160 episodes

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

Application Security Weekly (Audio‪)‬ Mike Shema, John Kinsella, Matt Alderman - Security Weekly

    • News
    • 4.9 • 8 Ratings

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

    Policy of Truth - ASW #159

    Policy of Truth - ASW #159

    This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva, to discuss Navigating the seas of security in serverless functions!
    In the AppSec News: CWE releases the top 25 vulns for 2021, findings bugs in similar code, Sequoia vuln in the Linux kernel, Twitter transparency for account security, a future for cloud security, & more!
     
    Show Notes: https://securityweekly.com/asw159
    Segment Resources:
    Details on Imperva Serverless Protection: https://www.imperva.com/company/press_releases/imperva-launches-new-product-to-secure-serverless-functions-with-visibility-into-the-application-layer-code-level-vulnerabilities/
    Free trial of the product: https://www.imperva.com/serverless-protection-demo
    Visit https://securityweekly.com/imperva to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly

    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 14 min
    Fall On Our Sword - ASW #158

    Fall On Our Sword - ASW #158

    This week, we welcome David DeSanto, Senior Director, Product Management, Dev & Sec at Gitlab! In the wake of events such as the Solarwinds breach, there has been a lot of misinformation about the role of open source in DevSecOps. GitLab believes everyone benefits when everyone can contribute. Open source plays a key role in how GitLab addresses DevSecOps. We will discuss GitLab's view of the role of open source in DevSecOps including recent contributions to the open source community as well as GitLab's plans for the future.
     
    In the AppSec News: Security from code comments, visualizing decision trees, bypassing Windows Hello, security analysis of Telegram, paying for patient bug bounty programs, cloud risks, & more!
     
    Show Notes: https://securityweekly.com/asw158
    Visit https://securityweekly.com/gitlab to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 15 min
    Drink Our Own Champagne - ASW #157

    Drink Our Own Champagne - ASW #157

    In the AppSec news, a password manager makes predictable mistakes, Trusted Types terminate DOM XSS, waking up from PrintNightmare, understanding hardware fault injections.
     
    The truth is, most web app and API security tools were designed for a very different era. A time before developers and security practitioners worked together, before applications were globally distributed and API-based. But attackers are developers too, and they aren’t bogged down by the limitations of legacy solutions. It’s never been more clear that it’s time for a change. Sean will outline new rules for web application and API security that respect the way modern applications are built.
     
    Show Notes: https://securityweekly.com/asw157
    https://www.fastly.com/blog/the-new-rules-for-web-application-and-api-security
    This segment is sponsored by Fastly. Visit https://securityweekly.com/fastly to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 12 min
    Everything Looks Crazy - ASW #156

    Everything Looks Crazy - ASW #156

    This week, we welcome Clint Gibler, Head of Security Research at r2c, to discuss Scaling Your Application Security Program! In the AppSec News: Visual Studio Code's Workplace Trust, Injured Android an insecure mobile app, Microsoft accidentally signed driver with rootkits, The NSA funds a new sister Matrix to ATT&CK: D3FEND, & "Ransomware: maybe it's you, not them?", and more!
     
    Show Notes: https://securityweekly.com/asw156
    Segment Resources:
    https://semgrep.dev/
    https://github.com/returntocorp/semgrep
    https://github.com/returntocorp/semgrep-rules
    2020 GlobalAppSec SF https://docs.google.com/presentation/d/14PjOViz2dE6iToOyoFk_BQ_RUfkEHGX-celIiybDQZA/edit
    https://tldrsec.com/
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 16 min
    Crawling Like a Human - ASW #155

    Crawling Like a Human - ASW #155

    This week, we welcome Nuno Loureiro & Tiago Mendo from Probely to discuss some Challenges of DAST Scanners, and their Adoption by Developers! Then, in the AppSec News John and Mike discuss: SLSA framework for supply chain integrity, Wi-Fi network of doom for iPhones, seven-year old systemd privesc, $30K for an API call, Codecov refactors from Bash, using the AST to refactor Python, shifting left and right, and more!
    This segment is sponsored by Probely.
    Visit https://securityweekly.com/probely to learn more about them!
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw155

    • 1 hr 14 min
    Dead Simple - ASW #154

    Dead Simple - ASW #154

    This week, we welcome Sebastian Deleersnyder, CTO at Toreon, to talk about OWASP SAMM - Software Assurance Maturity Model! In the AppSec News, Mike and John talk: ALPACA surveys protocol confusion, lessons from the EA breach, forgotten lessons about sprintf, Go fuzzing goes beta, security lessons from Kubernetes Goat, basic lessons for OT from CISA, & more!
     
    Show Notes: https://securityweekly.com/asw154
    Segment Resources:
    - https://owaspsamm.org/
    - https://github.com/OWASPsamm
    - https://app.slack.com/client/T04T40NHX/C0VF1EJGH
    - https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g
    - https://twitter.com/OwaspSAMM
    - https://www.linkedin.com/company/18910344/admin/
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 9 min

Customer Reviews

4.9 out of 5
8 Ratings

8 Ratings

jrod d ,

Great show

Best show I’ve found so far related to AppSec

Top Podcasts In News

Listeners Also Subscribed To