246 episodes

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

Application Security Weekly (Video) Security Weekly

    • Tech News
    • 4.0 • 4 Ratings

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

    • video
    Project OneFuzz, Bluetooth Spoofing Bug, & Safeguarding Secrets - ASW #122

    Project OneFuzz, Bluetooth Spoofing Bug, & Safeguarding Secrets - ASW #122

    Microsoft announces new Project OneFuzz framework, an open source developer tool to find and fix bugs at scale, Bluetooth Spoofing Bug Affects Billions of IoT Devices, Firefox bug lets you hijack nearby mobile browsers via WiFi, Safeguarding Secrets Within the Pipeline, and more!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw122

    • 32 min
    • video
    Visualizing & Detecting Threats For Your Custom Application - Justin Massey - ASW #122

    Visualizing & Detecting Threats For Your Custom Application - Justin Massey - ASW #122

    Application logs are critical to DevOps teams for monitoring the performance and health of their apps. Those same logs are just as critical to understanding the security of apps, whether detecting attacks or responding to them. So, it's important that app logs contain the information needed for teams to collect useful signals and make informed decisions.
     
    This segment is sponsored by Datadog. Visit https://securityweekly.com/datadog to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw122

    • 40 min
    • video
    RCE via BACKBLAZE, Microsoft Patch Tuesday, & CRYLOGGER - ASW #121

    RCE via BACKBLAZE, Microsoft Patch Tuesday, & CRYLOGGER - ASW #121

    BLURtooth vulnerability lets attackers overwrite Bluetooth authentication keys, Microsoft Patch Tuesday, Sept. 2020 Edition, XSS->Fix->Bypass: 10000$ bounty in Google Maps, Academics find crypto bugs in 306 popular Android apps, none get patched, using CRYLOGGER to detect crypto misuses dynamically, Remote Code Execution as SYSTEM/root via Backblaze, and more!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw121

    • 36 min
    • video
    The People & Process of DevOps - Frank Catucci - ASW #121

    The People & Process of DevOps - Frank Catucci - ASW #121

    Developer friendly appsec; the people, process and culture of DevSecOps. The basics for some and struggles for others.
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw121

    • 36 min
    • video
    GitHub to Ruby 2.7, CISO Success, & Lessons From Uber - ASW #120

    GitHub to Ruby 2.7, CISO Success, & Lessons From Uber - ASW #120

    A Tale of Escaping a Hardened Docker container, Four More Bugs Patched in Microsoft’s Azure Sphere IoT Platform, Upgrading GitHub to Ruby 2.7, Upgrading GitHub to Ruby 2.7, Redefining What CISO Success Looks Like, and Lessons from Uber: Be crystal clear on the law and your bug bounty policies!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw120

    • 34 min
    • video
    Detecting Threats & Avoiding Misconfigs In The Cloud-Age - Marc Tremsal - ASW #120

    Detecting Threats & Avoiding Misconfigs In The Cloud-Age - Marc Tremsal - ASW #120

    What are challenges for companies moving to the cloud in forms of security? Marc Tremsal, Director of Product Management - Security at Datadog, will discuss these challenges and how he helps security teams overcome them throughout their cloud transformation.
     
    This segment is sponsored by Datadog. Visit https://securityweekly.com/datadog to learn more about them!
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw120

    • 37 min

Customer Reviews

4.0 out of 5
4 Ratings

4 Ratings

jdtangney ,

Occasional good content

Keith occasionally has something worth saying, but he lacks solid experience with hardcore software development, and knows almost nothing about lean/agile. He approaches software like an operations problem.

Paul is unpleasant to listen to and seldom adds anything of value. I wouild not listent to this podcast at all if Paul was the only contributor.

This week's episode is particularlt vexing, as the bros bray on about American Football. Please find another forum for that. Your listeners are here to bone up on AppSec.

Top Podcasts In Tech News

Listeners Also Subscribed To