266 episodes

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

Application Security Weekly (Video) Security Weekly

    • Tech News
    • 4.0 • 4 Ratings

Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.

    • video
    Top CyberSec Skills for 2021, Xbox Gamertag Bug, & MobileIron RCE Flaw - ASW #132

    Top CyberSec Skills for 2021, Xbox Gamertag Bug, & MobileIron RCE Flaw - ASW #132

    Xbox bug exposed email identities, focusing on prevention for your cloud security strategies, Amazon looking to hire more Rust developers, KubeCon continues push for security, and a DevOps reading list!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw132

    • 30 min
    • video
    Security Decisions During Application Development - Tim Mackey - ASW #132

    Security Decisions During Application Development - Tim Mackey - ASW #132

    The security of any application is a function of the decisions made during development. Measuring the risk of those decisions isn't something contained within a single tool, but instead requires a set of perspectives on how a "bad decision" can manifest itself in the security of the app.
     
    This segment is sponsored by Synopsys. Visit https://securityweekly.com/synopsys to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://securityweekly.com/asw132

    • 37 min
    • video
    Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper - ASW #131

    Drupal Flaws, DevSecOps Implementation, & Cloud Native Security White Paper - ASW #131

    In the Application Security News, a manifesto highlights principles and values for threat modeling, the CNCF releases a Cloud Native Security Whitepaper, Microsoft put security in the CPU with Pluton, mass scanning for secrets, ancient flaws resurface in Drupal, and steps for implementing source composition analysis!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw131

    • 31 min
    • video
    Threat Modeling Deep Dive - ASW #131

    Threat Modeling Deep Dive - ASW #131

    We threat model every day without realizing it. And, of course, we often threat model with systems and products within our organizations. So how formal does our approach need to be? How do we best guide the "what could go wrong" discussion with DevOps teams? And what's a sign that we're generating useful threat models?
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw131

    • 32 min
    • video
    'Platypus' Attack, IDOR DOD Bug, & 2 More Chrome 0-Days - ASW #130

    'Platypus' Attack, IDOR DOD Bug, & 2 More Chrome 0-Days - ASW #130

    In the Application Security News, The Platypus Attack Threatens Intel SGX, a Revitalized Attack Makes for Sad DNS, Bug Hunter Hits DOD With an IDOR, Steps for Devops, Testing in Prod, Two More Chrome Bugs, and Open Source K8s Tools From Capital One!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw130

    • 31 min
    • video
    Automated Hacker Knowledge - Rickard Carlsson - ASW #130

    Automated Hacker Knowledge - Rickard Carlsson - ASW #130

    In a fast-paced tech environment, keeping up with security research can be overwhelming for companies. Automation is a must to keep up - but you also need human ingenuity to make sure automation adds value and not noise. Combining software automation with the knowledge of elite hackers is the key to ensure both speed and relevance.
     
    This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them!
     
    Visit https://www.securityweekly.com/asw for all the latest episodes!
    Show Notes: https://wiki.securityweekly.com/asw130

    • 34 min

Customer Reviews

4.0 out of 5
4 Ratings

4 Ratings

jdtangney ,

Occasional good content

Keith occasionally has something worth saying, but he lacks solid experience with hardcore software development, and knows almost nothing about lean/agile. He approaches software like an operations problem.

Paul is unpleasant to listen to and seldom adds anything of value. I wouild not listent to this podcast at all if Paul was the only contributor.

This week's episode is particularlt vexing, as the bros bray on about American Football. Please find another forum for that. Your listeners are here to bone up on AppSec.

Top Podcasts In Tech News

Listeners Also Subscribed To