557 episodes

The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.

Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.

Application Security Weekly (Video‪)‬ Security Weekly

    • News
    • 4.2 • 5 Ratings

The Application Security Weekly podcast delivers interviews and news from the worlds of AppSec, DevOps, DevSecOps, and all the other ways people find and fix software flaws.

Join hosts Mike Shema, John Kinsella, and Akira Brand on a journey through modern security practices for apps, clouds, containers, and more.

    • video
    PrintListener, Post-Quantum Crypto in iMessage, Silent Sabotage, Rust Survey Results - ASW #274

    PrintListener, Post-Quantum Crypto in iMessage, Silent Sabotage, Rust Survey Results - ASW #274

    PrintListener recreates fingerprints, iMessage updates key handling for a PQ3 rating, Silent Sabotage shows supply chain subterfuge against AI models, 2023 Rust survey results, the ways genAI might help developers, and more!
    Show Notes: https://securityweekly.com/asw-274

    • 22 min
    • video
    Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274

    Creating the Secure Pipeline Verification Standard - Farshad Abasi - ASW #274

    Farshad Abasi joins us again to talk about creating a new OWASP project, the Secure Pipeline Verification Standard. (Bonus points for not being a top ten list!) We talk about what it takes to pitch a new project and the problems that this new project is trying to solve. For this kind of project to be successful -- as in making a positive impact to how software is built -- it's important to not only identify the right audience, but craft guidance in a way that's understandable and achievable for that audience. This is also a chance to learn more about a project in its early days and the opportunities for participating in its development!
    Segment resources
    https://github.com/OWASP/www-project-secure-pipeline-verification-standard--spvs- (coming soon!) Show Notes: https://securityweekly.com/asw-274

    • 34 min
    • video
    Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW Vault

    Redefining Threat Modeling - Security Team Goes on Vacation - Jeevan Singh - ASW Vault

    Check out this interview from the ASW Vault, hand picked by main host Mike Shema! This segment was originally published on Dec 13, 2022.
    Threat modeling is an important part of a security program, but as companies grow you will choose which features you want to threat model or become a bottleneck. What if I told you, you can have your cake and eat it too. It is possible to scale your program and deliver higher quality threat models.
    Segment Resources: - Original blog: https://segment.com/blog/redefining-threat-modeling/ - Open Sourced slides: https://github.com/segmentio/threat-modeling-training
    Show Notes: https://securityweekly.com/vault-asw-8

    • 38 min
    • video
    Creating Code Security Through Better Visibility - Christien Rioux - ASW #273

    Creating Code Security Through Better Visibility - Christien Rioux - ASW #273

    We've been scanning code for decades. Sometimes scanning works well -- it finds meaningful flaws to fix. Sometimes it distracts us with false positives. Sometimes it burdens us with too many issues. We talk about finding a scanning strategy that works well and what the definition of "works well" should even be.
    Segment Resources:
    https://www.lacework.com/blog/introducing-a-new-approach-to-code-security/ Show Notes: https://securityweekly.com/asw-273

    • 45 min
    • video
    LLMs & Security Tools, Shim Vuln, AI Threat Models, Configuration as Code with Pkl - ASW #273

    LLMs & Security Tools, Shim Vuln, AI Threat Models, Configuration as Code with Pkl - ASW #273

    LLMs improve fuzzing coverage, the Shim vuln threatens Linux secure boot, considering AI application threat models, a new language for a configuration file format, and more!
    Show Notes: https://securityweekly.com/asw-273

    • 38 min
    • video
    Sorting Out Glibc Vulns, Apple's Security Research Device, BoringSSL, Old C Vulns - ASW #272

    Sorting Out Glibc Vulns, Apple's Security Research Device, BoringSSL, Old C Vulns - ASW #272

    Qualys discloses syslog and qsort vulns in glibc, Apple's jailbroken iPhone for security researchers, moving away from OpenSSL, what an ancient vuln in image parsing can teach us today, and more!
    Show Notes: https://securityweekly.com/asw-272

    • 36 min

Customer Reviews

4.2 out of 5
5 Ratings

5 Ratings

jdtangney ,

Occasional good content

Keith occasionally has something worth saying, but he lacks solid experience with hardcore software development, and knows almost nothing about lean/agile. He approaches software like an operations problem.

Paul is unpleasant to listen to and seldom adds anything of value. I wouild not listent to this podcast at all if Paul was the only contributor.

This week's episode is particularlt vexing, as the bros bray on about American Football. Please find another forum for that. Your listeners are here to bone up on AppSec.

Top Podcasts In News

The New York Times
NPR
The Daily Wire
SiriusXM
Crooked Media
Cumulus Podcast Network | Dan Bongino

You Might Also Like

Malicious Life
Chris Romeo and Robert Hurlbut
Johannes B. Ullrich
Graham Cluley & Carole Theriault
CISO Series
Michael Kennedy (@mkennedy)