond to responsible vulnerability disclosure. A discussion on the increase of CVEs showing up in the National Vulnerability Database, how Kenna was acquired by Cisco, and Portswigger's new Burp Suite Certificate.
Episode Ep. 149 - Burnout, AppSec News Sources
Just two old men bi***ing and moaning about App Sec and the price of a good pair of New Balances. Real discussion on dealing with burnout and imposter syndrome. How to stay engaged and interested when the excitement becomes mundane.
Episode Ep. 148 - Facebook, Phrack, Paved Path
Strange things are afoot at the Circle K. Facebook outage and BGP routing. A new issue of phrack released on Oct 5 results a discussion on the good ol' days, BBSes, and the commercialization of security. Finally, thoughts on paved paths and how they affect security.
Episode Ep. 147 - James Kettle (@albinowax), Security Research
The one and only James Kettle (@albinowax) of Portswigger joins Seth and Ken to talk about his path into security, HTTP request smuggling, and how to perform security research.