Application Security Weekly (Video)

Security Weekly
  • 4.8 (4)
  • TECH NEWS
  • UPDATED WEEKLY
Application Security Weekly (Video)

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

  1. QR Codes Replacing SMS, MS Pulls VSCode Extension, Threat Modeling, Bybit Hack - ASW #320

    9 HR. AGO · VIDEO

    QR Codes Replacing SMS, MS Pulls VSCode Extension, Threat Modeling, Bybit Hack - ASW #320

    Google replacing SMS with QR codes for authentication, MS pulls a VSCode extension due to red flags, threat modeling with TRAIL, threat modeling the Bybit hack, malicious models and malicious AMIs, and more! Show Notes: https://securityweekly.com/asw-320

    34 min
  2. Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320

    16 HR. AGO · VIDEO

    Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320

    Curl and libcurl are everywhere. Not only has the project maintained success for almost three decades now, but it's done that while being written in C. Daniel Stenberg talks about the challenges in dealing with appsec, the design philosophies that keep it secure, and fostering a community to create one of the most recognizable open source projects in the world. Segment Resources: https://daniel.haxx.se/blog/2025/01/23/cvss-is-dead-to-us/ https://daniel.haxx.se/blog/2024/01/02/the-i-in-llm-stands-for-intelligence/ https://thenewstack.io/curls-daniel-stenberg-on-securing-180000-lines-of-c-code/ Show Notes: https://securityweekly.com/asw-320

    35 min
  3. Regex DoS, LLM Backdoors, Secure AI Architectures, Rust Survey - ASW #319

    FEB 25 · VIDEO

    Regex DoS, LLM Backdoors, Secure AI Architectures, Rust Survey - ASW #319

    Applying forgivable vs. unforgivable criteria to reDoS vulns, what backdoors in LLMs mean for trust in building software, considering some secure AI architectures to minimize prompt injection impact, developer reactions to Rust, and more! Show Notes: https://securityweekly.com/asw-319

    36 min
  4. Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319

    FEB 25 · VIDEO

    Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319

    Minimizing latency, increasing performance, and reducing compile times are just a part of what makes a development environment better. Throw in useful tests and some useful security tools and you have an even better environment. Dan Moore talks about what motivates some developers to prefer a "local first" approach as we walk through what all of this means for security. Show Notes: https://securityweekly.com/asw-319

    34 min
  5. Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

    FEB 18 · VIDEO

    Top 10 Web Hacking Techniques of 2024 - James Kettle - ASW #318

    We're getting close to two full decades of celebrating web hacking techniques. James Kettle shares which was his favorite, why the list is important to the web hacking community, and what inspires the kind of research that makes it onto the list. We discuss why we keep seeing eternal flaws like XSS and SQL injection making these lists year after year and how clever research is still finding new attack surfaces in old technologies. But there's a lot of new web technology still to be examined, from HTTP/2 and HTTP/3 to WebAssembly. Segment Resources: Top 10, 2024: https://portswigger.net/research/top-10-web-hacking-techniques-of-2024 Full nomination list: https://portswigger.net/research/top-10-web-hacking-techniques-of-2024-nominations-open Project overview: https://portswigger.net/research/top-10-web-hacking-techniques Show Notes: https://securityweekly.com/asw-318

    45 min
  6. Unforgivable Vulns, DeepSeek iOS App Security Flaws, Memory Safety Standards - ASW #317

    FEB 11 · VIDEO

    Unforgivable Vulns, DeepSeek iOS App Security Flaws, Memory Safety Standards - ASW #317

    Identifying and eradicating unforgivable vulns, an unforgivable flaw (and a few others) in DeepSeek's iOS app, academics and industry looking to standardize principles and practices for memory safety, and more! Show Notes: https://securityweekly.com/asw-317

    36 min
  7. Code Scanning That Works With Your Code - Scott Norberg - ASW #317

    FEB 11 · VIDEO

    Code Scanning That Works With Your Code - Scott Norberg - ASW #317

    Code scanning is one of the oldest appsec practices. In many cases, simple grep patterns and some fancy regular expressions are enough to find many of the obvious software mistakes. Scott Norberg shares his experience with encountering code scanners that didn't find the .NET vuln classes he needed to find and why that led him to creating a scanner from scratch. We talk about some challenges in testing tools, making smart investments in engineering time, and why working with .NET's compiler made his decisions easier. Segment Resources: -https://github.com/ScottNorberg-NCG/CodeSheriff.NET Show Notes: https://securityweekly.com/asw-317

    37 min
  8. New SLAP & FLOP Attacks, OCSP Fades Away, DeepSeek's ClickHouse, OAuth 2.0 Security - ASW #316

    FEB 4 · VIDEO

    New SLAP & FLOP Attacks, OCSP Fades Away, DeepSeek's ClickHouse, OAuth 2.0 Security - ASW #316

    Speculative data flow attacks demonstrated against Apple chips with SLAP and FLOP, the design and implementation choices that led to OCSP's demise, an appsec angle on AI, updating the threat model and recommendations for implementing OAuth 2.0, and more! Show Notes: https://securityweekly.com/asw-316

    35 min
See All (646)

Ratings & Reviews

4.8
out of 5
4 Ratings

About

About all things AppSec, DevOps, and DevSecOps. Hosted by Mike Shema and John Kinsella, the podcast focuses on helping its audience find and fix software flaws effectively.

Information

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada