A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.
Episode 117: Solarwinds, Timing Attacks, Threat Dragon
The dynamic duo is back for their last podcast of 2020!
Episode 115: Clint Gibler - Static Analysis with Semgrep
Clint Gibler (@clintgibler) joins Seth and Ken to talk about Static Analysis with Semgrep. Demonstrations of writing rules within Semgrep and how to use it.
Episode 114: Account Enumeration, Github Actions
Seth and Ken discuss account enumeration vulnerabilities and open source tools that take advantage of them. Discussion about the recent Github Actions vulnerability.
Episode 113: Jacob Salassi - Modeling Threats, Risk Assessment
Jacob Salassi (@JacobSalassi) joins us to discuss his developer-driven, standardized, threat modeling process. Also discussions on developer empathy, risk assessment, and other topics.
Episode 112: Mark Feferman - Static Analysis Tools
Mark Feferman (@mfeferman) joins Seth and Ken to throw down about automated static analysis tools. Discussion of applictaion security talent (or lack thereof) and 'shifting left'.