416 episodes

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

Application Security Weekly (Video‪)‬ Security Weekly

    • News
    • 4.0 • 4 Ratings

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

    • video
    Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207

    Auth Problems from Parsing, Slack's Password Hashes, Twitter's Info Breach - ASW #207

    Nextauth.js account takeover due to parsing flaw, URL parsing flaw in Go's net/url, another path traversal, Slack exposes password hashes (whaaat!?), Twitter exposes 5.4 million accounts, ransomware and research against PyPI and GitHub, videos from fwd:cloudsec 2022.
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw207

    • 41 min
    • video
    Agility Broke AppSec. Now It's Going to Fix It - Chen Gour Arie - ASW #207

    Agility Broke AppSec. Now It's Going to Fix It - Chen Gour Arie - ASW #207

    In today's high-tech industries, security is struggling to keep up with rapidly changing production systems and the chaos that agile development introduces into workflows. Application security (AppSec) teams are fighting an uphill battle to gain visibility and control over their environments. Rather than invest their time in critical activities, teams are overwhelmed by gaps in visibility and tools to govern the process. As a result, many digital services remain improperly protected. In this episode, we plan to address and discuss the current state of AppSec, and point out a few common failure points. Afterwards we plan to discuss what agile AppSec looks like, and how a reorganization, and a shift in management strategy could greatly transform the field, and allow business to truly address the risk of under-protected software.
    Segment Resources:
    https://appsecmap.com/
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw207

    • 36 min
    • video
    Smart Lock and Simple Vulns, Macros and Secure Defaults, Breaches and Costs - ASW #206

    Smart Lock and Simple Vulns, Macros and Secure Defaults, Breaches and Costs - ASW #206

    Multiple vulns in a smart lock, Office Macros finally disabled by default, data breach costs and threat modeling, designing migration paths for 2FA
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw206

    • 36 min
    • video
    Reachability & Attackability - Manish Gupta - ASW #206

    Reachability & Attackability - Manish Gupta - ASW #206

    A discussion of how the changes and advancements in static application security testing (SAST) and intelligent software composition analysis (SCA) have helped development and DevSecOps teams work better together to fix security issues faster. 
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw206

    • video
    Atlassian Vuln, Attacking OAuth, OpenSSF Security Audits, Tabletop Exercises - ASW #205

    Atlassian Vuln, Attacking OAuth, OpenSSF Security Audits, Tabletop Exercises - ASW #205

    Vuln in an Atlassian Confluence app, "Dirty Dancing" in OAuth flows, security audits of sigstore and slf4j, flaws in fleet management app, conducting tabletop exercises.
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw205

    • 40 min
    • video
    How to Build a Successful Continuous Application Security Program - Ferruh Mavituna - ASW #205

    How to Build a Successful Continuous Application Security Program - Ferruh Mavituna - ASW #205

    Pressured by the speed of innovation, organizations are struggling to achieve the continuous web application security they need in the face of mounting threats and compliance requirements. What does it take in order for your AppSec program to be both effective and agile? In this segment, Ferruh Mavituna, founder and strategic advisor of Invicti Security, discusses best practices to help you implement an effective, agile, and – most importantly – continuous approach to application security.
     
    This segment is sponsored by Invicti. Visit https://securityweekly.com/invicti to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw205

    • 36 min

Customer Reviews

4.0 out of 5
4 Ratings

4 Ratings

jdtangney ,

Occasional good content

Keith occasionally has something worth saying, but he lacks solid experience with hardcore software development, and knows almost nothing about lean/agile. He approaches software like an operations problem.

Paul is unpleasant to listen to and seldom adds anything of value. I wouild not listent to this podcast at all if Paul was the only contributor.

This week's episode is particularlt vexing, as the bros bray on about American Football. Please find another forum for that. Your listeners are here to bone up on AppSec.

Top Podcasts In News

The New York Times
NPR
Crooked Media
The Daily Wire
Cumulus Podcast Network | Dan Bongino
Rachel Maddow, MSNBC

You Might Also Like

Chris Romeo and Robert Hurlbut
Jerry Bell and Andrew Kalat
CyberWire, Inc.
Johannes B. Ullrich
Jack Rhysider
TWiT