Absolute AppSec

Ken Johnson and Seth Law
  • 4.9 (17)
  • TECHNOLOGY
  • UPDATED WEEKLY
Absolute AppSec

A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.

  1. 1D AGO

    Episode 292 - Manual Source Code Review, AI Slop in Bug Bounties, AppSec Authorization

    Seth and Ken are _back_ to talk through some recent experiences and news across the industry. To start the episode, Seth highlights the edge cases uncovered during manual code review that require context to understand and identify. Inspired by recent a recent post on AI Slop in the curl bug bounty program, the duo addresses the increase of slop across bug bounty reports and why it happens. Finally, a discussion on McDonald's recent authorization flaw that potentially exposed millions of job applicant's data.

  2. JUL 8

    Episode 291 - w/ Sean Varga - OWASP Top 10 of AppSec Sales

    Sean Varga, current regional sales manager with noted ASPM company Cycode joins Ken (@cktricky) and Seth (@sethlaw) to discuss the dawning realization organizations are having that they need AppSec experience and tech help to accompany their swelling numbers of developers. Sean's introduces "the OWASP Top 10 for AppSec Sales" to the community Before joining Cycode, Sean worked as Large Enterprise Sales Manager at Apiiro and Enterprise Account executive at Secure Code Warrior. He's also had stints at Veracode, Quest Software, and RSA across his career. We'll get to know Sean and his journey into AppSec, as well as getting his insights on the direction he sees things going moving forward. Connect with or follow Sean on LinkedIn to see what he's up to in the meantime: https://www.linkedin.com/in/sean-varga/

  3. JUL 1

    Episode 290 - Authentication Fatigue, Browser AI Agents

    Ken returns after a week's hiatus to review the latest AppSec news with Seth. Specifically, the idea that authentication fatigue exists for both consumers and developers. The amount of choice to implement security controls can have unintended consequences and introduces risk that may or may not be considered. This is followed by research from SquareX that claims Browser AI Agents are riskier and easier to target than employees. This results in opinions on phishing and protections against consumer/business targeting by attackers.

  4. JUN 24

    Episode 289 - Return of @lojikil - Context Matters

    With @cktricky out on a grand tour across the country (or just unable to record for the day), @sethlaw succumbs to the dark side to give @lojikil a platform to talk about recent developments in the application security world. Specifically, a discussion on vulnerability data and scoring mechanisms, including CVE, CVSS, CWSS, and other acronyms. Wraps up with a longer discussion on the use of AI across multiple disciplines and provenance of AI Slop.

  5. JUN 17

    Episode 288 - Security and AI

    Seth and Ken return with an in-depth discussion around the future of security due to use of AI. The landscape of security is changing quickly and we do not know where it is headed. As such, it is worth exploring how it has changed security's outlook and what we are seeing across organizations from a consulting and product perspective. A recent article from a16z titled "Next-Gen Pentesting: AI Empowers the Good Guys" is a good summary of the changes happening. A short aside on unintended consequences when introducing new browser features.

  6. JUN 10

    Episode 287 - w/ Hayden Smith (Hunted Labs) - Open Source Dependency Threats

    Hayden Smith, Hunted Labs Co-Founder comes on Absolute AppSec to discuss, among other things, the Hunted Labs work discovering and publicizing the EasyJson software supply chain threat. Before co-founding Hunted Labs, Hayden was Senior Director of Field Services at Anchore, assisting US government, intelligence, and Fortune 500 clients. Long a specialist on supply-chain issues, Smith established the DoD's Platform One software factory, designed container-hardening pipelines securing 500+ Iron Bank images, and led Anchore solutions architects. Previously, he also worked at Booz Allen Hamilton where he supported US government and intelligence clients on cybersecurity/DevOps, and led the cybersecurity team testing the US Air Force's GPS OCX. Seth and Ken discuss some of Hayden's path into the security industry as well as Hunted Labs' report on the EasyJson software supply-chain threat. Read up here for more information: https://huntedlabs.com/exclusive-threat-report/

  7. MAY 20

    Episode 286 - Kayra Otaner - Authenticating Open Source Developers

    We are happy to have Kayra Otaner as a special guest on the Absolute AppSec podcast. Kayra (kayraotaner on LinkedIn and X/twitter), the current Director of DevSecOps at Roche, brings over 15 years of cybersecurity leadership experience from New York and Wall Street. He's led DevSecOps and DevOps teams across a variety of organizations, including ADP, Voice, and adMarketplace, and has served as a trusted CTO advisor for Trendyol. His background also includes cybersecurity consulting for the Turkish Navy, where he helped develop a defense solution that was later deployed in NATO's Locked Shields cyber defense war games in Tallinn. Kayra is a frequent speaker at international DevSecOps conferences and serves on the Business and Computer Science Advisory Board at Middlesex County College in New Jersey. During this episode of the podcast Kayra discusses his journey into information security and spurs on his recent thoughts on authenticating open source developers through models similar to TSA PreCheck.

  8. MAY 13

    Episode 285 - easyjson, Software Dependencies, Breaches

    News this week has been dominated by dependency issues and attribution towards unwanted nation states and actors. Specifically, easyjson is developed by a Russian firm that is under sanctions. The podcast duo discuss the implications and how to protect apps from sub-dependency threats. This leads to a deep dive into breaches and whether a breach has an effect on the industry, company, or individual. Current regulations and certifications can be lost, but does not always have the effect we would expect.

See All (292)

Ratings & Reviews

4.9
out of 5
17 Ratings

About

A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.

Information

  • Creator
    Ken Johnson and Seth Law
  • Years Active
    2018 - 2025
  • Episodes
    292
  • Rating
    Clean
  • Show Website
    Absolute AppSec

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada