![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
595 episodes
![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
Application Security Weekly (Video) Security Weekly
-
- News
-
-
4.2 • 5 Ratings
-
The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.
Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.
-
- video
SAPwned, Squarespace Domain Hijacks, AIs Fixing Code, Infosec Investments - ASW #292
SAPwned demonstrates tenets of tenant isolation, a weak login flow puts Squarespace domains at risk, how AIs might (or might not) be useful for fixing code, getting buy-in for infosec investments, and more!
Show Notes: https://securityweekly.com/asw-292 -
- video
Where Generative AI Can Actually Help Security (And Where It Doesn't) - Allie Mellen, Farshad Abasi - ASW #292
Generative AI has produced impressive chatbots and content generation, but however fun or impressive those might be, they don't always translate to value for appsec. Allie brings some realistic expectations to how genAI is used by attackers and can be useful to defenders.
Segment resources:
https://www.forrester.com/blogs/generative-ai-will-not-fulfill-your-autonomous-soc-hopes-or-even-your-demo-dreams/ https://www.forrester.com/blogs/top-5-things-you-need-to-know-about-how-generative-ai-is-used-in-security-tools/ https://www.forrester.com/blogs/the-blob-is-poisoning-the-security-industry/ Show Notes: https://securityweekly.com/asw-292 -
- video
A 2024 Appsec Report, Preparing for the AIxCC, Secure Design and Post-Quantum Crypto - ASW #291
Cloudflare's 2024 appsec report, reasoning about the Cyber Reasoning Systems for the upcoming AIxCC semifinals at DEF CON, lessons in secure design from post-quantum cryptography, and more!
Show Notes: https://securityweekly.com/asw-291 -
- video
Producing Secure Code by Leveraging AI - Stuart McClure - ASW #291
How can LLMs be valuable to developers as an assistant in finding and fixing insecure code? There are a lot of implications in trusting AI or LLMs to not only find vulns, but in producing code that fixes an underlying problem without changing an app's intended behavior. Stuart McClure explains how combining LLMs with agents and RAGs helps make AI-influenced tools more effective and useful in the context that developers need -- writing secure code.
Show Notes: https://securityweekly.com/asw-291 -
- video
State Of Application Security 2024 - Sandy Carielli, Janet Worthington - ASW #290
Sandy Carielli and Janet Worthington, authors of the State Of Application Security 2024 report, join us to discuss their findings on trends this year! Old vulns, more bots, and more targeted supply chain attacks -- we should be better at this by now. We talk about where secure design fits into all this why appsec needs to accelerate to ludicrous speed.
Segment resources
https://www.forrester.com/blogs/ludicrous-speed-because-light-speed-is-too-slow-to-secure-your-apps/ They're also conducting a survey on how orgs use Top 10 lists. Provide your response at https://forrester.co1.qualtrics.com/jfe/form/SV_9Z7ARUQjuzNQf0q Show Notes: https://securityweekly.com/asw-290 -
- video
Polyfill Empties Trust, regreSSHion, CocoaPods Vulns & Secure Design, LLM Bughunters - ASW #290
Polyfill loses trust after CDN misuse, an OpenSSH flaw reappears, how to talk about secure design from some old CocoaPods vulns, using LLMs to find bugs, Burp Proxy gets more investment, and more!
Show Notes: https://securityweekly.com/asw-290
Customer Reviews
Occasional good content
Keith occasionally has something worth saying, but he lacks solid experience with hardcore software development, and knows almost nothing about lean/agile. He approaches software like an operations problem.
Paul is unpleasant to listen to and seldom adds anything of value. I wouild not listent to this podcast at all if Paul was the only contributor.
This week's episode is particularlt vexing, as the bros bray on about American Football. Please find another forum for that. Your listeners are here to bone up on AppSec.