354 episodes

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

Application Security Weekly (Video‪)‬ Security Weekly

    • News
    • 4.0 • 4 Ratings

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

    • video
    Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176

    Bug Bounties in Windows/WebKit, Edge Hardening, OAuth Hardening, & GoDaddy Breach - ASW #176

    This week in the AppSec News: Bug bounty payout practices, Edge goes super duper secure mode, WebKit CSP flaw has consequences for OAuth, GoDaddy breach, vuln in MediaTek audio DSP, & more!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw176

    • 38 min
    • video
    Solving Systemic Risk in Software Development - Chris Wysopal - ASW #176

    Solving Systemic Risk in Software Development - Chris Wysopal - ASW #176

    In today’s session Chris Wysopal will address a number of topics with Mike, including systemic risk in software development and how developers and security teams can work together to meet common goals and solve the speed vs. security dilemma. Specifically, they’ll discuss processes for fixing more vulnerabilities faster and tools for ensuring developer success. And they’ll talk about improving the overall maturity of DevOps teams through good development practices, good testing, remediation, and training.
     
    Segment Resources:
    - Veracode State of Sofware Security v11 https://www.veracode.com/state-of-software-security-report
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw176

    • 37 min
    • video
    CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175

    CVEs 4 CSPs, Malicious PyPi, Bounty Programs, Shared Responsibility, & Breach Costs - ASW #175

    This week in the AppSec News: What would CVEs for CSPs look like, clever C2 in malicious Python packages, diversity in bounty programs, shared responsibility and secure defaults, breach costs to influence AppSec programs!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw175

    • 35 min
    • video
    wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175

    wasmCloud - Distributed Computing With WebAssembly - Liam Randall - ASW #175

    CNCF wasmCloud helps developers to build distributed microservices in WebAssembly that they can run across clouds, browsers, and everywhere securely.
     
    Segment Resources:
    - https://webassembly.org/
    - https://wasmcloud.com/
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw175

    • 34 min
    • video
    PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174

    PAN-OS Vuln, ChaosDB, Fuzzing BusyBox, Refactoring in Rust, HTML Smuggling - ASW #174

    In the AppSec news: Disclosure decisions and CVE-2021-3064, technical details behind ChaosDB in Azure, fuzzing BusyBox, Prossimo and Rust, vulns in Nucleus RTOS, & HTML smuggling!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw174

    • 38 min
    • video
    Mobile Application Security - Ryan Lloyd - ASW #174

    Mobile Application Security - Ryan Lloyd - ASW #174

    Mobile applications have a unique attack surface. The tools and techniques being used to compromise these environments are constantly evolving. We'll talk about how to harden mobile apps against modern threats.
    This segment is sponsored by Guardsquare. Visit https://securityweekly.com/quardsquare to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw174

    • 32 min

Customer Reviews

4.0 out of 5
4 Ratings

4 Ratings

jdtangney ,

Occasional good content

Keith occasionally has something worth saying, but he lacks solid experience with hardcore software development, and knows almost nothing about lean/agile. He approaches software like an operations problem.

Paul is unpleasant to listen to and seldom adds anything of value. I wouild not listent to this podcast at all if Paul was the only contributor.

This week's episode is particularlt vexing, as the bros bray on about American Football. Please find another forum for that. Your listeners are here to bone up on AppSec.

Top Podcasts In News

You Might Also Like