177 episodes

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

Application Security Weekly (Audio‪)‬ Mike Shema, John Kinsella, Matt Alderman - Security Weekly

    • News
    • 4.9 • 9 Ratings

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

    Cyber Monday - ASW #176

    Cyber Monday - ASW #176

    In today’s session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and security teams can work together to meet common goals and solve the speed vs. security dilemma. Specifically, they’ll discuss processes for fixing more vulnerabilities faster and tools for ensuring developer success. And they’ll talk about improving the overall maturity of DevOps teams through good development practices, good testing, remediation, and training. In the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more!
     
    Show Notes: https://securityweekly.com/asw176
    Segment Resources:
    Veracode State of Sofware Security v11 https://www.veracode.com/state-of-software-security-report
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 15 min
    Max Headroom - ASW #175

    Max Headroom - ASW #175

    This week, we welcome Liam Randall, CEO at Cosmonic, to talk about wasmCloud - Distributed Computing With WebAssembly! CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely! In the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!
     
    Show Notes: https://securityweekly.com/asw175
    Segment Resources:
    https://webassembly.org/
    https://wasmcloud.com/
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 9 min
    Eyes Open - ASW #174

    Eyes Open - ASW #174

    This week, we welcome Ryan Lloyd, Chief Product Officer at Guardsquare, to discuss Mobile Application Security! Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats. In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!
     
    Show Notes: https://securityweekly.com/asw174
    Visit https://securityweekly.com/guardsquare to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 10 min
    Schools of Magic - ASW #173

    Schools of Magic - ASW #173

    This week, Mike, John and Dan McKinney from Cloudsmith will be discussing SBOM and what that looks like for your applications. Other topics include: cloud-native tooling for your software supply chain, the history of provenance, GPG Keys & signing commits, package consumption, understanding threat modeling, and knowing the roles and responsibilities when it comes to security of your assets.
     
    In the AppSec News, Mike and John talk: Excel gains support for JavaScript data types and functions, arbitrary code execution in Linux kernel TIPC, more malware in npm packages, threat models and OTP/2FA bots, NIST Security Labels!
     
    Show Notes: https://securityweekly.com/asw173
    Visit https://securityweekly.com/cloudsmith to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 13 min
    Actual Secrets - ASW #172

    Actual Secrets - ASW #172

    This week, we welcome Peter Klimek, Director of Technology, Office of the CTO at Imperva! Peter will talk to the challenges he's hearing from customers and partners about managing the security of APIs and what considerations organizations need to make in 2022 to better protect these growing ecosystems. In the AppSec News, Mike & John talk: Discourse SNS webhook RCE, a checklist for a Minimum Viable Secure Product, WhatsApp security assessment, privacy engineering specialties, & DevOps presentations!
     
    Show Notes: https://securityweekly.com/asw172
    Visit https://securityweekly.com/imperva to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 16 min
    Horror Stories - ASW #171

    Horror Stories - ASW #171

    This week, we welcome Ashish Rajan, Head of Security & Podcast Host at Cloud Security Podcast, to discuss Security Champions in an Online First World! Ashish will talk about building a security champion in an online world and how SAST as it stands today will die in the world of DevOps and Cloud. This week in the AppSec News: Malware in the UAParser.js npm package, security vuln in Squirrel scripting language, a blueprint for securing software development, L0phtCrack now open source, appsec videos on Android exploitation, macOS security, & more!
     
    Show Notes: https://securityweekly.com/asw171
    Segment Resources:
    www.cloudsecuritypodcast.tv
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Follow us on Twitter: https://www.twitter.com/securityweekly
    Like us on Facebook: https://www.facebook.com/secweekly

    • 1 hr 14 min

Customer Reviews

4.9 out of 5
9 Ratings

9 Ratings

jrod d ,

Great show

Best show I’ve found so far related to AppSec

Top Podcasts In News

You Might Also Like