186 episodes

A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.

Absolute AppSec Ken Johnson and Seth Law

    • Technology
    • 4.8 • 13 Ratings

A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.

    Episode 186 - Security Trainings, Web3 Bounties, MFA

    Episode 186 - Security Trainings, Web3 Bounties, MFA

    Ken is back in the land of the living, so of course he and Seth dig into the current state of information security training, how SCORM is the worst for developer training, and what goes into creating and teaching a course. Discussions on bug bounties in the web3/defi space and the nature of payouts. Finally, a discussion on MFA fatigue and how theoretical attacks have become reality.

    Episode 185 - Daniel Ting (hoodiepony) - Breaches, Optus, Uber

    Episode 185 - Daniel Ting (hoodiepony) - Breaches, Optus, Uber

    Ken (cktricky) is out sick today, so Seth is joined by Daniel (https://twitter.com/hoodiepony) from Australia to talk about recent breaches. Specifically, the recent breach of Optus in Australia has led to the exposure of about 10 million identity records. Daniel and Seth reference the recent Optus and Uber breaches to discuss weaknesses in identity protection, access control, and data disclosure.

    Episode 184 - Sources, Payloads, Patreon, Ethereum, Starbucks

    Episode 184 - Sources, Payloads, Patreon, Ethereum, Starbucks

    Ken is back to lead a discussion on identification of interesting sources for the podcast and specifically how XSS just is not as interesting to him and Seth as it was a decade ago. A new project for analyzing and bypassing 403 responses from proxies and WAFs. Opinions on Patreon's recent layoffs and hot takes around security issues. Finally, web3-related topics of the recently-complete Ethereum merge along with Starbucks NFTs.

    Episode 183 - Information Warfare w/LegendaryPatMan

    Episode 183 - Information Warfare w/LegendaryPatMan

    Ken is away, so Loji comes to play. Absolute AppSec is hosted this week by Seth and Stefan (@lojikil) to go outside the normal topics of application security to address questions about information warfare, Ukraine, and propaganda with Stefan Edwards (@lojikil) and @LegendaryPatMan.

    Episode 182 - Twitter, LastPass, Testing Edge Cases

    Episode 182 - Twitter, LastPass, Testing Edge Cases

    A late decision to record an episode this week after thinking it would be scratched due to life ended up with a long discussion on the recent Twitter drama and whistleblower revelations around their security problems. Both Seth and Ken express opinions about disclosures and building out security programs. Further discussion on password managers and LastPass breach. Finally, a bug bounty report shows the importance of testing edge cases and using a bounty program to supplement integration testing.

    Episode 181 - (Post DEFCON)

    Episode 181 - (Post DEFCON)

    Finally returned from the wasteland that is Las Vegas, or at least the fun that is #hackersummercamp and #defcon30, Ken and Seth break down their different experiences and impressions from the conference, including training. A discussion on in-app browsers for mobile applications and how they are bad and should feel bad. Finally, encoding of malicious strings in DNA, of all things.

Customer Reviews

4.8 out of 5
13 Ratings

13 Ratings

You Might Also Like

Chris Romeo and Robert Hurlbut
Cybereason
CyberWire, Inc.
Jack Rhysider
Graham Cluley & Carole Theriault
The Record by Recorded Future