119 episodes

Absolute AppSec Ken Johnson and Seth Law

- Technology
- 4.8 • 12 Ratings

A weekly podcast of all things application security related. Hosted by Ken Johnson and Seth Law.

- DEC 22, 2020
Episode 117: Solarwinds, Timing Attacks, Threat Dragon

Episode 117: Solarwinds, Timing Attacks, Threat Dragon

The dynamic duo is back for their last podcast of 2020!
- NOV 24, 2020
Episode 116: Lewis Ardern and Pwnfunction - Client-Side JavaScript Security

Episode 116: Lewis Ardern and Pwnfunction - Client-Side JavaScript Security

Lewis Ardern (@LewisArdern) and Pwnfunction (@pwnfunction) join Seth and Ken to talk client-side JavaScript security and their recent Vue JS blog post. https://portswigger.net/research/evading-defences-using-vuejs-script-gadgets
- NOV 17, 2020
Episode 115: Clint Gibler - Static Analysis with Semgrep

Episode 115: Clint Gibler - Static Analysis with Semgrep

Clint Gibler (@clintgibler) joins Seth and Ken to talk about Static Analysis with Semgrep. Demonstrations of writing rules within Semgrep and how to use it.
- NOV 10, 2020
Episode 114: Account Enumeration, Github Actions

Episode 114: Account Enumeration, Github Actions

Seth and Ken discuss account enumeration vulnerabilities and open source tools that take advantage of them. Discussion about the recent Github Actions vulnerability.
- OCT 27, 2020
Episode 113: Jacob Salassi - Modeling Threats, Risk Assessment

Episode 113: Jacob Salassi - Modeling Threats, Risk Assessment

Jacob Salassi (@JacobSalassi) joins us to discuss his developer-driven, standardized, threat modeling process. Also discussions on developer empathy, risk assessment, and other topics.
- OCT 20, 2020
Episode 112: Mark Feferman - Static Analysis Tools

Episode 112: Mark Feferman - Static Analysis Tools

Mark Feferman (@mfeferman) joins Seth and Ken to throw down about automated static analysis tools. Discussion of applictaion security talent (or lack thereof) and 'shifting left'.